SpyFone sold a product that let abusers secretly turn on their victim’s microphone, record phone calls, read every private message, and track their GPS location in real time, all while the victim had no idea their phone had been turned into a surveillance device against them.

A Stalker’s Toolkit, Sold as a Parenting App

Support King, LLC, operating under the brand name SpyFone, built and sold a suite of Android surveillance apps starting in 2018. The company is registered in Puerto Rico, and its founder Scott Zuckerman served simultaneously as president, CEO, resident agent, and the person who personally built the company’s websites, hired its service providers, and signed its contracts.

The FTC’s complaint makes the business model explicit: SpyFone licensed, marketed, and sold products that allowed a buyer to monitor another person’s phone entirely without that person’s knowledge. The company marketed this under the cover of “parenting tools” and “employee monitoring,” but the FTC found that cover to be a pretext.

The FTC identified spyware apps exactly like SpyFone’s as tools used by stalkers and domestic abusers to monitor victims’ physical movements, online activities, and sensitive personal information. The harm the FTC documented goes beyond privacy violations into mental, emotional, financial, and physical abuse up to and including death.

The Product Line: A Menu of Surveillance Capabilities

SpyFone did not offer one product. It offered a tiered surveillance menu, each tier unlocking more invasive capabilities at a higher price. Here is exactly what they sold:

SpyFone Wrote the Instructions on How to Be Invisible

SpyFone was not sold through the Google Play store. Buyers had to download it directly from SpyFone’s website, which required the buyer to first physically handle the victim’s phone. SpyFone then provided step-by-step instructions on bypassing Android’s built-in security warnings to make the installation possible.

Android itself displayed a clear warning during this process: “If you download apps from unknown sources, your device and personal information can be at risk. Your device could get damaged or lose data. Your personal information could be harmed or hacked.” SpyFone instructed buyers to proceed past this warning and then to disable the system that scans for harmful applications.

After installation, SpyFone gave buyers a checklist for hiding the app entirely. The software labeled itself “System Service” inside the phone’s settings so it would not be recognized as surveillance software. The FTC complaint documents the exact instructions SpyFone gave buyers for concealment, which are quoted below in Legal Receipts.

Victims Were Structurally Prevented from Protecting Themselves

The FTC found that the harms SpyFone caused were not reasonably avoidable by the people being surveilled. The victim could not stop the monitoring because they did not know it was happening. Even if a victim eventually discovered the surveillance, the FTC noted that their private data had already been collected by SpyFone.

Beyond surveillance, the installation process itself weakened the victim’s phone security by disabling protections against malware, potentially voiding the phone’s warranty, and exposing the device to outdated software vulnerabilities. The victim, unaware any of this had happened, would have no reason to take steps to protect themselves from those additional risks.

The Non-Financial Ledger: What This Actually Did to People

The FTC complaint does not talk about SpyFone as a software company that bent some privacy rules. It explicitly states that these products enabled stalking and domestic abuse, and it documents the harm chain in clinical, devastating detail. A stalker using SpyFone could know where their victim was at every moment. They could read every text message. They could listen through the phone’s microphone. They could watch the victim’s screen in real time. They could even send text messages that appeared to come from the victim’s own number.

The FTC document maps the escalation of harm directly. Stalkers and abusers used the information obtained through SpyFone to “perpetuate stalking and abusive behaviors, which cause mental and emotional abuse, financial and social harm, and physical harm, including death.” That is the federal government, on record, stating that a product like this is a weapon in the hands of people who kill their partners. This is not hypothetical. Intimate partner violence is the leading cause of femicide in the United States, and location-tracking technology is a documented enabler of that violence.

The financial abuse angle is also specifically documented. Abusers used SpyFone’s access to financial account information to take over victims’ bank accounts and redirect funds. The FTC notes that victims also faced indirect financial loss through costs of therapy and the expense of physically relocating to escape an abuser. Moving away from your home, your community, your job, and your support network to flee someone who can see your GPS location in real time is not a minor inconvenience. It is a life-altering crisis, and SpyFone’s product made it harder to escape.

The trauma the FTC documents does not end when the abuse ends. The complaint states explicitly: “Even after stalking or domestic abuse ends, victims continue to experience substantial harm, including injury in the form of depression, anxiety, and ongoing fear for one’s safety.” SpyFone did not sell a product that caused a one-time privacy violation. It sold a product that enabled sustained, escalating psychological torture, and it designed that product specifically to be invisible so that torture could continue undetected for as long as the abuser chose to pay the subscription.

They Got Hacked, Then Lied About the Response

In August 2018, an unauthorized third party accessed SpyFone’s servers and obtained the personal data of approximately 2,200 people. The exposed data included records pulled directly from victims’ monitored phones, including photos.

Those 2,200 people were already victims once: they were being secretly surveilled by someone who bought SpyFone. The breach made them victims twice: their private data was now also in the hands of an unknown outside attacker.

SpyFone sent a notice to purchasers after the breach claiming it had “partnered with leading data security firms to assist in our investigation” and that it would “coordinate with law enforcement authorities” to address the attack. The FTC found that both statements were lies. SpyFone did not partner with any data security firms. SpyFone did not work with or coordinate with law enforcement in any way.

The Data Was Never Protected to Begin With

The breach happened because SpyFone had no meaningful data security in place. The FTC’s complaint lists five specific failures: SpyFone stored photos, text messages, web histories, and GPS locations without any encryption; failed to properly configure who could access their servers; failed to secure their Application Programming Interfaces (APIs), including failing to restrict which IP addresses could make requests; transmitted buyers’ passwords in plain text; and never contractually required the third-party service provider that stored all of this surveillance data to follow any security standards at all.

SpyFone’s own Terms of Use from 2018 and 2019 told customers: “SpyFone cares about the integrity and security of your personal information. We will take all reasonable precautions to safeguard customer information.” The FTC found these statements were false and misleading.

Legal Receipts: The Government’s Own Words

These are direct quotes from the FTC’s formal complaint. Every word below came from the federal government’s official legal filing against SpyFone.

“Respondents instruct the purchaser to ‘[r]eboot the device to hide the application’ and is then counseled for ‘[b]est [d]iscretion’ to delete the mobile device’s web browsing history, delete the installation file on the mobile device, delete the notification on the mobile device, disable notifications, and ‘make the application trusted,’ all steps to ensure the device user never learns of the surreptitious monitoring.”

FTC Complaint, Paragraph 8 — SpyFone’s own instructions for concealment

“The SpyFone software can then only be found by navigating through the device’s ‘Settings,’ where, according to SpyFone’s website, it is labeled as ‘System Service’ in order ‘to be more stealthy[.]'”

FTC Complaint, Paragraph 8 — How SpyFone disguised itself on the victim’s device

“Stalkers and abusers then use the information obtained via monitoring to perpetuate stalking and abusive behaviors, which cause mental and emotional abuse, financial and social harm, and physical harm, including death.”

FTC Complaint, Paragraph 22 — The documented harm chain

“In truth and in fact, as set forth in Paragraphs 20 and 21, Respondents did not actually partner with leading data security firms or work with law enforcement authorities. Therefore, Respondents’ representations as described in Paragraph 33 of this Complaint are false and misleading and constitute deceptive acts or practices.”

FTC Complaint, Count III — Official finding of deception on breach response

“The purported use of the monitoring products and services for employment or child-monitoring purposes is a pretext. Parents and employers would not typically want the monitoring product to spoof text messages from the device, a feature SpyFone marketed to its customers, or want to disable security measures on a mobile phone to install Respondents’ Android monitoring products and services.”

FTC Complaint, Paragraph 11 — The FTC calling out SpyFone’s cover story

Societal Impact Mapping

Public Health: Surveillance Technology as a Domestic Violence Weapon

The FTC complaint frames SpyFone’s harm explicitly in public health terms. Stalking and domestic abuse are recognized public health crises, and the FTC’s own language acknowledges that tools like SpyFone sit at the intersection of technology and intimate partner violence. The complaint documents that victims of stalking and domestic abuse experience lasting psychological injury, specifically naming depression, anxiety, and ongoing fear for personal safety as documented outcomes that persist long after the abuse ends.

The FTC’s complaint further documents that abusers use location-tracking data to physically locate victims, transforming SpyFone’s GPS feature into a tool for physical confrontation and, in the agency’s own words, death. The ability to remotely activate a phone’s microphone without the victim’s knowledge eliminates the possibility of a private conversation, a private phone call for help, or a confidential conversation with a counselor, lawyer, or shelter worker. SpyFone’s Xtreme product made every conversation within range of the phone’s microphone potentially audible to an abuser.

The call-recording capability further closed off victims’ ability to seek help. A victim who calls a domestic violence hotline, a lawyer, or a trusted friend while SpyFone is installed on their phone has no privacy in that call. The chilling effect of that surveillance, even if the victim is unaware of it, represents a public health harm that does not register in any settlement figure.

Economic Inequality: Surveillance as Financial Control

The FTC’s complaint dedicates specific attention to the economic harm SpyFone enabled. The complaint documents that abusers used financial account information obtained through SpyFone’s monitoring to take over victims’ financial accounts and redirect funds to themselves. Financial control is a documented cornerstone of domestic abuse: it traps victims who cannot afford to leave.

SpyFone’s products provided abusers with access to online banking activity, financial communications, and any account credentials that passed through the monitored phone. At a subscription price starting at $99.95 per year (roughly the cost of a single therapy session, or about 10 hours of minimum wage work), a perpetrator could purchase sustained financial surveillance for a full year. The victim, by contrast, faces the compounding costs of therapy, relocation, and rebuilding their financial life after an abuser has drained or controlled their accounts.

The FTC notes that these economic harms are “not reasonably avoidable” by the victim because the victim does not know the surveillance is happening. An economically abused person cannot make informed financial decisions if every banking notification, every transaction alert, and every financial message is being monitored in real time by the person controlling them.

The Cost of a Life: What SpyFone Charged to Enable This

What Now: Who to Watch and How to Fight Back

The FTC issued this complaint in December 2021. The people responsible for building and running this business are identified in the federal filing.

If you or someone you know is in a situation involving covert phone surveillance, do not act alone and do not alert the abuser by removing apps without a safety plan in place. Contact the National Domestic Violence Hotline for device safety guidance from trained advocates. Coalitions Against Stalkerware (coalitionagainststalkerware.org) maintains a vetted list of resources and safe removal guides. At the community level, mutual aid networks that support survivors of domestic violence provide emergency housing, financial assistance, and safety planning that no regulatory settlement can replace. Push your local representatives to fund these organizations, because the FTC can fine a company, but only a community can catch someone falling.