Print 31 comment(s) - last by Calin.. on Apr 8 at 9:16 AM

[Click to Enlarge] Your favorite iOS and Android apps just LOVE to share. Some share your info with advertisers with your permission -- others do it without.  (Source: WSJ)
Federal Grand Jury subpoena could open Pandora's box

While the threat of malware on smartphones seems to be rising, another issue for mobile applications is being investigated by a Federal Grand Jury. 

The Wall Street Journal reports that federal prosecutors in New Jersey are looking into whether or not a number of smartphone applications illegally obtained and/or transmitted user information without properly disclosing what type of data they collected and why they needed it to begin with. According to WSJ, collecting user information without correct disclosure could possibly violate the Computer Fraud and Abuse Act, which helps prosecute hackers. 

In December, it was discovered by WSJ that an unsettling number of iOS and Android apps obtained personal data and shared it -- most commonly with advertisers for a fee -- without warning. WSJ examined the transmissions of 101 Android (Google) and iOS (Apple) apps. According to the report:
[The results] showed that 56 transmitted the phone's unique device ID to other companies without users' awareness or consent. Forty-seven apps transmitted the phone's location in some way. Five sent age, gender and other personal details to outsider.
The music-streaming app Pandora was found to belong in the latter category, with both versions of its app transmitting age, gender, location, and "unique identifiers for the phone" to advertisers. 

Yesterday, Pandora announced in an SEC filing that it had received a subpoena (related to the Grand Jury investigation), which the company said it believed had been issued "on an industry-wide basis to the publishers of numerous other smartphone applications," and that it was "not a specific target of the investigation." 

The creator of the Pumpkin Maker iPhone app, Anthony Campiti, also received a similar subpoena. "They're just doing information-gathering to get a better understanding" of the industry, Campiti told WSJ. "We're not doing anything wrong and neither is anyone else doing anything wrong."

Although the investigation is significant because it involves potentially criminal implications, the months-long probe may not result in any charges because, generally, companies aren't often charged with crimes. Rather, the case could morph into a civil one. "Companies in the federal government's cross hairs often reach non-prosecution or deferred-prosecution agreements that allow the targets to avoid being criminally charged," WSJ writes.

Apple, Google, Pandora, and a spokesperson for the U.S. attorney in New Jersey all declined or could not be reached for comment.

Comments     Threshold

This article is over a month old, voting and posting comments is disabled

By BrandtTheMan on 4/5/2011 8:58:18 AM , Rating: 5
I for one welcome this investigation. Developers should be required to let the consumers know what they are transferring. Plain and Simple.

RE: Good
By Ristogod on 4/5/11, Rating: -1
RE: Good
By abscode on 4/5/2011 9:48:50 AM , Rating: 2
Good thinking. Those are exactly the same orginizations and industries in the loop now and it's been working out great.

RE: Good
By cknobman on 4/5/2011 9:54:42 AM , Rating: 5
Sure we dont want the government regulating what can and cannot be on our phone

BUT we do need someone regulating what these app makers illegally do with our private data.

If the app makers werent crooked douchebags that transmitted our private data without our consent then there would be no need for this.

I say the government hits these bastards hard. No argument about non government interference is strong enough to hold up against them defending my private personal data being illegally obtained without my consent.

RE: Good
By FITCamaro on 4/5/11, Rating: -1
RE: Good
By xti on 4/5/11, Rating: 0
RE: Good
By cknobman on 4/5/11, Rating: 0
RE: Good
By FITCamaro on 4/5/2011 1:44:12 PM , Rating: 1
Are they giving away your address? Credit card info? Phone number? No.

Gathering demographics info for advertising purposes isn't of concern to me.

And even enforcing this stuff doesn't stop someone from making an app that does something they didn't tell you about. Sure people might figure it out eventually, but they'll likely have gotten a bunch of info by then. That's why you only download apps from major parties like Pandora or what not. If you want to download an app from someone more obscure, you do your research.

RE: Good
By Landiepete on 4/5/2011 9:59:40 AM , Rating: 2
You are ubder the mistaken impression that these apps are sold to you for a buck because the maker likes you schtyle. This is not true. Even if your app sells 20.000 times, you're making 20K minus the cut of the distributen channel. This is not going to keep you in condo's and Italian sports cars.

The data mining business, however, is about serious money.

RE: Good
By tim851 on 4/5/2011 11:24:58 AM , Rating: 3
Then anyone else should enforce that policy other than the government. (...) I don't need them regulating what I can and can't have a cell phone.

The U.S. attorney is not part of the government, you wannabe libertarian tea-bagger.

In a Democracy (among others) it is by definition the job of the Judiciary to enforce the law. In this case there is an investigation whether Pandora & co. broke the law, namely the Computer Fraud and Abuse Act.

You want Apple, HTC or AT&T to enforce the law? What are you smoking? In what world is a Corporatocracy better serving your interests than a Democratic system?

Soon you demand that if my car is stolen from my garage, the investigation is led by my landlord, the locksmith and Ford.

RE: Good
By The Raven on 4/5/2011 1:07:40 PM , Rating: 1
In a Democracy (among others) it is by definition the job of the Judiciary to enforce the law.

Correction: Enforcement is the job of the legislature. The judiciary interprets and applies law.
Soon you demand that if my car is stolen from my garage, the investigation is led by my landlord, the locksmith and Ford.

The landlord, locksmith and Ford would be the app developers in this case. Investigation and enforcement is still handled by established gov't. It really shouldn't be that different from "real life" since it is just as real even if it is on the internet. People will never understand that unless they are allowed to live with the realities of it.
So I agree with you there.

I'm not sure this guy read the article or he is an full on anarchist. (Which happens to be only a subset of tea partiers and libertarians)

But I am a die-hard libertarian and I consider myself a tea partier FYI. So please don't throw those terms around like they are bad things. Call a spade a spade. Thank you.

RE: Good
By tim851 on 4/5/2011 3:45:18 PM , Rating: 2
Correction: Enforcement is the job of the legislature. The judiciary interprets and applies law.

No, Legislature makes the law. But I was indeed incorrect. Not the Judiciary enforces the law, but the Executive. My bad.

RE: Good
By The Raven on 4/6/2011 12:14:42 PM , Rating: 2
No, Legislature makes the law. But I was indeed incorrect. Not the Judiciary enforces the law, but the Executive. My bad.

Yes, I'm sorry I meant setting up or creating enforcement agencies as proposed in this thread.

The President is responsible for implementing and enforcing the laws written by Congress and, to that end, appoints the heads of the federal agencies, including the Cabinet. -

If I am not mistaken those agencies are set up by the legislature (like the California Highway Patrol for example).

Though I believe some agencies ARE created by the Executive (like the Department of Homeland Security). Is a 'department' an 'agency.' lol

These days with the various Presidents declaring war (clear duty of congress) who knows what the hell is going on?

RE: Good
By FITCamaro on 4/5/2011 9:55:05 AM , Rating: 2
At least on Android, when you install Pandora it says what things it has access to.

As far as age and gender information, I'd love to know how it even knows what age and gender you are unless it detects if social networking apps are installed and reads from them.

All this will do is kill things like Pandora from being made available. I for one, like my free music. If the price is they know how old I am, I really could care less.

RE: Good
By torpor on 4/5/2011 10:29:39 AM , Rating: 2
...and this is how the market works.

When you install Pandora on Android, you are told it wants access to your contacts.

If this seems wrong to you, don't install.
If you're fine with it, go ahead.

The choice was, is, and should continue to be, yours.

RE: Good
By MrTeal on 4/5/2011 10:47:29 AM , Rating: 2
This is the interesting thing, according to the chart above. Angry Birds apparently captures all kinds of data. I just found the app on the marketplace and clicked install on my Galaxy S, the only permissions it asked for was Network Communication (full internet access).

To me, that's the issue. If the app is only requesting certain permissions but mining data without your knowledge, that's beyond the line and needs to be stopped. With the Facebook app, even with I crap I give them, they at least indicate that they're going to use your GPS location, all your contacts, your camera and possibly take a sample of your blood. It makes it easy to tell them where to go.

RE: Good
By mikeyD95125 on 4/5/2011 11:20:36 AM , Rating: 2
What is troubling for me is that I don't know whether apps like Facebook are sending data even wen I don't use them. Does anyone know whether I have to actually use the facebook app or will it send data anyway.

It is one of those applications that I had to root my phone just to get rid of it.

RE: Good
By FITCamaro on 4/5/2011 10:44:46 PM , Rating: 2
You can turn off applications ability to send background data period through the settings menu in Android. This means that unless you're using the app, it can't do anything.

RE: Good
By Slyne on 4/5/2011 1:48:34 PM , Rating: 2
I was bothered by that too, so I browsed through the WSJ article and it seems they're referring to the iPhone version of Angry Bird. Does iOS let you know what info an app has access to?

RE: Good
By torpor on 4/5/2011 2:17:21 PM , Rating: 2
No, the app store/iPhone does not tell you what a program wants to do.

And for the record, here are the permissions requested by Pandora for Android, exactly as shown by Android's marketplace:


Network Communication
Full Internet access, create Bluetooth connections

System tools
Modify global system settings, prevent phone from sleeping, Bluetooth administration, change Wi-Fi state, change network connectivity

Your personal information
Read contact data, Add or modify calendar events and send email to guests

Phone calls
Read phone state

If you think the above is fine for a music app, then go ahead and install.
If you don't like the above for a music app, then don't use it.

What this is, isn't an example of where a strong executive power is needed (which is where the police are, not in judiciary or legislative), but it is a rather brilliant example of exactly why closed systems are BAD.

RE: Good
By torpor on 4/5/2011 4:03:48 PM , Rating: 3
Just to highlight what this means:

Suppose you're sitting in a Starbucks listening to pandora on your phone. WiFi is off, because you don't like the power drain or using unsecured networks.

Pandora has the power to turn on WiFi, switch to the available unsecured network, set an appointment on your calendar and push an invite to your entire contact list, which it can then spam. Then turn off the WiFi connection and revert back to the cell signal. All without telling you it did so.

Still like it?

RE: Good
By tim851 on 4/5/2011 11:01:31 AM , Rating: 3
When you install Pandora on Android, you are told it wants access to your contacts. (...) If you're fine with it, go ahead.

Are your contacts fine with it too?

RE: Good
By The Raven on 4/5/2011 2:12:06 PM , Rating: 2
Very good point. This is why social networking is something that should be looked at with the same caution as picking out a daycare provider.

The appalling thing is that people don't care just so long as they can compare high scores with their friends. But really it isn't even on the radar for some people.

Legislation I would get behind will require education on personal responsibility. Why is that not taught in K-12 and beyond?

We could reduce the size of gov't tremendously if we did.

RE: Good
By NicodemusMM on 4/5/2011 4:59:46 PM , Rating: 2
I think you answered your own question...

Q.) Why is that [personal responsibility] not taught in K-12 and beyond?

A.) We could reduce the size of gov't tremendously if we did.

RE: Good
By FITCamaro on 4/5/2011 10:49:55 PM , Rating: 2
Maybe thats why you shouldn't have people you don't trust in your contacts.

RE: Good
By Calin on 4/8/2011 9:16:25 AM , Rating: 2
You mean people that you don't trust shouldn't have you in their contacts?

By bug77 on 4/5/2011 9:25:40 AM , Rating: 2
Isn't Apple screening everything precisely for these reasons? And if not, why are they screening?

RE: Impossible
By Ristogod on 4/5/2011 9:28:14 AM , Rating: 2
I doubt it very much. Apple doesn't take the topic of security and privacy serious at all.

RE: Impossible
By Landiepete on 4/5/2011 9:55:28 AM , Rating: 3
Yes they do. Extremely so. Theirs. Not yours.

RE: Impossible
By metaltoiletry on 4/5/2011 9:38:25 AM , Rating: 3
They screen apps for political correctness and whether the app is functional/stable.

RE: Impossible
By bug77 on 4/5/2011 10:17:09 AM , Rating: 2
Again, impossible. DT is littered with posts decrying the state of Android ecosystem and telling us how much better iOS is because Apple screens apps for them.

I wonder if it took Apple more than year to figure out whether Google Voice is PC or whether it is functional/stable.

"The whole principle [of censorship] is wrong. It's like demanding that grown men live on skim milk because the baby can't have steak." -- Robert Heinlein

Copyright 2016 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki