Tech Law

Grand Jury Probe May Deter Smartphone App Privacy Abuses

A federal grand jury has subpoenaed Pandora to produce documents in what could be an industry-wide investigation of smartphone apps.

In an SEC filing, Pandora said the subpoena was served early 2011, and it was told it wasn’t a specific target of the probe.

However, it believes similar subpoenas have been issued to publishers of other smartphone apps.

“The sum totality of public information about Pandora is contained in our registration documents,” Deborah Roth, a spokesperson for the streaming music service, told TechNewsWorld. “Due to quiet period regulations, we cannot participate in this.”

The mere convening of a grand jury does not necessarily mean any action will be taken, pointed out Carl Howe, director of anywhere consumer research at the Yankee Group.

“A grand jury can meet and decide not to take action, so this may not come to anything,” Howe told TechNewsWorld.

About the Grand Jury

The grand jury was convened by federal prosecutors in New Jersey, who are looking into whether smartphones illegally obtain or transmit information about their users without proper disclosures, according to a report in The Wall Street Journal.

The probe is examining whether makers of the apps concerned fully described to users the types of data they would collect and why they needed the information, the Journal said, citing a “person familiar with the matter.”

Collecting information about a user without proper notice or authorization could violate federal computer fraud laws.

Pandora, which collects and uses demographic and other information about its listeners — including personally identifiable information — was hit in late 2010 and early 2011 with lawsuits alleging violation of computer fraud, computer trespass and privacy laws, the company’s SEC filing states.

In January, Apple was hit with a lawsuit accusing it of privacy violations over the way it shares iPhone, iPad and iPod touch user information with advertisers. That’s the second such lawsuit. The previous one was filed last year.

Chatty Little Smartphone Apps

Perhaps there is some reason to worry about privacy.

Geo-tracking based on location data embedded onto image files, as well as the transmission of confidential payment information without the user’s knowledge or consent are among the security dangers facing smartphone users, according to a study conducted by the Ponemon Institute and sponsored by security vendor AVG Technologies.

Back in September, researchers found that 15 out of 30 randomly selected popular free Android Marketplace apps sent users’ private information to remote advertising servers, and two thirds of the apps handled data in ambiguous ways.

A team comprised of researchers from Duke University, Penn State University and Intel Labs made the discovery using TaintDroid, a prototype extension to the Android platform that they had developed. TaintDroid is designed to identify apps that transmit private data.

They found that some applications shared GPS sensor location information with ad servers only when displaying ads to the user, while others shared the user’s location information at any time.

Further, an investigation by The Wall Street Journal found last year that 56 of 101 popular smartphone apps for the iPhone and Android smartphones transmitted the phone’s unique device ID to other companies without the user’s knowledge or consent. Another 47 transmitted the phone’s location while five transmitted the user’s age, gender and other personal details.

Business Is the Driver

Mobile advertisers get to leverage smartphone apps and perhaps this is where the trouble begins.

For example, coupon platform Valpak has launched coupons on the Junaio free iPhone app that leverage the iPhone’s geolocation feature.

The app launches the iPhone’s camera and GPS to overlay a set of 3D coupons in real-time. As users scan their surroundings, applicable Valpak coupons pop up onscreen. This works for businesses between five feet and 20 miles away.

Just the Facts

Perhaps the problem of smartphone apps illicitly accessing and transmitting user information is overblown.

“If it’s really an issue, show me the data,” the Yankee Group’s Howe said. “I haven’t seen anybody that has good solid proof of excessive data being transmitted.”

The iTunes App Store has “very strict” rules about what data can and cannot be accessed and transmitted, Howe said. While the Android Market doesn’t have such clear rules, Android apps run in a sandbox, “so apps have limited access to your information,” he added.

In fact, Android apps have to ask users whether or not they want to allow them to perform a particular function. The problem is, many users automatically enable a function without checking to see what it is.

“Being a consumer myself, I certainly don’t read the terms and conditions on everything,” Mark Beccue, a senior analyst at ABI Research, told TechNewsWorld.

“So, in that case, it’s let the buyer beware. If you don’t read the terms and conditions carefully then the brunt of the problem is on you, the consumer,” Beccue added.

That said, there are “some really cool things starting to come out that leverage geolocation, so there’s probably a great deal of growth potential there for mobile marketing,” Beccue pointed out.

That potential might initially lead to abuses, he acknowledged, “but it looks as if law enforcement is right on top of the situation with this probe.”

Leave a Comment

Please sign in to post or reply to a comment. New users create a free account.

More by Richard Adhikari
More in Tech Law

Technewsworld Channels