The US Federal Trade Commission has settled its first case against a company it said produced "stalking apps" and "stalkerware." Retina-X Studios developed and sold apps called MobileSpy, PhoneSheriff and TeenShield that secretly monitored people through their phones, Lisa Weintraub Schifferle, an
attorney, said in a blog post Tuesday.
The apps collected information, including text messages, photos, call logs, GPS locations and browser history, without the knowledge or consent of the phone's owner. Originally marketed for parents to keep track of children or for workplaces to keep tabs on employees, the FTC alleged the apps were used by abusers to track their victims' physical and online activities.
"To install the apps, purchasers often had to weaken the security protections on your smartphone (sometimes called jailbreaking or rooting)," Weintraub Schifferle wrote. "Once a purchaser installed the app on your phone, they could remove the icon, so you wouldn't know they were monitoring you."
The FTC had also alleged that the data, including children's information, wasn't kept confidential and safe by Retina-X Studios. The settlement states the company must ensure its apps are "used only for legitimate purposes," that all data it's collected so far be destroyed and that the company develop a better security program.
Think there might be stalkerware on your phone? The FTC said clues include the phone's battery draining faster than normal; unexplained charges on your bill; trouble turning off your phone; an abuser has physical access to the device; and that an abuser knows specific info about you.
You can also check to see if your phone has been jailbroken; reach out to law enforcement and domestic violence groups; and reset your phone or buy a new one, the FTC said.
On Wednesday, the Department of Homeland Security's cybersecurity arm, the Cybersecurity and Infrastructure Security Agency, repeated the FTC's warning of spyware being used maliciously.
"Get help. Law enforcement can determine if spyware is on your phone," the CISA recommended.
Originally published Oct. 22, 2:48 p.m. PT.
Update, Oct. 23: Adds update from the CISA.