Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Advertising Android Google Privacy Security Your Rights Online

FTC Warns Android App Developers About Use of Audio-Tracking Code 81

Reader Trailrunner7 writes: The Federal Trade Commission is warning dozens of developers about some code they've included in their apps that can surreptitiously listen to unique audio signals from TVs in the background and build detailed profiles of what consumers are watching. The technology, produced by a company called SilverPush, is used to track users across devices and the FTC warned the developers that if they don't disclose the use of the code to consumers, they could be violating the FTC Act. The commission sent the letter to 12 app developers whose apps are in the Google Play Store, and warned them that not disclosing the use of SilverPush's Unique Audio Beacon could be a problem. "For example, the code is configured to access the device's microphone to collect audio information even when the application is not in use. Moreover, your application requires permission to access the mobile device's microphone prior to install, despite no evident functionality in the application that would require such access," the letter says.
This discussion has been archived. No new comments can be posted.

FTC Warns Android App Developers About Use of Audio-Tracking Code

Comments Filter:
  • by mmiscool ( 2434450 ) on Friday March 18, 2016 @12:20PM (#51725047) Homepage
    This technology could be used to catch the unscrupulous people doing unlicensed performances of songs in public places and help protect us all from terrorists.
  • FYI app list (Score:5, Informative)

    by maestroX ( 1061960 ) on Friday March 18, 2016 @12:23PM (#51725069)
    A list of apps using Silverpush is available at: https://public.addonsdetector.... [addonsdetector.com]
    I'm in no way affiliated with this site.
    • by arth1 ( 260657 )

      The interesting find on that list is the McDonald's Phillipines delivery app.
      I wonder what McD has to say about this?

      • by KGIII ( 973947 )

        I wonder what McD has to say about this?

        The Hamburgler did it!

        *fat purple thing runs away*

        robble robble robble

      • The apps do this for the same reason that web sites sign up for third party app services - it's free money for zero work on their behalf, and they don't give a shit if it pisses off their users. We're just monetization units to them.

    • by subk ( 551165 )

      A list of apps using Silverpush is available at: https://public.addonsdetector.... [addonsdetector.com] I'm in no way affiliated with this site.

      Slashdotted! It's been a while since I've seen that!

  • by Anonymous Coward

    Why doesn't anyone list the apps? (or I missed it in reading)

  • ...the government hates competition.
  • "this could constitute a violation of the Federal Trade Commission Act"

    What exactly would constitute a violation of the FTC act? Their footnote states

    "Specifically, Section 5 of the Federal Trade Commission Act prohibits unfair or deceptive acts or practices in or affecting commerce"

    What about using SilverPush would be unfair or deceptive?

    The FTC is attempting to assert jurisdiction, but there's nothing here to regulate. Why is the FTC attempting to regulate apps? Why don't they do something useful and regu

    • by Anonymous Coward

      It's deceptive that they place you under audio surveillance without making it clear in their privacy policy.

    • How is it not deceptive? It's listening to what television you watch and then reporting that to some backoffice all without telling you.

  • by Anonymous Coward

    I guess now we need a switch that physically disconnects the microphone.

    • by Anonymous Coward

      That switch should also physically disconnect the camera.

      • Definitely. Also should have better sandboxing of apps, like finer grain permissions, proxy handling and the ability to substitute alternate resources. For example, a few apps might really make sense to let them see you on-call status, but they don't strictly need more than that. Other apps only need audio mute or attenuation. That could be handled in the audio services rather than by the apps. Then sometimes, one might have a good reason to use an app that request more permissions than one is willing to gr

      • by arth1 ( 260657 )

        That switch should also physically disconnect the camera.

        I'm not so worried about someone getting a real close-up of my nipple, but anything using the camera or mic or accelerometer or GPS or IP connectivity when not in the foreground should require an explicit authorization from the user, every time. Google really needs to give users a way to block this. A barndoor wide acceptance without specifics at install time is not good enough.

  • It appears based on maestroX's post above (which lists Silverpush-using apps) that nearly all of the offending apps on the market are clearly targeted at foreign users - primarily it seems Southeast Asian markets.

    Which is consistent with the FTC's letter saying that no USA programming features the broadcast component of this technology.

    Seems like this is a preemptive "US advertisers had better not use this" warning.

    Also - most of the developers will likely just ignore the FTC due to lack of jurisdiction, as

  • Seems like it would always be illegal in 2-party states (as people around you aren't consenting) or if the user isn't told about it.
    • Seems like it would always be illegal in 2-party states (as people around you aren't consenting) or if the user isn't told about it.

      It might also be considered copyright infringement against the tv shows, especially if the audio is stored for any length of time.

    • by cogeek ( 2425448 )
      I'm sure it's in the TOU you agree to when you click Install
    • by PPH ( 736903 )

      I suspect that these apps don't actually record audio. They detect the unique embedded signatures (audio watermarks, etc.) and just forward that data to their servers. This may or may not be legal. But it has yet to be court tested.

      • by subk ( 551165 )

        They detect the unique embedded signatures (audio watermarks, etc.)

        Which is all poppycock. Neilsen's "psychoacoustic" chirp tones do not work reliably. I am a broadcast engineer. I am blacklisted from being a Neilsen Home. But my mate a few blocks away is not. He signed up, and we played with the device. I won't go into specifics, but you can tell when it hears a tone because it goes about phoning home the telemetry. If it does not catch them, it is basically reporting that you aren't watching the tube. We observed the unit and found it was only catching our statio

  • I am using Android for more than 2 years so I am not anti-Android. However, things like this scare me on Android. Google has very little control on apps, not even to prevent someone violating laws. Up until Android 6, it was not even possible to revoke app permissions. You had to grant all permissions that app requested in order to install it. Many apps used to create fake reasons why they need some permissions. Why do radio app need to dial international number? In iOS, you can configure. On my iOS, I didn

    • by Alumoi ( 1321661 )

      It's doable in Android. Root, install a firewall and DisableService (handy little program which disables services in apps).

  • The Federal Trade Commission is warning ***a dozen of developers*** about some code they've included in their apps

Understanding is always the understanding of a smaller problem in relation to a bigger problem. -- P.D. Ouspensky

Working...