The US Federal Trade Commission has told 12 Android app developers to declare their use of an embedded tracker that uses a phone's microphone to detect inaudible sounds in TV ads.
In a letter to the unnamed developers, the regulator warns that failing to let consumers know when an app contains a cross-device tracker from Indian firm SilverPush could violate the FTC Act.
"This functionality is designed to run silently in the background, even while the user is not actively using the application," the FTC tells the developers in question.
"Using this technology, SilverPush could generate a detailed log of the television content viewed while a user's mobile phone was turned on."
The FTC installed the SilverPush-embedded apps yet received no disclosure about the audio-beacon tech.
"These apps were capable of listening in the background and collecting information about consumers without notifying them," Jessica Rich, director of the FTC's Bureau of Consumer Protection, said in a statement.
"Companies should tell people what information is collected, how it is collected, and who it's shared with."
SilverPush's SDK lets developers embed a feature in their own app, which enables it to listen out for the company's custom audio beacons, which are emitted from a TV ad or program and are inaudible to humans but can be detected by the software.
The US Center for Democracy and Technology (CDT) first raised concerns about SilverPush to the FTC last year in a submission about the privacy implications of cross-device tracking tech.
Such technology aims to link a person from one device to another. In SilverPush's case, it's meant to link a mobile user, social-media activity and TV.
It's not clear where the developers are located, although in November a SilverPush spokesperson told Forbes all its audio-beacon customers were in India. Previously it's boasted Proctor & Gamble as a customer.
The FTC warned that should SilverPush's tracker be used to monitor TV habits of US consumers without disclosing the fact, it could be illegal.
A pair of Dutch developers have documented 10 free Android apps that use SilverPush and which are currently available in Google Play.
More on security
- 'Metaphor' Stagefright exploit exposes millions of Android devices
- US government pushed tech firms to hand over source code
- Encrypted email service ProtonMail comes out of beta, unveils iOS and Android apps
- VMware patches severe XSS flaws in vRealize software
- Your iPhone almost certainly isn't infected with the AceDeceiver malware
- Terrorism focus serves government badly in crypto battles