App with 10 million downloads asks for mic and GPS permissions to catch scofflaws. If ever there were a case for rejecting requested device permissions, its made by an Android app with more than 10 million downloads from Google Play. The official app for the Spanish soccer league La Liga was recently updated to seek access to users microphone and GPS settings. When granted, the app processes audio snippets in an attempt to identify public venues that broadcast soccer games without a license. According to a statement issued by La Liga officials, the functionality was added last Friday and is enabled only after users click yes to an Android dialog asking if the app can access the mic and geolocation of the device. The statement says the audio is used solely to identify establishments that broadcast games without a license and that the app takes special precautions to prevent it from spying on end users. According to the statement, which was translated by Google: La Liga has implemented appropriate technical measures to protect the user's privacy if you authorize us to use this functionality. Here are the following measures: Without more details and a technical analysis of the app, its hard to evaluate the claims about collected audio being converted to a binary format that cant be converted back into sound. That alone should be enough reason for users to reject this permission. But even if the app uses a cryptographic hash or some other means to ensure that stored or transmitted audio fragments cant be abused by company insiders or hackers (a major hypothetical), there are reasons users should reject this permission. For one, allowing an app to collect the IP address, unique app ID, binary representation of audio, and the time that the audio was converted could provide a fair amount of information over time about a user. For another, end users frequenting local bars and restaurants shouldnt be put in the position of policing the copyrights of sports leagues, particularly with an app that uses processed audio from their omnipresent phone. A Google spokesman didnt have a comment on the app other than to refer to this policy, which is binding on all apps available in the Play marketplace. Among other things, the policy requires that apps prominently disclose any collection of personal or sensitive user data. Such apps must also present a consent dialog in a clear and unambiguous way. The policy also bars deceptive behavior. If the La Liga app does what league officials say, its probably complying with Google terms. Fortunately, those terms require that the app provides a consent dialogue. That puts the onus on users to choose no.
If youve ever found yourself wondering why an app is requesting microphone access when there doesnt seem to be any logical reason why it should need to snoop on the sounds from your surroundings, hold that thought — and take a closer look at the T&Cs. Because it might turn out that spying is exactly what the app makers have in mind. To wit: La Liga, an app for fans of Spanish soccer which has been discovered using microphone access combined with the precise GPS location of Android users to listen in on peoples surroundings during match times — in a bid to catch bars that might not have a license to broadcast the match being watched. As surveillance capitalism goes, its a fiendishly creative repurposing of your users as, well, unwitting volunteer spies and snitches. Its also of course terrible human behavior. Behavior that has now garnered La Liga a bunch of one-star reviews for the Android app — along the lines of this app converts you into a police whistler without you noticing! and it spies on you via the microphone and GPS. Rubbish. Dont install. The snitch feature appears to have surfaced largely as a result of the European Unions new data protection framework, GDPR — which requires app makers to explain more precisely what exactly theyre doing with peoples data. Ergo, La Ligo users started noticing what the app wanted to do and discussing and denouncing it on social media, where it blew up into a trending topic, as El Pais reports. In a statement on its website responding to the snitch scandal, the league defends its actions writing that it has a responsibility to protect the clubs and their fans from unlicensed broadcasts being made in public places, claiming that such activity results in the loss of an estimated €150M annually from the league. It also specifies that the feature is only deployed in its Android app — and claims it has apparently only been active since June 8. It also says its only used within Spain. La Liga further claims the spying functionality is used solely for the purpose of detecting unlicensed broadcasts of soccer matches. (According to its explanation of how it works, captured audio is converted locally into an irreversible binary code — and it claims the content of the recording will never be accessed.) A further technical measure implemented to limit how the feature can be used means La Liga only activates the microphone and geolocation of its app users mobile devices during time slots of matches in which its teams compete. So, tl;dr, the league is only spying on you to a timetable. It also defends itself by claiming information about the spy and snitch function is provided to users in a transparent manner and people are specifically asked for their consent and can choose not to allow it or to revoke it at any time. Although, the apps description on the Google Play store does not include among several listed features — such as live minute-by-minute commentary and schedules, scores, standings and real-time notifications and alerts right from kick-off — turning on your microphone to snoop on your surroundings during match times… Funny that. According to Google Play store stats the La Liga app has had more than 10M downloads to date.