Saturday, July 9, 2016

InMobi, Privacy, and Penalties

image credit: WDnet Agency, pexels.com
In 2015 I had written a series of articles on the e-commerce battle between Flipkart and Amazon, one of which focused on why companies are so obsessed with apps Mobile Apps: There’s Something (Profitable) About Your Privacy. Now it turns out that InMobi has agreed to pay a US$950,000 in civil penalties to "settle charges it violated federal law." InMobi is described by the US Federal Trade Commission complaint thus: "describes itself as the “world’s largest independent mobile advertising company.” In February 2015, Defendant reported its advertising network had reached over one billion unique mobile devices, with 19% of those devices located in North America, and had served 6 billion ad requests per day." According to the FTC complaint [bold emphasis mine], "Even if the consumer had restricted an application’s access to the location API, until December 2015, Defendant still tracked the consumer’s location and, in many instances, served geo-targeted ads, by collecting information about the WiFi networks that the consumer’s device connected to or that were in-range of the consumer’s device. "
Worse, since the InMobi SDK was used by third-party app developers to integrate within their apps and serve targeted ads to children, the FTC charged that InMobi had also violated the Children's Online Privacy Protection Act Rule (COPPA) of 1998. In my 2015 article I had written about other notable privacy violations: In 2012, before its IPO, JustDial’s app was removed from the Google Play Store. It was alleged that the updated version of the JustDial app had “started retrieving and storing the user’s entire phone book, without a warning or disclaimer.” Thereafter, JustDial’s mobile “Terms and Conditions” were updated to include the following line: “You hereby give your express consent to Justdial to access your contact list and/or address book for mobile phone numbers in order to provide and use the Service.” In 2013, US-based social networking app Path was caught as it “secretly copied all its users’ iPhone address books to its private servers.” Action was swift. The FTC investigated and reached a settlement with Path, which required “Path, Inc. to establish a comprehensive privacy program and to obtain independent privacy assessments every other year for the next 20 years. The company also will pay $800,000 to settle charges that it illegally collected personal information from children without their parents’ consent.” In the US, a person’s address book “is protected under the First Amendment.” When the controversy erupted, it was also reported that “A person’s contacts are so sensitive that Alec Ross, a senior adviser on innovation to Secretary of State Hillary Rodham Clinton, said the State Department was supporting the development of an application that would act as a “panic button” on a smartphone, enabling people to erase all contacts with one click if they are arrested during a protest.” Of course, politics is not without its dose of de-rigueur dose of irony. That dose was delivered in 2015 when it emerged that Hillary Clinton had maintained a private email account even as she was Secretary of State in the Barack Obama presidency and refused to turn over those emails. Privacy protection is an area that needs urgent attention from India's regulatory authorities. What the Indian telecom regulator, the Telecom Regulatory Authority of India, is doing remains a matter of speculation, unfortunately. Its flip-flops over the last one year on Net Neutrality do not inspire much confidence either. References:
This post first appeared in LinkedIn Pulse on June 23, 2016 (I have also cross-posted this to my other blog)
Screenshot of article on LinkedIn Pulse