FTC-building-sign-AH

FTC Preemptive About Potential Privacy-Violating Apps

March 21, 2016 - Written By Dominik Bosnjak

As the US Federal Trade Commission (FTC) revealed on its official website yesterday, it has started notifying certain Android app developers that they’re utilizing some potentially privacy-infringing software in their mobile creations. The warnings are issued via e-mail and pertain to SilverPush, an advertising framework with some rather worrying capabilities. As the FTC reveals, SilverPush is able to take control of an Android device’s microphone and use it to analyze background noise and listen for certain TV shows. As if that’s not bad enough, the intrusively obtained information on users’ viewing habits is then sold or forwarded to third-party advertisers by its India-based owners. This is naturally a cause for alarm in a country where not even the largest companies like Verizon are immune to blatant privacy violations.

The FTC claims it has contacted exactly 12 developers by e-mail and warned them in regards to the use of SilverPush in their apps. While the agency hasn’t specifically named any offenders, it did reveal that their products are all available on Google Play Store. Naturally, it’s really unlikely that the warned developers are also the only ones utilizing SilverPush in apps which are available in the US, especially since the FTC was likely using a rather manual process to identify apps using the controversial ad framework. However, this is nonetheless a step in the right direction and there’s little doubt that more warnings will follow soon. As for what exactly the developers are being warned about here, the FTC notified them that SilverPush and related practices could easily constitute a violation of the Federal Trade Commission Act, or even more specifically, its section five which prohibits “unfair or deceptive acts or practices in or affecting commerce.” In other words, the sole act of using users’ devices to listen in on them isn’t illegal, but not notifying them about it definitely is.

Even though SilverPush’s Indian developers claim that their advertising framework isn’t used in the US at this point in time, the FTC has seemingly took a preemptive course of action in this case and notified the aforementioned dozen developers about the fact that its sole presence in their apps may be illegal due to the deceptive nature of the software. Therefore, if that proves to be the case, developers will definitely be held responsible in case they haven’t notified their users about how any why are they collecting their data. The FTC is in no way new to the mobile app privacy game as it has been releasing non-binding guidelines to developers for years, but this preemptive hands-on approach is definitely not its usual MO and it’s likely that it took the dozen of warned developers completely by surprise.