The Federal Trade Commission is warning a dozen developers about some code they’ve included in their apps that can surreptitiously listen to unique audio signals from TVs in the background and build detailed profiles of what consumers are watching. The technology, produced by a company called SilverPush, is used to track users across devices and the FTC warned the developers that if they don’t disclose the use of the code to consumers, they could be violating the FTC Act.
The SilverPush audio beacon listens to signals embedded in televised ads–signals that are inaudible to humans–and can correlate who is seeing what ads. The code can be embedded in mobile apps and users would have no knowledge of its presence, unless the app developer discloses it. In its letter, the FTC said the SilverPush functionality can run even when the app that contains it isn’t open.
The commission sent the letter to 12 app developers whose apps are in the Google Play store, and warned them that not disclosing the use of SilverPush’s Unique Audio Beacon could be a problem.
“For example, the code is configured to access the device’s microphone to collect audio information even when the application is not in use. Moreover, your application requires permission to access the mobile device’s microphone prior to install, despite no evident functionality in the application that would require such access,” the letter says.
“Upon downloading and installing your mobile application that embeds Silverpush, we received no disclosures about the included audio beacon functionality — either contextually as part of the setup flow, in a dedicated standalone privacy policy, or anywhere else.”
SilverPush, which is based in India, has said that its technology doesn’t target users in the United States right now, but that hasn’t assuaged the concerns of privacy advocates in the U.S. Last fall, the Center for Democracy and Technology sent a letter to the FTC expressing concern about SilverPush’s tracking technology.
“The only factor that hinders the receipt of an audio beacon by a device is distance and there is no way for the user to opt-out of this form of cross-device tracking,” the CDT letter says.
The FTC did not disclose the names of the developers whose Android apps contain the SilverPush code, but warned in the letter that the commission’s staff would be monitoring the developers’ apps and disclosures going forward.
“These apps were capable of listening in the background and collecting information about consumers without notifying them,” said Jessica Rich, Director of the FTC’s Bureau of Consumer Protection. “Companies should tell people what information is collected, how it is collected, and who it’s shared with.”
Image from Flickr stream of Matthew Potter.