The pop-up ads were designed to get people to click on a "remove" button, which took them to a series of screens that talked about virus protection. The FTC's complaint said people who landed on those pages and tapped anywhere on the screen unknowingly authorized a $9.99 monthly charge for ringtones and other mobile content.
(Read more: Messaging apps hit gold as 'emojis' head west)
According to the FTC complaint, Jesta "misused" a novel and little-used billing method known as Wireless Access Protocol, or WAP. This kind of billing captures the phone number of a mobile device for billing purposes even though the customer has not manually entered that information or specifically agreed to the charge.
"I think that's pretty outrageous," Greisman said.
This is believed to be the first case ever brought by the federal government involving WAP billing.
Did company executives know this was a questionable practice?
The FTC's lawsuit quoted an internal company email in which a Jesta executive wrote that the chief marketing officer was "anxious to move our business out of being a scam and more into a valued service."
The attorney who represented the company in this case provided CNBC.com with the following statement:
"Our client is pleased to have resolved this issue. The particular advertising campaign alleged by the FTC to have been deceptive was shut down when Jesta management learned of it. Jesta is an industry-leading provider of premium mobile content to consumers, and its advertising campaigns are all compliant with or exceed the standards set by the Mobile Marketing Association."
Greg Stuart, chief executive of the Mobile Marketing Association, said he was troubled by what the FTC claims happened here.
"Clearly, these guys were just bad actors. There's no question about that from what I can see," he said.
(Read more: Are there bogus charges on your phone bill?)
Stuart pointed out that the association's best practice guidelines call for a secondary confirmation before anyone is billed for a transaction initiated from a mobile device—something Jesta did not do.
The FTC doesn't know how many people unwittingly paid Jesta Digital, but Greisman said she believes the numbers are substantial.
Jesta will notify anyone charged for services they did not authorize between Aug. 1 and Dec. 7, 2011, that they are entitled to a refund. Some of these notices will come in the form of a text message.
The company will automatically provide full refunds to anyone who was billed between Dec. 8, 2011, and Aug. 23, 2013, for any charges related to an advertising claim that the person's device was infected or that the company could provide software to protect their mobile device.