App Developers Warned: You Need To Tell Consumers First If You’re Going To Eavesdrop

Your phone has a microphone, and it listens — but not just when you’re making a call or practicing a second language on purpose. It listens whenever an app tells it to, and to whatever happens to be around you for it to hear. And if an app does that without telling you first, it could be in hot water with the Federal Trade Commission.

The FTC today issued warnings to a dozen Android app developers who currently have apps on the Google Play market that use code known as “Silverpush.”

Silverpush is an audio beacon tech: it runs in the background, whether or not you’ve launched the app it’s in, to “listen” for certain tones embedded in TV programming and advertising.

Silverpush is not the only listening tech, of course nor is all listening in necessarily underhanded. Smart TVs, for example, have to listen in order to obey voice commands — as do peripheral devices like a gaming console or an Amazon Echo. Plenty of reputable third-party firms also use audio tech in order to, for example, try to gather Netflix ratings.

But the audio beacon is a little more insidious. That’s a tone embedded in certain programming that you can’t hear and will never know is there… but certain apps can “hear,” interpret, and send on back to their respective motherships. And because it’s on a mobile device, it’s connected to all the other data that can be gleaned from your phone: what apps you have, what apps you’re running, your location, your browsing history, your device type and network, and all the rest.

That’s valuable data for advertisers, who can then get a very narrow and detailed picture not only of who’s watching but also, paired with other data, who’s buying what they’re selling.

As far as the FTC is concerned, though, the main problem is disclosure. It would be one thing for an app to tell you it enables you microphone and listens for secret audio tones in the room. Then you, the consumer, could make an informed decision whether or not to install that app on your phone.

The letters (PDF) clearly state that the apps in question fail to disclose the presence of the Silverpush code, saying, “Upon downloading and installing your mobile application … we received no disclosures about the included audio beacon functionality — either contextually as part of the setup flow, in a dedicated standalone privacy policy, or anywhere else.”

They’re not too upset at the moment, because currently there are no audio beacons in use in the U.S. for Silverpush to report back on. However, the FTC says, if there ever should be, then listening in on them this way without disclosing it would be super duper illegal — or, at least, “a violation of the Federal Trade Commission Act.”

“These apps were capable of listening in the background and collecting information about consumers without notifying them,” Jessica Rich, Director of the FTC’s Bureau of Consumer Protection, said in a statement. “Companies should tell people what information is collected, how it is collected, and who it’s shared with.”