A fine of over $400,000 has been handed to the developer of several stalkerware apps, alongside an order to modify the software.
A consortium of 16 companies owned by Patrick Hinchy produced apps that snooped users, including DDI Utilities, PhoneSpector, TurboSpy, Surepoint, Easy Spy, and Auto Forward.
These apps enabled customers to secretly monitor a range of activities on other devices, including text messages, photos, location, WhatsApp and Skype. Browsing history and other social media activity was also accessible.
The Stalkerware Problem
The US is among the top three countries in the world for stalkerware downloads. Research by Comparitech found that the US search for apps related to ‘stalkerware’ the most globally. While, generally, “mobile tracker” was the most searched related term overall with 6.3 million global searches each year.
Hinchy promoted the software as legal, despite it being a requirement for users to install it onto other adults’ mobile devices. According to attorney general Leticia James, this breaks federal and New York state laws.
Rooting or jailbreaking devices invalidates the manufacturer’s warranty. Hinchy failed to inform customers of the potential damage that installing the products could cause to a device.
Alongside this, it was found that Hinchy misled customers about refund policies, made false claims about the security of data obtained by the apps, and created fake review sites to convince potential customers, the New York attorney general disclosed.
Likewise, he misled customers by creating multiple sites purporting to provide technology advice, however they were found to have been made with the sole intention of selling products.
The Legality of Stalkerware Apps
The attorney general stated: “Snooping on a partner and tracking their cell phone without their knowledge isn’t just a sign of an unhealthy relationship, it is against the law.”
“These apps and products put New Yorkers at risk of stalking and domestic abuse, and were aggressively promoted by Patrick Hinchy through 16 different companies. Today’s agreement will block these companies from allowing New Yorkers to be monitored without their awareness, and will continue our ongoing fight to protect New Yorkers’ rights, safety and privacy.”
Hinchy was given a $410,000 fine and is legally required to update the apps so that the device owners know that their devices are being monitored.
In 2020, Google placed a ‘formal’ ban on stalkerware apps. Google updated its Developer Programme Policy so that stalkerware apps required ‘adequate notice or consent’ as well as ‘persistent notifications’ if downloaded. There was some concern around large loopholes when this was introduced.