FTC Warns Android Devs Not To Track Users Without Disclosure, Opt-Out Option

The Federal Trade Commission (FTC) sent a warning letter to twelve Android app developers that they are violating the FTC Act by using technology that can surreptitiously listen to audio signals from TVs to create profiles of what their users are watching.

The twelve companies are using technology from SilverPush, an Indian-based company that claimed that its software doesn’t target U.S. citizens. Silverpush’s technology listens to embedded signals in television ads that are inaudible to humans, to discover who is seeing what ads.

The FTC’s main problem with this technology is that the developers embedded it into their apps without disclosing it to their users. Another problem is that the audio tracking can run even when the app that contains the tracking code isn’t open.

The FTC is also picking on the developers for asking for microphone access when the apps don’t have any features that would use it:

“For example, the code is configured to access the device’s microphone to collect audio information even when the application is not in use. Moreover, your application requires permission to access the mobile device’s microphone prior to install, despite no evident functionality in the application that would require such access,” said the FTC in a letter to the twelve Android app developers.

It seems that the Center for Democracy and Technology (CDT) was the one to warn the FTC about SilverPush’s tracking technology last fall. In its own letter to the FTC, the CDT complained that users also don’t have an option to opt out of this cross-device tracking.

“These apps were capable of listening in the background and collecting information about consumers without notifying them,” said Jessica Rich, Director of the FTC’s Bureau of Consumer Protection. “Companies should tell people what information is collected, how it is collected, and who it’s shared with,” she added.

It doesn’t look like the FTC will punish the companies for this behavior for now, but it will watch to see if they continue to avoid disclosure about the tracking technology to their customers. The agency also didn’t want to name who the twelve companies were.

Lucian Armasu is a Contributing Writer for Tom's Hardware. You can follow him at @lucian_armasu. 

Follow us on FacebookGoogle+, RSS, Twitter and YouTube.

Lucian Armasu
Lucian Armasu is a Contributing Writer for Tom's Hardware US. He covers software news and the issues surrounding privacy and security.
  • Achoo22
    Thank God that some common-sense rules are being put into play. The industry completely failed to regulate itself and this is hopefully just the first of many steps to return control to device owners.
  • braneman
    Isn't this pretty much what Android is designed to do? Or pretty much any mobile operating system/Windows 10?
  • abbadon_34
    So just these twelve? Everyone else is ok to spy? Wouldn't want to step on the toes of those big contributors and hurt their shareprices.
  • scubadog40
    They are always watching you and know just what your doing you can believe that!
  • falchard
    I think this is FTC testing the waters. The big dilemma for a US regulatory agency in policing the Internet is that a lot of companies are foreign and they have no authority over them. If they can get the foreign companies to comply they can jump right in.
  • knowom
    I don't see the problem how is this any different than what the NSA has been doing for years? privacy haha that's a joke not on the internet doesn't exist
  • chicofehr
    This I one of the reasons I use a blackberry 10 device. I can't stand anyone trying to spy on me with their apps.
  • hst101rox
    A list of some apps that use Silverpush https://public.addonsdetector.com/silverpush-android-apps/
  • kunstderfugue
    It's already a red light signal if an app is asking for control over a feature it doesn't use. Like a flashlight app asking for your location or contacts. It's good the Google Play Store tells you exactly which features an app will have access to.
  • Brian28
    Isn't this pretty much what Android is designed to do? Or pretty much any mobile operating system/Windows 10?
    In Android, at least they would have to request the Microphone Permission prior to install. But most users do not think to read the fine print.