Look out, Android users — apps on your phone might be spying on you.
The Federal Trade Commission yesterday (March 17) said it had emailed warning letters to 12 unnamed Android app developers who allegedly impregnated their apps with SilverPush — a program that uses a handset's microphone to listen to background noise to keep track of the television and radio ads it hears — without notifying users.
"The software would be capable of producing a detailed log of the television content viewed while a user's mobile device was turned on," an FTC press release about the letters said. "Nowhere do the apps in question provide notice that the app could monitor television-viewing habits, even if the app is not in use."
SilverPush, which is developed by an Indian company, first came to the public's attention in November 2015 when the Center for Democracy and Technology, a Washington, D.C. advocacy group, sent the FTC an open letter about "cross-device" tracking of consumers for marketing purposes. The CDT called SilverPush the "industry leader" of cross-device tracking.
"When a user encounters a SilverPush advertiser on the Web, the advertiser drops a cookie on the computer while also playing an ultrasonic audio [signal] through the use of the speakers on the computer or device," the CDT letter stated. "The inaudible code is recognized and received on the other smart device [such as a smartphone] by the software development kit installed on it."
"SilverPush also embeds audio beacon signals into TV commercials," the CDT said." The audio beacon enables companies like SilverPush to know which ads the user saw, how long the user watched the ad before changing the channel, which kind of smart devices the individual uses, along with other information that adds to the profile of each user that is linked across devices."
Such practices are not illegal if the user is notified that such tracking is in use, but the FTC's letter warns the app developers that they're not complying with notification requirements. The Android apps in question ask the user for permission to use the device's microphone upon installation, but without stating what the microphone would be used for.
"If your application enabled third parties to monitor television-viewing habits of U.S. consumers and your statements or user interface stated or implied otherwise," the letter warns, "this could constitute a violation of the Federal Trade Commission Act."
Violations of the FTC Act could lead to criminal or civil charges.
The FTC noted that SilverPush has said that its audio beacons are not yet in use in the United States. Curious users can get an idea of how those beacons work by installing the company's Beacon Demo App, available in the Google Play Store.
Get the BEST of Tom’s Guide daily right in your inbox: Sign up now!
Upgrade your life with the Tom’s Guide newsletter. Subscribe now for a daily dose of the biggest tech news, lifestyle hacks and hottest deals. Elevate your everyday with our curated analysis and be the first to know about cutting-edge gadgets.
Paul Wagenseil is a senior editor at Tom's Guide focused on security and privacy. He has also been a dishwasher, fry cook, long-haul driver, code monkey and video editor. He's been rooting around in the information-security space for more than 15 years at FoxNews.com, SecurityNewsDaily, TechNewsDaily and Tom's Guide, has presented talks at the ShmooCon, DerbyCon and BSides Las Vegas hacker conferences, shown up in random TV news spots and even moderated a panel discussion at the CEDIA home-technology conference. You can follow his rants on Twitter at @snd_wagenseil.