Advertiser That Tracked Around 100M Phone Users Without Consent Pays $950,000

Mobile advertising firm InMobi will be paying a fine of $950,000 and revamp its services to resolve federal regulators' claims that it deceptively tracked locations of hundreds of millions of people, including children. Ars Technica reports:The US Federal Trade Commission alleged in a complaint filed Wednesday that Singapore-based InMobi undermined phone users' ability to make informed decisions about the collection of their location information. While InMobi claimed that its software collected geographical whereabouts only when end users provided opt-in consent, the software in fact used nearby Wi-Fi signals to infer locations when permission wasn't given, FTC officials alleged. InMobi then archived the location information and used it to push targeted advertisements to individual phone users. Specifically, the FTC alleged, InMobi collected nearby basic service set identification addresses, which act as unique serial numbers for wireless access points. The company, which thousands of Android and iOS app makers use to deliver ads to end users, then fed each BSSID into a "geocorder" database to infer the phone user's latitude and longitude, even when an end user hadn't provided permission for location to be tracked through the phone's dedicated location feature.

Less than $0.01 per victim

[mrchaotica]

Nice to know the courts value our privacy so dearly!

Re:Less than $0.01 per victim

But if they somehow obtained, say, an MP3 track... THEN we can talk about damages.

Because obviously some random auto-tune recording carries far more judicial weight than your piddly personal information.

Re: Less than $0.01 per victim

I think the number of lawyers involved determines fines and awards. Lots of highly paid lawyers working those IP laws, not many fighting for consumer protection. Hell maybe this can set a precedent and the NSA can drop a few pennies into all our accounts!

Good ROI

[mfh]

$960k is peanuts for them.This worked out great. Enough to do it again once the dust settles.

Re:Good ROI

$960k is peanuts for them.This worked out great. Enough to do it again once the dust settles.

Maybe so, but I'd take it all!

If you have money and break the law

, you don't get to see/feel what happens when you drop the soap. It's about time these criminals did time.

The corporation didn't make the decision to illegally perform these actions, people did. Furthermore, they were very likely to be senior fuckwits. Enough is enough. Send them to jail as if they social engineered your personal details. Multiply that jail time by the number of people they affected. The board, the primary shareholders, and the management that enforced this need to be hauled in front of judges - now!

Suprise?

[BlackPignouf]

The phone OS is delivered by a huge ad company, it has GPS, a microphone, Wifi, a compass and Bluetooth.
What is surprising, exactly?
Anyone using Android and expecting to not be tracked by advertisers is a dumbass.

Re:Suprise?

[Anubis+IV]

Did you miss that it said "Android and iOS" in the summary? Mind you, I use and love iOS, but throwing Android under the bus as if this problem is unique to them makes no sense here.

Re:Suprise?

[MobileTatsu-NJG]

Google is an advertising company.

Re:Suprise?

Yeah, but this case is actively working against Google's interests and evading Apple's interests.

Google wants to be the all-knowing oracle that gets maximum return to actual advertisers without revealing how their all-seeing-vision works. The ultimate middle-man between advertisers and advertisees (more often known as "victims"). This specific advertiser is bypassing Google's part and collecting the data themselves, which makes Google upset.

Apple wants to be the omnipotent tyrant of the various iThingies. An advertiser bypassing their controls is an insult to their sovereignty.

Microsoft was unaffected because for the first time in forever, Microsoft has a product that isn't a market-leading target for malicious actors. This makes certain division leads struggle between euphoria and suicidal depression.

Re:Suprise?

[MobileTatsu-NJG]

Maybe, but the original point still stands: You're still unwise if you value privacy and prefer an Android phone.

Re:Suprise?

[The-Ixian]

Yay for Windows Phone!

Re:Suprise?

[Anubis+IV]

What of it? I agree that there's a greater concern about being tracked if you're on Android, but it's disingenuous to hold up this issue as evidence of that concern when Google's primary competitor (which, I'll repeat again, is my preferred platform) is suffering from the issue as well. The OP was dishing on Android as if this problem was unique to that platform, meanwhile the summary clearly indicates that iOS faces the exact same problem.

Re:Suprise?

[wardrich86]

And Apple is overpriced trash. Either way you lose... I can firewall and block a lot of shit on my Android, though.

Re:Suprise?

[whoever57]

The phone OS is delivered by a huge ad company, it has GPS, a microphone, Wifi, a compass and Bluetooth. What is surprising, exactly?

In the latest version of Android, you have fine-grained control of access by apps. The first time such an app starts, the system will ask you if you want to allow the app to access the microphone and can deny it.

Re:Suprise?

[BlackPignouf]

Sorry if I wasn't clear. I wasn't trying to say that Apple is any better. Just that tracking for ad purposes should be even more obvious on Android.

Re:Suprise?

[allo]

> You're still unwise if you value privacy and prefer an Android phone.
Only android lets you choose what really to share. iOS has some basic cynogenmod-like privacy system, but android with xprivacy lets you choose every detail of data to be shared with an app or not. Apple has only it's walled garden with some nice presents, but i warn you to look inside of each of the presents.

Per user?

[easyTree]

:D

Sorry - Im trying to apply the music-cartel logic.

Get back on topic!

[MobileTatsu-NJG]

Okay, nice story and all, but can we go back to talking about Apple's headphones? Clearly that's a rumor everybody wants to babble about.

Think of the children!

[Jamlad]

...deceptively tracked locations of hundreds of millions of people, including children.

Is the implication I'm meant to take from this statement that it's okay if they deceptively track the location of hundreds of millions of people as long as it excludes children?

Fucking proofreading...

It's "geocoder" not "geocorder."

The ineptitude of the new editors is at an all time high... Whipslash, what gives? Thought you all were great until these just terrible posts lately with large errors. Shouldn't you hire some actual nerds? As this is... news for nerds.

If you can't program, or do advanced maths, you probably shouldn't be an editor for Slashdot.

$950k is insultingly low.

[JustNiz]

100M users tracked? $950k is insultingly low.

Re:$950k is insultingly low.

[Actually,+I+do+RTFA]

That's a penny a user!

Re:$950k is insultingly low.

[JustNiz]

Exactly. Insultingly low.

Switch to Opera Mini

[ITRambo]

TO cut down on advertising I changed my default Android browser from Chrome to Opera Mini. Now, I see that move paid off in ways that one would not expect. InMobi should be prosecuted, not just fined. Such a pussy move by the regulators.

Other Side

I know it is unwelcome but I could see writing a very similar application. The API request for GPS location failed, fine give me the general location information the OS cobbles together. The general location API fails fine, tell me what network he was on and I will try and figure out if I have anyone else on that network so I can tell about where they are.

How is this really different than running geo-location on an IP to see where a visitor to your website is coming from? I find these types of regulations are too close to thought police for my comfort.

As a side note, reading the actual complaint it looks like most of it is closer to 'False Advertising'. Count (I) and (II) look to just say that since you said in API/Advertising that they had to turn on these permissions it implies that if they don't you can't do your geo-adds thing. That you can do some crippled version of this using WIFI signals shows that you lied. This part at least I can understand although it sounds like the FTC being a bit touchy. The last count (III) is just scary as hell as it implies that having the IP address of someone connecting to a child oriented website is virtually illegal unless they have parent consent. How do you get consent before someone connects to you I don't know.

Re:Other Side

[JohnFen]

I know it is unwelcome but I could see writing a very similar application. The API request for GPS location failed, fine give me the general location information the OS cobbles together

Why would you think it's OK to act in such a dishonest way as to intentionally bypass the express wishes of your users?

How is this really different than running geo-location on an IP to see where a visitor to your website is coming from?

It's a very, very different thing to geolocate an IP address someone is coming from vs snooping on what WiFi AP broadcasts the user's machine is seeing. For one very obvious thing, people can and do use tactics to ensure that the geolocation of the IP address will be incorrect.

I find these types of regulations are too close to thought police for my comfort.

How do regulations that try to ensure that customer's express wishes are honored count as "thought police"?

Too many companies have attitudes similar to what you're expressing here, which is a large part of why I cannot trust any apps, and firewall them off to ensure they don't phone home or talk to advertising networks.

Good thing I agreed to Google's

license agreement to track my every move across the globe!
So I guess Google is on the safe side with my consent.

Re:Good thing I agreed to Google's

[allo]

you know, you do not need to agree there? You can just skip the step.

It is time for wetworks teams.

Criminal prosecution of corporate crime won't happen anymore, so it is time to start keeping tally of who this fuckwits are and what crimes they signed off on, and when the threshold is met, make a spectacle of a few to remind them that the people can accede power, but they can also take away life when angered. The wealthy seem to have forgotten this.