An Indian-based multinational mobile advertising company, Inmobi, has agreed to pay a fine of $950,000 to the United States Federal Trade Commission (FTC) for using Wi-Fi signals to secretly track phone users in the country, obtaining their locations for adverts on their mobile phones.
InMobi was founded in 2007. The company has financial support from the Japanese telecommunications giant, Softbank, and the American venture capital firm, Kleiner Perkins Caufield & Byers. In 2013, InMobi won a spot in MIT Technology Review’s 50 most disruptive companies of the year.
In a civil lawsuit filed on June 22, 2016, at a District Court in San Francisco, California, FTC alleged that InMobi undermined mobile phone users’ ability to make informed decisions about the collection of their location information.
According to the lawsuit, InMobi’s software used nearby Wi-Fi signals to infer locations when permission was not given. The company then archived the location information and used it to push targeted advertisements to individual phone users.
Also, InMobi collected nearby basic service set identification addresses, which act as unique serial numbers for wireless access points. The company, which thousands of Android and iOS app makers use to deliver ads to end users, then fed each BSSID into a “geocorder” database to infer the phone user’s latitude and longitude; even when an end user had not provided permission for location to be tracked through the phone’s dedicated location feature, Arts Technica reports.
Arts Technica quoted part of the lawsuit as saying:
“In fact, defendant collected and used BSSID and other Wi-Fi network information to track the consumer’s location and serve geo-targeted ads regardless of the application developer’s intent to include geo-targeted ads, and regardless of the consumer’s location settings.”
According to the FTC, the InMobi advertising network has reached more than one billion devices worldwide through thousands of popular apps integrating the InMobi code.
The FTC said it acted swiftly to bring the lawsuit against InMobi. Many of the third-party app makers have revealed that their software was designed for children, many under the age of 13. The FTC claimed this makes the locations collection a violation of the Children’s Online Privacy Protection Act.
“Collectively, hundreds of millions of consumers have downloaded the thousands of child-directed applications from which defendant collected and used personal information. Defendant collected such personal information each time an application made an ad request to their network—typically every 30 seconds when an application is in use,” the lawsuit said.
InMobi maintained that its software collected geographical whereabouts of users, but only when the users provided opt-in consent. However, the company agreed to enter into a settlement with the FTC in order to end the case.
The company has therefore agreed to pay a civil penalty of $950,000 and delete all information it collected from children and adults who did not give consent. The FTC requested for a $4 million civil penalty, but the amount was reduced to $950,000, due to InMobi’s current financial condition.
The settlement also requires InMobi to implement a comprehensive privacy program that will be independently audited every two years for the next 20 years.
From what transpired in court, privacy advocates recommended that users turn off their Wi-Fi receivers in their mobile devices if connection is not needed. Because, by leaving it on, it can be used by both access point operators and ad networks tracking the comings and goings of user’s mobile devices, which can result in more damage than what InMobi has done.
Story by Amando Flavio, Anonhq. ‘Mobile Advertising Company Fined $950,000 For Using WI-FI Signals To Secretly Track Phone Users’ Story Available [Here].