What’s yours is mined

Share This Page

It’s one of those “All I Really Need to Know I Learned in Kindergarten” principles: Don’t use someone’s stuff without their permission. Back then, the rule applied to crayons and cupcakes. A case announced by the FTC and New Jersey AG against the marketers of a free mobile app called Prized proves that it applies to smartphones, too. And you’re not going to believe what the defendants were using people’s phones to do.

The marketers of the Prized app promised people points for playing games, taking surveys, and downloading other apps. Consumers were told they could redeem those points for clothes, accessories, and gift cards. But what was really going on? The app uploaded malicious code onto people’s mobile devices so the defendants could use the phones’ computing resources to help mine virtual currencies like Litecoin, Dogecoin, and Quarkcoin – for the defendants’ benefit, of course.

The injury to consumers was apparent. The behind-the-scenes mining drained many people’s data plans, sapped battery power, and caused their devices to charge slowly. Add to that the time and aggravation it took to remove the malware. The defendants inflicted that on users despite an express promise in the app’s terms of use that “any computer software code and/or advertising tags loaded on an end users’ device by Prized are and will be free of malware, spyware, time bombs, and viruses.” Oh, and did we mention that many consumers didn’t even get the promised prizes?

The complaint charged that the "free of malware" statement in the terms of use was false, in violation of the FTC Act. It also constituted a misrepresentation, false promise, or omission of material fact under the New Jersey Consumer Fraud Act.

In addition, the FTC alleged that infecting and taking control of consumers’ devices was an unfair practice. New Jersey challenged those actions as “unconscionable commercial practices.”

The settlement, which names Ohio-based Equiliv Investments and Ryan Ramminger, prohibits material misrepresentations in connection with the marketing or sale of mobile apps or software, and bans software that damages or disables people’s devices or accesses them without authorization. Using people’s devices to mine for virtual currency? The order prohibits that, of course. The settlement with New Jersey also includes a financial remedy.

What’s the message for other marketers? First, virtual currencies may be relatively new, but the unfair and deceptive practices alleged in the complaint are covered by the well-established standards of the FTC Act. Second, just because an app is free doesn’t mean marketers are free to mislead consumers. Third, consent to access a device for one purpose isn’t a “make yourself at home” invitation to use it for other purposes without consumers' approval.

Comments

Just as an officer must either ask the home owner for: permission to enter or get a warrant prior to entering their house for reasonable search. The same should go for malicious malware activities within the world of computational code and computer software. I find this to be a very personal issue as now valuable work time is affected from malware slowing down several devices, creating a barrier between me and my professional growth.

Add new comment

Comment Policy

Privacy Act Statement

It is your choice whether to submit a comment. If you do, you must create a user name, or we will not post your comment. The Federal Trade Commission Act authorizes this information collection for purposes of managing online comments. Comments and user names are part of the Federal Trade Commission’s (FTC) public records system (PDF), and user names also are part of the FTC’s computer user records system (PDF). We may routinely use these records as described in the FTC’s Privacy Act system notices. For more information on how the FTC handles information that we collect, please read our privacy policy.