SilverPush Apps Must Get Permission in US -

SilverPush Apps Must Get Permission in US

Ray Walsh

Ray Walsh

March 21, 2016

A type of software called SilverPush that snoops into user’s preferences has been told that it will not be able to operate in the US by the US Federal Trade Commission (FTC). Amazingly, this is the second time (in as many weeks) that a US Federal Commission has criticized corporate snooping: A pro-privacy stance that would make you forgiven for thinking that the US actually cares about its citizens privacy.

According to FTC, SilverPush simply isn’t compatible with current US laws. So what does the software do that is causing the criticism? The answer is that it listens for – and receives – high frequency ‘ultrasonic’ signals that are covertly played in Television, radio, and online advertisements.

The objective of the audio beacons being to allow companies to know when consumers saw an advert: Real-time TV marketing data (corporate wiretapping) that allows advertisers to build up a better profile about consumers.  If for example, you watch an online video about DIY (featuring an advert that has a SilverPush frequency hidden in it) then those app developers will inform the advertising companies about your interest.

Commenting on its concerns with the SilverPush software – that it found hidden in some apps on the Google Play store – FTC consumer protection bureau director Jessica Rich said the following,

‘These apps were capable of listening in the background and collecting information about consumers without notifying them. Companies should tell people what information is collected, how it is collected, and who it’s shared with.’

So far, the FTC has uncovered the covert software hidden in apps designed by 12 different developers for Android. Those app makers have received letters informing them that because consumers are not made aware of the spyware they are acting illegally, and must ask permission from US consumers before using device microphone to register the ultrasonic frequency.

Similarly, last week the Federal Communications Commission proposed new legislation that would put control parameters on how the data that ISPs collect from consumers can be used. Banning them, for example, from selling it on to third parties without the consumer’s direct permission.

Sadly, despite the clearly positive nature of what both the FTC and FCC are calling for,  it is important not to forget that citizens are already being monitored – with granted permission – here there and everywhere.

Not just SilverPush is spying

Facebook has been proven to have passive listening in its Android app, which means that it too can spy on users via the onboard microphone on their device. Google+ also harvests data for selling on to third party advertisers. Even more worryingly, Microsoft, Google, Yahoo, PalTalk, YouTube, Skype, AOL, and Apple have been singled out in the past for their involvement with collaborating with the NSA’s PRISM program. In other words, SilverPush is just another way that companies are performing this type of invasive privacy

Amazon Echo is another prime example. It is a 20-centimeter cylinder that (like Cortana and Siri) reacts to voice commands to provide consumers with information. Echo is brought to life with the voice command ‘Alexa’, and speaks its responses in a soothing female voice. The only problem is that it too can use that information to better serve adverts to users.

In one case, a 16-year-old from Washington – who is said to have been an avid sharer of her habits prior to having an Echo in her home – actually took the device off the living room wall and hid it somewhere that her mother (reportedly) has not been able to find. Why? The 16-year-old had become convinced that the family home was being spied on by the machine – at times other than when it was supposed to.

That is problematic because Amazon’s innovative $180 device is only meant to listen when activated by the ‘Alexa’ voice command. Worryingly, however, even the Guardian’s Rory Carroll has admitted that when he tested the device in his home, he was served adverts for nappies after having a conversation about babies with his wife. Carroll does acknowledge that it is possible that there was some other digital footprint that led to the targeted advertising – but is also willing to say that the advert seemed to appear after that conversation – creepy to say the least.

On their own, those experiences can be put down to paranoia, or an over analysis of Echo and its abilities. Put together, however; we begin to assimilate corroborating evidence that something might be going on that the consumer isn’t directly aware of. Of course, nobody is forcing us to buy Amazon’s Echo or Samsung’s Smart TV; which concedes in its privacy policy that,

‘If your spoken words include personal or other sensitive information, that information will be among the data captured and transmitted to a third party.’

It is not just Samsung’s TV either, Vizio’s Smart TV also ships with spying as default and must be physically turned off to stop it from telling advertisers both the consumer’s IP address and the preferences that it has managed to ascertain. The distinction, then, is that SilverPush – unlike other corporate spying programs – has not directly informed users that their microphone is being used to spy on them; and it must.

What does it all mean?

Whenever consumers buy an Internet of Things product (that has a listening feature), they must remember that it is likely to be covertly spying on them by default. That is because it has their permission to do so, and has informed them that it would do so in the documentation that it shipped with. In some cases (as is the case with the Vizio smart TV), that feature can be switched off. On other occasions, consumers are stuck with it.

When it comes to SilverPush, sadly, all that app designers will have to do is add a clause to the download agreement that informs users about the feature. In that way, the app will comply with US laws and be allowed to spy on consumers freely.

Just like with fine print, though, the majority of users are likely to miss the specifics of the SilverPush feature and click through without ever viewing the licensing agreement. Meaning that they will be easily coerced into giving away their privacy – legally – and without the possibility of repercussions.

If you are interested in finding out if any apps on your phone have SilverPush, or want to know how to block SilverPush… visit here.