The Federal Trade Commission (FTC) filed a lawsuit against Retina-X Studios, owner and developer of stalking apps that compromise the privacy and security consumers’ mobile devices.
In its complaint, the FTC alleged that Retina-X and its owner James Johns developed three stalking apps called MobileSpy, PhoneSheriff, and TeenShield. These apps monitored mobile devices on which they were installed.
The company sold more than 15,000 subscriptions to all three stalking apps before stopping selling them last year. Consumers bought the apps to monitor their children or employees.
The consumer watchdog alleged that the three stalking apps enabled purchasers to access sensitive information about device users including their physical movements and online activities. At the same time, the apps exposed the devices to security vulnerabilities.
Retina-X violated FTC Act, COPPA
Additionally, the FTC alleged that Retina-X and Mr. Johns failed to properly secure the information collected by the stalking apps from the mobile devices. The company also failed to adopt and implement reasonable information security policies and procedures, perform security testing of its apps, and conduct adequate oversight of its service providers.
Furthermore, the consumer watchdog alleged that the company falsely claimed that users’ private information is safe since a hacker gained access to its cloud storage twice between February 2017 and 2018.
Retina-X and Johns violated the FTC Act, which prohibits unfair and deceptive business practices. They also violated the Children’s Online Privacy Protection Act (COPPA), which requires operators to appropriately secure the information they collect from children under 13, according to the FTC.
In a statement, Andrew Smith, Director of the FTC’s Bureau of Consumer Protection, said, “This is our first action against a so-called ‘stalking app. Although there may be legitimate reasons to track a phone, these apps were designed to run surreptitiously in the background and are uniquely suited to illegal and dangerous uses. Under these circumstances, we will seek to hold app developers accountable for designing and marketing a dangerous product.”
FTC prohibits Retina-X from selling stalking apps
According to FTC, Retina-X and Mr. Johns agreed to settle the allegations against it.
Under the proposed settlement, the company is prohibited from selling apps that monitor mobile devices and require circumventing (jailbreaking or rooting) the security protections implemented by the operating system or manufacturer.
Before selling a monitoring product or service, Retina-X and its owner must obtain a written attestation from the purchases that it will use it for legitimate and lawful purposes by authorized users including:
- Parent monitoring a child
- Employer monitoring an employee who has provided express written consent to being monitored;
- Adult monitoring another adult who has provided express written consent to being monitored.