The founder of a U.S. spyware company that marketed powerful consumer-grade hacking tools has pleaded guilty to a federal crime related to the distribution of his software, which was used by domestic abusers and others to secretly collect data from targeted computers and smartphones. The plea by Bryan Fleming is an unusual U.S. criminal case in the consumer “stalkerware” business and reflects tougher enforcement of companies that make, market, or benefit from cellphone surveillance apps, some of which have been used by domestic abusers.
Inside the Federal Case Against pcTattletale Spyware
The multiyear investigation by Homeland Security Investigations, an arm of U.S. Immigration and Customs Enforcement, focused on pcTattletale starting in 2021 as part of a broader examination into consumer-grade surveillance vendors. Investigators focused on pcTattletale’s marketing and support, which encouraged customers to track intimate partners without their permission in violation of federal and state laws, according to court records.
HSI secured search warrants for Fleming’s email accounts and then his Michigan home, where it uncovered communications proving he knew and helped customers record nonconsenting adults.
An undercover agent pretended to be an affiliate marketer in order to test how the product was being promoted, and the interaction resulted in promotional materials customized for catching a cheating spouse — undermining claims that the software was intended for legal purposes.
Financial records linked to Fleming’s accounts showed hundreds of thousands of dollars in transactions by late 2021, painting a portrait of a brisk business fueled by persistent, surreptitious monitoring. There are plenty of spyware operators who won’t reveal their true ownership and jurisdiction, but Fleming put his name on pcTattletale, appearing in online videos to hawk the product — that visibility helped keep the case close enough for U.S. feds to reach him.
How the pcTattletale Spyware Operated on Devices
pcTattletale does require physical access to the potential target device, using the victim’s passcode or login, since it must be installed.
Once installed, the software covertly transmits copies of messages, photographs, locations, and other personal data to pcTattletale’s servers in a way that makes it possible for the purchaser to view it from afar.
Companies in this category typically cite child-safety or employee-monitoring scenarios to defend their products. But U.S. law sets some bright lines: nonconsensual surveillance of adults — and especially an intimate partner — is illegal, and the creation or sale of tools for it may also violate the Computer Fraud and Abuse Act and the federal wiretap statute’s provisions related to device advertising.
Breach and Shutdown Followed Massive Data Exposure
The case picked up speed in 2024 after the infrastructure of pcTattletale was hacked. A hacker sundered the company’s site and whisked away huge amounts of data, including personally identifiable information about buyers and the people they tracked. A widely used breach reporting service would later compile over 138,000 customer records that were tied to the incident. Fleming shut down the service shortly thereafter, but not before investigators could collect evidence and expand their case.
A Rare Precedent in Stalkerware Prosecution
Fleming’s charges represent the most high-profile prosecution of a U.S. stalkerware case since the case against the StealthGenie phone-spying app maker in 2014. Privacy International has called for worldwide stalkerware bans.
While civil agencies and companies have cracked down on vendors of spyware, federal criminal cases are still relatively rare — in part because the businesses are often based abroad and obscure ownership.
This result could open the aperture for future actions not just against the coders and operators of these tools, but also affiliates and promoters who knowingly promote tremendously invasive surveillance. That adds up in a market in which, according to security companies and digital rights organizations whose research contributed to my project, tens of thousands of devices show stalkerware evidence globally each year — even as app store bans and mobile operating system features aim to limit their presence.
Advocacy and Industry Responses to Stalkerware Crackdown
Privacy advocates at groups like the Electronic Frontier Foundation and members of the Coalition Against Stalkerware have long argued that the industry flourishes in plain sight, because penalties are infrequent and take time to come. They cite consistent patterns: euphemistic branding, careless consent checks, and data safety lapses that leave abusers and victims vulnerable to exposure.
Regulators are starting to push back. The Federal Trade Commission has barred stalkerware operators from the surveillance industry and ordered data deletions in cases brought against them, while Apple and Google have toughened restrictions to cull clandestine tracking apps. However, sellers frequently apply new names to products, move infrastructure around, or change how they capture payment details online in order to bypass detection and policy enforcement.
What Comes Next for pcTattletale and Similar Apps
Fleming is scheduled for sentencing after entering a guilty plea; there are reports that other stalkerware websites remain under investigation. Legal observers will see whether prosecutors use the same playbook — drawing a clear line from explicit marketing, user support, and technical design choices to illegal surveillance — in going after more cases involving an industry that had seldom faced criminal exposure.
For the digital safety community, the case represents a shift in momentum: an indication that U.S. law enforcement is ready to consider consumer spyware not as a fringe annoyance, but as technology that enables abuse and justifies ongoing criminal enforcement.
