Stalkerware Banned By The FTC Is Still Doing Plenty Of Stalking And Spying

There are all kinds of stalkerware out there. Some of it is actually deployed by government entities - like the spyware that infests computers used by remote workers and school students. Some of it is deployed by parents led to believe that if they don't shoulder surf by proxy, their kids will become the sort of degenerates that actively wonder where they'll get their next First Amendment fix.

But stalkerware is also used by truly evil people (rather than just altruistic people who err on the side of evil) to infiltrate the lives of people they want to control, giving themselves access to content and communications unaware phone owners believe is still private.

Even government intervention can't keep these malicious app developers (both the apps and the developers) from making people's lives miserable. As Zack Whittaker reports for TechCrunch (once the recipient of article removal demands from a different stalkerware developer), the Federal Trade Commission has been proven toothless in its battle against a developer of malicious snooping apps.

A year after it was banned by the Federal Trade Commission, a notorious phone surveillance company is back in all but name, a TechCrunch investigation has found.

A groundbreaking FTC order in 2021 banned the stalkerware app SpyFone, its parent company Support King, and its chief executive Scott Zuckerman from the surveillance industry. The order, unanimously approved by the regulator's five sitting commissioners, also demanded that Support King delete the phone data it illegally collected and notify victims that its app was secretly installed on their device.

The FTC ban forbade SpyFone and its CEO, Scott Zuckerman, from engaging in the stalkerware business. The Commission said SpyFone secretly harvested and shared data" on people's movements, phone use, and online activities while also allowing those deploying the spyware to eavesdrop on video chats and track targets in real time.

It was a first of its kind ban by the FTC. Unfortunately, it appears that being first is not the same thing as being effective. SpyFone and Scott Zuckerman continue to thrive, albeit under a new name. As Whittaker reports, SpyFone has seemingly become SpyTrac," allowing the company to continue selling stalkerware to the sort of people who buy stalkerware, with links to the banned CEO and product being obscured by the creation of new company.

According to the data and other public records seen by TechCrunch, SpyTrac is managed by developers who work for both Support King and an outfit of developers called Aztec Labs, which builds and maintains the SpyTrac stalkerware operation. Aztec Labs also maintains a near-identical Spanish-language stalkerware app called Espia Movil (which translates to spy mobile"), and another clone stalkerware app called StealthX Pro, the data shows.

Some of the data found on SpyTrac's server directly connects SpyTrac to Support King.

Server files examined by TechCruch show a set of Amazon Web Services keys that are shared between Support King and GovAssist, another site run by Support King CEO Scott Zuckerman. The same keys also allow cloud storage access for another stalkerware product, OneClickMonitor - one Zuckerman claims to have shut down when hit with the FTC ban.

Zuckerman claims to be doing nothing wrong. In addition to denying his current ventures are tied to his banned ventures via Amazon web services, he had this to say when reached for comment by TechCrunch:

In response, Zuckerman told TechCrunch: Neither I, nor any of my businesses, are affiliated with Aztec Labs, SpyTrac, or [the technical lead, who] worked as an independent contractor for Support King between June 2019 and October 2021. Nor do we have access to SpyTrac's servers."

This denial would have been a lot more credible if suspicious things didn't start happening immediately after this statement was made. First, TechCrunch was able to access SpyFone data that was supposed to be deleted to comply with the FTC's order. Then, shortly after sending its denial to TechCrunch, the servers Zuckerman claims to have no access to suddenly stopped functioning. The websites for Support King, SpyTrac, its Spanish language clone Espia Movil, and Aztec Labs, all ceased to function.

All of this would certainly suggest the possibility of Zuckerman and his various offerings/companies evading an FTC ban by using new company/product names and dabbling briefly in a far more innocuous service (GovAssist) in hopes of evading additional scrutiny. The FTC may have made history with its 2021 order, but unless it's willing (or capable) of performing the sort of due diligence TechCrunch has engaged in here, bans like these aren't even worth the pixels they're printed with.