Default Privacy Settings of Mobile App Draws FTC Scrutiny
On October 11, 2011, the FTC announced a settlement with Frostwire LLC, a peer-to-peer (“P2P”) file-sharing application (“app”) developer, and its Principal, over charges that the company publicly exposed its app users’ personal information without the users’ authorization, and misled users about the extent to which downloaded files would be shared with a P2P file-sharing network. The FTC claimed that Frostwire’s alleged actions were unfair and deceptive and violated the FTC Act. The 20-year settlement bars Frostwire and its Principal from making material misrepresentations about the file-sharing features of its apps, and from configuring its apps to cause inadvertent public sharing of users’ files. The settlement also requires that Frostwire provide users with clear and prominent disclosures that include information on how to disable the apps’ file-sharing features. Going forward, a violation of the settlement could expose the company and its Principal to up to $16,000 per violation.
Frostwire offers two free P2P file-sharing applications, including Frostwire Desktop for desktop and laptop computers, and Frostwire for Android for mobile devices that use Google’s Android operating system. Both apps enable users to share files ― including photos, videos, documents, and music ― with other users of the Gnutella P2P file-sharing network. According to the FTC Complaint, Frostwire configured the default settings on its Frostwire for the Android app so that, immediately upon installation, the app would publicly share personal files that were stored on the app users’ mobile device. The Commission also alleged that consumers who installed certain versions of the Frostwire Desktop app onto their computer were led to believe that files downloaded from the Gnutella network would not be shared unknowingly with other users of the P2P network.
This case marks the FTC’s third action against a mobile app developer in the past 60 days. In August 2011, the FTC announced a settlement with W3 Innovations over alleged violations of the Children’s Online Privacy Protection Act (“COPPA”), and, in September, the FTC announced a settlement with a marketer that claimed its mobile apps treated acne. These settlements reinforce statements made by the FTC earlier this year concerning its scrutiny of marketing and privacy practices associated with mobile apps. This latest settlement also further underscores that the FTC will hold app developers accountable when the app does not incorporate “privacy-by-design” features, and instead uses default settings that enable the app to share personal data with third parties without the consumer’s informed consent.