Apple is facing two class-action lawsuits alleging that its iPhone and iPad tablet transmit private user information to advertising networks, without first obtaining permission from affected consumers.
The suits, both filed in California, contend that iPhones and iPads use so-called Unique Device Identifiers (UDIDs) to transmit consumer data to advertisers. UDIDs are 40-digit strings used to identify particular devices. Unlike cookies, UDIDs cannot be deleted or modified by users.
According to the suits, UDIDs are used to record which applications (or “apps”) are downloaded, as well as the length and frequency with which they are used.
Jonathan Lalo, a Los Angeles County resident who is one of the suits' lead plaintiffs, “did not expect, receive notice of, or consent to Defendants' tracking of his iPhone app use and did not want Defendants to engage in such activity,” according to his complaint.
Along with Apple itself, the suits target the makers of several popular apps, including The Weather Channel; Dictionary.com; Pandora, an internet radio service provider; textPlus 4, a messaging app; and the creators of the games Talking Tom Cat, Paper Toss, Pumpkin Maker and Pimple Popper Lite.
Age, gender, location transmitted, plaintiffs say
The suits contend that Apple and the subject app developers were selling users' age, gender and location to advertisers. Additionally, Lalo's suit says, “some apps are also selling additional information to ad networks, including users’ ... income, ethnicity, sexual orientation and political views.”
The suits follow a report by The Wall Street Journal chronicling privacy breaches by Apple and Android devices. That report, published December 17, found that “56 [of 101 apps examined] transmitted the phone's unique device ID to other companies without users' awareness or consent. Forty-seven apps transmitted the phone's location in some way. Five sent age, gender and other personal details to outsiders.”
The Journal found that iPhone apps transmitted more data than Android apps, although it cautioned that the relatively small sample size might not accurately reflect “the hundreds of thousands of apps available.”
Lalo's attorney, KamberLaw partner Dave Stampley, told CNN that he “think[s] it was through the Journal” that Lalo discovered that his privacy rights had been violated.
Not the first, won't be the last
Privacy concerns are paramount in the digital age, and suits like Lalo's are likely to multiply as consumers struggle to maintain some modicum of confidentiality while still taking advantage of social networking and online interaction.
High-profile allegations within the past year alone include that Gmail uses private e-mail messages to tailor ads to users' interests; that the Google toolbar sends Google “the address of every web page viewed by the user, along with information that identified the individual user”; and, in striking similarity to the claims made in Lalo's suit, that Facebook applications send personal information to advertisers.
“In the world of mobile, there is no anonymity,” Michael Becker, of the trade group Mobile Marketing Association, told the Journal. These days, Becker said, a phone is “always with us. It's always on.”
The plaintiffs in both suits seek to represent a nationwide class of affected consumers. The suits seek monetary damages, as well as an injunction preventing further data transmission and the deletion of data already sent.