Stalkerware makers who were forced out of the surveillance industry after data breaches that compromised the personal information of their customers and those they spied on will not be able to return to selling the invasive software, according to the Federal Trade Commission.
The FTC denied a request by Scott Zuckerman, founder of consumer spyware company Support King and its subsidiaries SpyFone and OneClickMonitor, to lift the ban.
On Monday, the FTC announced the denial in a press release after Mr. Zuckerman petitioned the federal watchdog agency in July to revoke or modify the restraining order.
In 2021, the FTC banned Zuckerman from “offering, promoting, selling, or advertising any surveillance apps, services, or businesses,” effectively blocking him from operating another stalkerware business. The agency also ordered Zuckerman to delete all data collected by SpyFone, undergo frequent audits and establish certain cybersecurity practices for his business.
“SpyFone is the brazen brand name for a surveillance business that helped stalkers steal personal information,” said Samuel Levin, then acting director of the FTC's Bureau of Consumer Protection. “While the stalkerware was hidden from the device owner, it was completely exposed to hackers who took advantage of the company's lax security.”
According to the petition, Zuckerman argued that the FTC order's safety requirements make it difficult for him to operate other businesses due to financial costs, even though Support King is no longer in business and he currently only operates a restaurant in Puerto Rico and plans other “tourism ventures.”
When contacted by email, Mr. Zuckerman declined to comment, referring questions to his attorney.
tech crunch event
San Francisco | October 13-15, 2026
The FTC's ban stems from a 2018 incident in which security researchers discovered SpyFone's Amazon S3 bucket where highly sensitive data, including selfies, text messages, chat app messages, voice recordings, contacts, location information, hashed passwords and login information, was exposed online for anyone to view and access.
The leaked data included 44,109 unique email addresses, as well as “at least 2,208 current 'customers' and hundreds or thousands of photos and audio within each folder” from 3,666 phones that had SpyFone stalkerware installed.
Contact Us Want more information about stalkerware manufacturers? You can contact Lorenzo Franceschi-Bicchierai securely from your non-work device on Signal (+1 917 257 1382) or on Telegram and Keybase @lorenzofb or by email.
Less than a year after the 2021 FTC order, TechCrunch reported that Zuckerman appears to be running another stalkerware company. In 2022, TechCrunch received a large amount of compromised data from the stalkerware app SpyTrac. The data reveals that SpyTrac is run by freelance developers with direct ties to Support King and is an attempt to circumvent the FTC's ban. Additionally, the compromised data included records from SpyFone, which Zuckerman was ordered to delete, as well as keys to access the cloud storage of OneClickMonitor, another of his stalkerware apps.
Eva Galperin, a prominent stalkerware expert, celebrated the news. “Mr. Zuckerman clearly hoped that after a few years of hiding, everyone would forget why the FTC issued the ban not only against the company, but against Mr. Zuckerman in particular,” Galperin told TechCrunch.
Zuckerman's apparent violations of the FTC's prohibitions, which TechCrunch revealed in 2022, “suggest that he didn't learn his lesson,” added Galperin, director of cybersecurity at the electronic frontier foundation, a digital rights nonprofit.
Stalkerware apps allow customers to secretly spy on their loved ones' phones and devices. In addition to enabling potentially illegal activities, at least 26 stalkerware companies have been hacked or left with sensitive data exposed online in the past eight years, according to a tally by TechCrunch. These repeated incidents show that these companies repeatedly fail to protect the privacy of their customers and those they spy on.