Federal prosecutors in New Jersey are investigating whether certain smartphone applications illegally obain or transmit information about their users without proper disclosure.
The question is whether or not the app makers fully describe the type of data they collect and why exactly they need this information – such as location or the unique identifier of a phone.
Collecting information without alerting a user could violate federal computer-fraud law, putting many app makers at risk.
One of the better known apps under investigation is Pandora, which publicly disclosed the subpoena.
The company said it is “not a specific target of the investigation,” but believes multiple subpoenas have been issued “on an industry-wide basis to the publishers of numerous other smartphone applications.”
Indeed, the Wall Street Journal reported in December that a number of popular applications available in the Apple App Store and Android Market were transmitting information – including location-based data to advertisers.
Upon testing, the publication determined 56 out of 101 apps transmitted the phone’s unique device identifier, 47 apps relayed the phone’s location, while 5 of them sent a user’s age, gender and other personal data to third parties.
In addition, 47 of the apps didn’t include the proper privacy notifications alerting users they were transmitting personal data.
Perhaps not unexpectedly, Pandora’s iPhone and Android apps transmit information about the user’s age, gender, and location, as well as unique identifiers for the phone to advertising networks.
The subpoenas may not result in any legal action but Orin S. Kerr, a law professor at George Washington University said, “This is a big hammer if the government chooses to use it.”
Aside from the probe into the apps and app makers, several companies are involved in smartphone lawsuits from consumers alleging their privacy has been violated through transmission of personal information.
“Hopefully this will bring about a big change in the industry and make companies be more responsible in what data is being collected,” said Ginger McCall, an assistant director at privacy advocacy group Electronic Privacy Information Center.