The Federal Trade Commission on Tuesday said it barred the developer of three "stalking" apps from selling the products until the company can ensure they're used legally.
Software maker Retina-X Studio and its owner, James N. Johns Jr., market security apps used to monitor employees and children. But federal regulators said the apps, called MobileSpy, PhoneSheriff and Teen Shield, were often installed by hackers without users' knowledge or consent.
Cybercriminals allegedly would bypass security measures on an Android or Apple phone and install Retina-X's apps, according to the FTC complaint. That allowed hackers to access private information, including login usernames and passwords, photos, contacts, geolocation data and online activity. The company reportedly sold more than 15,000 subscriptions to the three apps before the company stopped selling them last year.
The FTC said Retina-X failed to safeguard the data of minors, violating the Children's Online Privacy Protection Act.
"Although there may be legitimate reasons to track a phone, these apps were designed to run surreptitiously in the background and are uniquely suited to illegal and dangerous uses," Andrew Smith, director of the FTC's Bureau of Consumer Protection, said in a statement.
Beyond legitimate uses of such security technology, "stalkerware" is also often used by abusers to track people's physical movements in domestic violence situations, the FTC said.
In a statement, Retina-X's legal counsel Richard Newman said the company's "clients were the unfortunate victims of a skilled hacker" and thanked the FTC for its professionalism during the investigation.
Under the proposed settlement, Retina-X and Johns are required to destroy all data already collected from their monitoring services. They must also require purchasers to state they will use the app to monitor only children or employees, or an adult who has provided written consent.