Why the FTC Banned SpyFone’s Stalkerware Apps

How the SpyFone case shows the dangers of stalkerware, weak data security, and secret phone monitoring.

By Sneha Tete, Integrated MA, Certified Relationship Coach
Created on

The Federal Trade Commission’s action against SpyFone, a stalkerware app developer, is a landmark case for mobile privacy and consumer protection. The case shows how secret phone monitoring tools can be abused by stalkers and abusers, and how weak security practices can expose highly sensitive data to hackers and identity thieves.

This article explains what happened to SpyFone, why the FTC stepped in, how stalkerware works, and what you can do to protect yourself and the people around you from similar threats.

1. What Is Stalkerware and Why Is It So Dangerous?

Stalkerware is a category of spyware designed to be secretly installed on someone else’s phone or device. Once installed, the person who controls the app can monitor the device user’s activities without consent or knowledge.

Features commonly offered by stalkerware include:

  • Real-time GPS location tracking
  • Access to text messages and call logs
  • Viewing emails and instant messages
  • Reading web browsing history
  • Access to photos, videos, and files
  • Sometimes, remote access to the phone’s microphone or camera

Stalkerware is often advertised as a tool to watch over children or track employees. But authorities, advocates, and security researchers consistently warn that these tools are widely misused for intimate partner surveillance and domestic abuse.

2. The SpyFone Case in Brief

SpyFone was the brand name used by Support King, LLC, and its CEO, Scott Zuckerman, to sell Android-based surveillance apps and even mobile devices preloaded with monitoring software.

According to the FTC, SpyFone’s products allowed purchasers to secretly monitor another person’s device, and the company failed to implement basic safeguards to protect the data it collected.

Key Element Details (SpyFone Case)
Company Support King, LLC, operating as SpyFone.com
Core product Stalkerware apps and pre-loaded devices for secret monitoring
FTC’s main concerns Illegal secret surveillance and failure to secure sensitive data
Outcome Ban from surveillance business and deletion of illegally collected data
Read More

The Future of AI: Preventing a Big Tech Monopoly >

The Future of AI: Preventing a Big Tech Monopoly

3. How SpyFone’s Apps Worked

SpyFone marketed its apps as a way to watch over family or loved ones. In practice, the tools were built to be hidden and difficult for the phone’s owner to detect.

3.1 Secret Installation and Hiding the App

To install SpyFone on an Android device, the purchaser had to bypass several built-in security protections. Once installed, the app provided instructions on how to hide its presence so that the device user would not realize they were being monitored.

  • The app could be removed from app lists and icons hidden.
  • Some features relied on altering the device to gain deeper access, further obscuring what was going on.

3.2 Extensive Monitoring Capabilities

SpyFone’s tools allowed purchasers to access a wide range of personal information from the monitored device:

  • Physical location through continuous GPS tracking
  • Text messages, call logs, and sometimes content of communications
  • Emails and messaging app content (with specific configuration)
  • Web browsing history and app usage
  • Photos, videos, and stored files

The FTC described SpyFone’s offering as providing real-time access to a target’s digital life, giving stalkers and abusers a powerful tool to track and control victims.

3.3 Rooting and Bypassing Security

For some advanced features, SpyFone required users to obtain administrative privileges on the phone, often through a process known as rooting on Android devices.

  • Rooting can void warranties on the device.
  • It disables or weakens built-in security protections, increasing exposure to malware and other threats.
  • Once rooted, the device becomes easier for third parties to compromise.

SpyFone’s instructions encouraged this behavior, prioritizing surveillance capabilities over device safety.

4. FTC’s Findings: Privacy Violations and Security Failures

The FTC’s complaint and settlement order highlighted two major categories of misconduct: illegal secret surveillance and poor data security.

4.1 Illegal Secret Surveillance

The FTC alleged that SpyFone enabled users to secretly monitor people’s movements and communications without their knowledge or consent.

  • The apps were designed to be installed on another person’s device without disclosure.
  • The company failed to ensure the apps were used only for legitimate, lawful monitoring (such as with informed consent).
  • By design, the apps made it easy for stalkers and domestic abusers to track potential victims in real time.

The Commission emphasized that this type of business model poses serious risks to privacy, safety, and security.

4.2 Failure to Protect Collected Data

In addition to concerns about illegal monitoring, the FTC found that SpyFone did not take even basic steps to secure the sensitive information it collected:

  • Personal data, including photos, messages, and location data, was stored without proper encryption.
  • There were insufficient controls to ensure that only authorized users could access stored data.
  • Passwords were transmitted in plain text, exposing them to interception.

The FTC also cited a security incident in which a hacker accessed SpyFone’s servers and obtained personal data of thousands of individuals. The agency alleged that SpyFone failed to live up to its promises to thoroughly investigate and remediate the breach.

5. The Enforcement Action: What the FTC Ordered

The FTC’s enforcement action against SpyFone was significant because it went beyond fines or narrow restrictions. It sought to remove the company and its CEO from the commercial surveillance market entirely.

5.1 Surveillance Business Ban

Under the FTC’s order, Support King and its CEO were banned from:

  • Offering, promoting, selling, or advertising any surveillance app or service
  • Operating any business that enables covert monitoring of devices

This remedy reflects the Commission’s view that some surveillance-based business models are fundamentally incompatible with consumer protection and privacy standards when they rely on secrecy and non-consensual tracking.

5.2 Deletion of Illegally Collected Data

The FTC ordered SpyFone to delete any data that had been collected illegally through its stalkerware apps.

  • This included communications, location histories, and other personal information harvested from victims’ phones.
  • Deletion requirements reduce the long-term harm from past surveillance and limit the risk of further misuse or breaches.

5.3 Notifications to Device Owners

The company was required to notify people whose devices may have been monitored by SpyFone apps:

  • Informing them that the app may have been installed secretly
  • Warning that their device and accounts might no longer be secure
  • Encouraging steps to remove the app and restore security

These notifications are critical because many victims of stalkerware never realize they were being watched unless they receive a direct alert or consult an expert.

6. Why the SpyFone Case Matters Beyond One Company

SpyFone was only one of many stalkerware vendors operating in a growing market. The FTC’s action sends a broader message to app developers and platform operators.

  • Surveillance businesses are on notice: Designing apps for secret monitoring can trigger strong enforcement, including outright bans.
  • Security is not optional: Companies that collect highly sensitive data must implement robust safeguards or face regulatory action.
  • Domestic violence risks are central: Regulators now explicitly acknowledge the link between stalkerware and gender-based violence and are responding accordingly.

Advocacy groups have welcomed the case as a major win in efforts to combat stalkerware and protect victims of domestic abuse.

7. How to Protect Yourself from Stalkerware

While regulators can limit abusive companies, individuals still need practical strategies to protect their devices and accounts. Security experts and government agencies recommend a combination of technical and behavioral steps.

7.1 Warning Signs Your Phone May Be Monitored

Possible indicators of stalkerware include:

  • Battery draining much faster than usual without a clear reason
  • Unexplained spikes in data usage
  • Device running unusually hot or slow
  • Settings or permissions changing without your action
  • Other people knowing things about your location or communications that you never shared

None of these signs alone prove that stalkerware is installed, but together they may justify a closer look, ideally with help from a trusted expert or support organization.

7.2 Practical Steps to Reduce Your Risk

  • Keep your device with you whenever possible, especially in situations involving relationship conflict or past abuse.
  • Use strong screen locks (PINs, passwords, biometrics) and do not share them casually.
  • Update your operating system and apps regularly to patch security vulnerabilities.
  • Review installed apps and remove anything unfamiliar or suspicious, especially those with broad permissions.
  • Check accessibility and device admin permissions for apps that have deeper control than they should.
  • Avoid rooting or jailbreaking your device, which can weaken protection and create opportunities for stalkerware.

In cases of suspected abuse, experts often advise creating a safety plan before making major changes, because removing stalkerware may alert the abuser and escalate risk.

8. Legal and Ethical Boundaries of Monitoring

Monitoring technology is not inherently illegal. Parents, employers, and others may have lawful reasons to use monitoring tools, but there are strict boundaries:

  • Many jurisdictions require clear notice and consent for monitoring.
  • Secret surveillance of adults without consent may violate privacy, computer misuse, or wiretapping laws.
  • Using spyware as part of a pattern of control or abuse can contribute to criminal domestic violence or harassment charges.

The SpyFone action underscores that building a business around covert, non-consensual spying is fundamentally at odds with consumer protection law and public policy.

9. Frequently Asked Questions (FAQs)

Q1: Is it ever legal to use apps like SpyFone?

Some monitoring tools can be used lawfully in limited, transparent situations—such as parents monitoring minor children or organizations managing corporate-owned devices—provided applicable laws are followed and appropriate notice is given. However, tools designed and marketed for secret surveillance of another person’s private device, as in the SpyFone case, raise serious legal and ethical concerns and may be deemed unlawful by regulators.

Q2: How did the FTC’s order impact SpyFone’s customers?

Under the FTC’s order, SpyFone and its CEO were banned from the surveillance business and required to delete data collected illegally. They also had to notify people whose devices were monitored that the app may have been installed and that their devices might not be secure, allowing those individuals to take steps to protect themselves.

Q3: Could similar apps still be available under different names?

Yes. The FTC’s order applies specifically to Support King, LLC, and its CEO, not to every stalkerware developer. Many similar apps continue to operate. That is why regulators, advocacy groups, and security vendors stress the importance of awareness, technical safeguards, and continued enforcement against other companies that enable non-consensual surveillance.

Q4: What should I do if I think my phone has stalkerware?

If you suspect stalkerware, consider reaching out to a trusted domestic violence or digital security organization before making obvious changes. They can help you assess risk, preserve evidence if needed, and plan safe steps such as reviewing installed apps, changing passwords from a different device, backing up important data, and possibly resetting or replacing your phone.

Q5: How is this case different from normal data breaches?

Many data breaches involve unauthorized access to information collected for conventional services, such as online accounts or payment systems. In the SpyFone case, the underlying business model itself involved secretly harvesting intimate data from people who often did not know they were being monitored, and then failing to secure that data. The FTC treated both the covert surveillance and the weak security as serious violations.

References

  1. FTC Bans SpyFone and CEO from Surveillance Business and Orders Company to Delete All Secretly Stolen Data — Federal Trade Commission. 2021-09-01. https://www.ftc.gov/news-events/news/press-releases/2021/09/ftc-bans-spyfone-ceo-surveillance-business-orders-company-delete-all-secretly-stolen-data
  2. FTC Bans Stalkerware App Company from the Surveillance Business and Orders Company to Delete Any Illegally Collected Information — Hunton Andrews Kurth LLP. 2021-09-03. https://www.hunton.com/privacy-and-information-security-law/ftc-bans-stalkerware-app-company-from-the-surveillance-business-and-orders-company-to-delete-any-illegally-collected-information
  3. SpyFone barred from selling stalking apps that secretly monitor phone activity — Federal Trade Commission (Consumer Advice). 2021-09-01. https://consumer.ftc.gov/node/76932
  4. Victory! Federal Trade Commission Bans Stalkerware Company from Conducting Business — Electronic Frontier Foundation. 2021-09-01. https://www.eff.org/deeplinks/2021/09/victory-federal-trade-commission-bans-stalkerware-company-conducting-business
  5. FTC bans SpyFone and its CEO from continuing to sell stalkerware — Malwarebytes Labs. 2021-09-03. https://www.malwarebytes.com/blog/news/2021/09/ftc-bans-spyfone-and-its-ceo-from-continuing-to-sell-stalkerware
Sneha Tete
Sneha TeteBeauty & Lifestyle Writer
Sneha is a relationships and lifestyle writer with a strong foundation in applied linguistics and certified training in relationship coaching. She brings over five years of writing experience to waytolegal,  crafting thoughtful, research-driven content that empowers readers to build healthier relationships, boost emotional well-being, and embrace holistic living.

Read full bio of Sneha Tete