The FTC’s decision affects three applications in particular: MobileSpy, created to keep an eye on employees’ and kids’ devices, as well as PhoneSheriff and TeenShield, which were specifically designed to monitor kids’ phones. Retina-X sold 15,000 subscriptions for its apps before it stopped selling them last year.

Retina-X apps bypass Android and iOS security restrictions, the agency explained, allowing them to collect sensitive data and exposing the devices to security vulnerabilities. The developer also didn’t bother to ensure the the apps were truly being used to track employees and children. That makes them a potential tool for spying, especially since the company provides purchasers with instructions on how to prevent the app’s icon from showing up on the phone screen, as well.

In addition, the FTC accused the company of failing to keep collected information secure. A hacker was able to break into its cloud storage account twice between February 2017 and 2018, accessing data collected through PhoneSheriff and TeenShield, which includes logins, text messages, GPS locations, contacts and photos. Since those apps were made to monitor kids, the FTC also accused Retina-X of violating the Children’s Online Privacy Protection Act (COPPA) that requires companies to secure the information they collect from children under 13.

The developer can only resume selling its apps and subscriptions if it requires purchasers to prove that they will be used to monitor children, employees or other consenting adults. Further, the apps’ icons and name smust be visible on the phone screen, unless it’s a parent or a legal guardian deleting them from a minor’s device. The company must also launch and maintain a security program to protect the personal information it collects, subject to third-party assessments every two years.