The Wall Street Journal reports that online music provider Pandora has been subpoenaed in a grand jury investigation of information sharing linked to its smartphone application. This is apparently part of a much larger investigation into the abuse of app capabilities, in which companies are using their apps to access information about users in order to send the information to other companies:
The Journal tested 101 apps and found that 56 transmitted the phone's unique device identifier to other companies without users' awareness or consent. Forty-seven apps transmitted the phone's location in some way. Five sent a user's age, gender and other personal details to outsiders. At the time they were tested, 45 apps didn't provide privacy policies on their websites or inside the apps.
In Pandora's case, both the Android and iPhone versions of its app transmitted information about a user's age, gender, and location, as well as unique identifiers for the phone, to various advertising networks. Pandora gathers the age and gender information when a user registers for the service.
Legal experts said the probe is significant because it involves potentially criminal charges that could be applicable to numerous companies. Federal criminal probes of companies for online privacy violations are rare.
App companies who gather and distribute information related to their users would be in violation of the Computer Fraud and Abuse Act, the Journal reports. Given the proliferation of smartphones and the information they hold (including the phone-holder’s exact location), it would not be surprising to learn that companies are using their apps to profit from sharing customer information with advertisers and others.