BBB National Programs Archive
WiFi Dreaming: App Publishers Amend Privacy Practices
Arlington, VA – October 24, 2019 – The Digital Advertising Accountability Program released the results of two reviews of popular mobile apps that allowed ad tech companies to collect device and behavioral data from their users without first meeting industry privacy standards. Both companies, WiFi Map LLC and Ipnos Software Inc., eagerly adopted the Accountability Program’s recommendations and came into compliance with the Digital Advertising Alliance’s Self-Regulatory Principles.
The BBB National Programs’ Accountability Program examines popular mobile apps for compliance with the DAA Principles, which chiefly focus on providing extra insight into and options about targeted online ads. In the course of its monitoring efforts, the consumer privacy program developed concerns with WiFi Map and Ipnos’s Relax Melodies.
“These app publishers obviously care a lot about their apps, and they want to do the right thing for their users. But in both cases, we noticed that some privacy issues had made it out of development and into production,” said Jon Brescia, VP of the Accountability Program. “Once we got in touch, both Ipnos and WiFi Map really demonstrated that they were highly responsible and user-focused, and they implemented all of our recommendations in record time.”
Don’t Doze on Data Privacy
Ipnos is a Canadian wellness app developer whose products focus on healthful activities like meditation, relaxation, and improving sleep. While examining Ipnos’s app, Relax Melodies, the Accountability Program found ad tech companies collecting unique IDs to facilitate ad targeting. But the app lacked up-front, or “enhanced,” notice of this fact, and its privacy disclosures didn’t explain how consumers could opt out of targeted ads. Consequently, the Accountability Program reached out to Ipnos with questions about its observations.
Ipnos’s case demonstrates the global interoperability of the DAA Principles, expressed in this instance by a Canadian company—subject to Canadian privacy laws—adopting the best practices embodied in this code. This is further proof that the core concepts of transparency and choice can be applied to across national barriers, adapting to the new regulatory contours presented by each jurisdiction.
Maps & Legends
Today’s second case concerns the mobile hotspot crowdsourcing app WiFi Map, produced by a company of the same name. The Accountability Program discovered online ad companies collecting device IDs and extremely precise geospatial coordinates through the app. The app did the responsible thing and asked for users to provide consent for the collection of the location data, but the disclosure never mentioned that third parties might get the data for ad purposes. WiFi Map’s privacy disclosures also did not describe an easy-to-use mobile opt-tool, and the company did not provide any enhanced notice links for IBA or location data collection. After learning of these issues, WiFi Map quickly worked with the Accountability Program to remedy them by:
- Updating its notices to provide consumer opt-out tools
- Engineering a patch to its mobile app to provide users with robust up-front disclosures, specifically including ad partners’ use of location data for IBA
These changes more than eliminated the Accountability Program’s concerns and brought WiFi Map into full compliance with the DAA Principles.
If the Accountability Program’s 107 prior actions weren’t enough of an indication, today’s cases—the 14th so far this year—demonstrate that this privacy enforcer is always combing the internet for compliance concerns.
Companies would do well to review their privacy policies and practices—particularly around sensitive data like location—and to reach out to the Accountability Program before it contacts you.