Stalker app maker Retina-X settles FTC charges – Naked Security

Spyware maker Retina-X Studio has settled charges brought by the Federal Trade Commission (FTC) about not keeping its products from being used as illegal stalking apps.

Retina-X, maker of the spyware tools PhoneSheriff, TeenShield, SniperSpy and Mobile Spy, threw in the towel on all that snooping in March 2018, putting the kibosh on the products as a result of two hacks: the first in April 2017 and the second in February 2018.

Those tools were used to track targets’ call logs (including deleted ones), text messages, photos, GPS locations, and browser histories, as well as to eavesdrop on victims, wherever they might be.

The hacker who claimed responsibility for the breaches said at the time that he got access to all that, but he didn’t post any of it online. He did, however, claim to have wiped some of the servers he’d been allegedly rooting around in.

Like we said after news of the second attack surfaced, even if you find spyware repugnant, it’s still illegal to hack the companies that make it, for good reason. The hacker wasn’t helping anybody, let alone surveillance victims. By telling others how he did it, putting out blueprints and encouraging them to do the same, he and other spyware-focused hackers put the victims at that much greater risk of having their personal data accessed, meaning they’re twice victimized. Besides, who’s to say that a hacker who claims not to have posted material isn’t lying?

At any rate, back to the FTC complaint: the FTC claimed that Retina-X wasn’t making sure that spyware purchasers were using it for legitimate purposes. In fact, to install the tools, spyware purchasers often had to weaken security protections on a targeted phone – i.e., to jailbreak or root the phone.

Once the spy had installed the app on their target’s phone, they could then remove the icon showing that it was there. Thus, the target wouldn’t know they were being monitored.

Even for legitimate users – i.e., those who are keeping track of activity on phones they own that are used by their children or by employees who are aware that they’re being monitored – the company failed to keep their data confidential and safe, the FTC charged.

The FTC said that the apps violated the Children’s Online Privacy Protection Act (COPPA), which requires operators to protect the confidentiality, security, and integrity of personal information collected from children under the age of 13. The FTC also says that Retina-X violated the Act’s prohibitions against unfair and deceptive practices.