More like this

Security

Apps that 'listen in' to your mobile get slapped by US watchdog

Covert snooping code runs afoul of federal law

The US Federal Trade Commission (FTC) has fired off letters to a dozen mobile app developers, warning that their software could be in violation of federal privacy laws.

The watchdog said it has spotted a number of applications on the Google Play market that contain SilverPush code, a controversial software library that secretly snoops on the ads you're watching.

"These apps were capable of listening in the background and collecting information about consumers without notifying them," said FTC consumer protection bureau director Jessica Rich.

"Companies should tell people what information is collected, how it is collected, and who it's shared with."

SilverPush listens for ultrasonic frequencies embedded in TV, radio and audible web ads so it can identify what you're watching or listening to or reading. The software detects the high-frequency signals and uses the information from the ad to work our what your interests are and serve up targeted advertising.

So if you're watching a TV show or an online video about cooking, and an ad comes on for kitchenware with an embedded ultrasonic signal, apps using SilverPush on your nearby phone will hear it, realize you're into cookery, and phone home this data to ad networks.

The software has been criticized as spyware because SilverPush can operate without user knowledge and can be installed and activated without user consent or permission.

The FTC said that it knows of 12 developers who are currently offering software for Android devices. All 12 of the devs have been given letters warning that in order to make use of the SilverPush code, they must first obtain direct permission from users to both access their microphone hardware and track user activity for targeted content.

While SilverPush "enhanced" ads are not yet being used in the US, the FTC said that anyone who plans to make use of the code and covert ultrasonic signals in America will only be able to do so legally by obtaining consent.

"For the time being, SilverPush has represented that its audio beacons are not currently embedded into any television programming aimed at US households," the FTC tells developers in the letters [PDF].

"However, if your application enabled third parties to monitor television-viewing habits of US consumers and your statements or user interface stated or implied otherwise, this could constitute a violation of the Federal Trade Commission Act."

Developers who don't obtain user permission to activate the SilverPush code will be in violation of Section 5 of the FTC Act and subject to prosecution at the hands of the US trade authority, including business injunctions and fines. ®

Sponsored: The world has changed, has your IAM strategy?