Your headphones aren't spying on you, but your apps are

April 26, 2017 by David Glance, The Conversation
Bose headphones. Credit: Bose Corp Media

Lawyers in the U.S. are claiming that headphone and speaker company Bose, is secretly collecting information about what users listen to when they use its bluetooth wireless headphones.

Edelson, the lawyers acting on behalf of customer Kyle Zak of Illinois, claim that information about what Zak has been listening to through his Bose headphones was being collected without his knowledge or explicit consent every time he used a Bose companion mobile app called Bose Connect. The app allows customers to interact with the headphones, updating software and also managing which device is connected at any time with the headphones. If the headphones are being used to listen to something, details about what is being played will show up in the Connect App.

This information is then collected by Bose and sent to third parties, including companies like Segment, who facilitate the collection of data from web and mobile applications and make it available for further analysis.

The lawyers are contending that Bose's actions amount to illegal wire tapping and that the information being collected could reveal a great deal of personal information about customers. Allegedly, Kyle Zak would not have bought Bose headphones if he had known that this information would be collected and he further claims that he never gave his consent for this information to be collected.

Bose has denied the allegations and pointed to the privacy policy in the Connect App that is explicit about the fact that it collects de-identified data for Bose's use only and does not sell identified data for any purpose including "behavioral advertising". Bose also points out that what a customer listens to on the headphones is only visible to Bose if the customer is using the Connect App and has it open and running.

Given the app's limited functionality, it is really unclear why anyone would use the Connect App for this purpose on a continuous basis.

Most software uses tracking

The majority of apps installed on a phone will be collecting data about its usage and sending it back, de-identified, for analysis. This data may well be aggregated without giving any detail about any individual user. So, it would not be possible for example to say whether people who use an app every day are more likely to use particular features. Of course, some companies do collect this level of detail.

So what is this tracking data used for?

Developers use this information to track a range of things including statistics about usage of the app. Companies usually track how many daily and monthly active users they have and how many users stop using the app after opening for the first time.

Developers are also interested to find out if the app experiences problems, like crashes for example. They are also interested in what features of the app do customers use, what sequence did they use them and for how long.

A range of companies, including Apple and Google provide means of collecting anonymous statistics from users. The data is sent back to a server and made available for analysis. This type of tracking is very different from the tracking that is done for advertising purposes. In this case, information is collected that is identifiable and used to personalise ads to be delivered either directly through the app, or through other services.

Hidden privacy statements are not enough

Privacy statements for apps, websites and other software should make it clear, and before the user starts using the app, what information the software is collecting, who it will be shared with, and for what purposes. Most software however, does not do this. Companies simply skip showing a user the privacy statement and make reference to the fact that the statement can be accessed somewhere on a website or in the app, at a later time.

Another problem with a great number of privacy policies, is that they are written in legal language and do not make explicit what information is being collected and for what purpose.

It is not only the companies that treat privacy as an afterthought. Customers also struggle with understanding the basics of their rights to privacy and what a privacy statement actually does. In 2014, Pew Research found that 52% of Americans surveyed wrongly believed that simply having a privacy policy at all meant that companies kept confidential all the they collected on users.

In another survey, only 20% of users who read any part of a privacy policy felt they fully understood what they had read.

Ironically enough, the website of legal firm Edelson does not feature a clear link to its . Its privacy statement is buried in a "Disclaimer" which helpfully says: "PLEASE READ THE FOLLOWING TERMS OF SERVICES & LEGAL NOTICES ("THIS AGREEMENT") CAREFULLY BEFORE USING THE EDELSON.COM WEBSITE". Somewhat hard to do if you have to visit the site to get to it.

Privacy should be treated as a fundamental driver of design in software. This situation has been changing, especially as companies have focused on protecting customers' , not from the companies themselves, but from law enforcement agencies, secret services and the government in general. Perhaps also, the threat of legal action by companies like Edelson, will prove another incentive to do the right thing.

Explore further: Privacy concern raised over search service on Verizon phones

Related Stories

Montana joins others in effort to bolster internet privacy

April 3, 2017

States have started writing their own legislation to protect broadband privacy after Congress voted to repeal regulations that would have required internet providers to obtain their customers' consent before collecting their ...

Health apps and the sharing of information with third parties

March 8, 2016

In a study appearing in the March 8 issue of JAMA, Sarah R. Blenner, J.D., M.P.H., of the Illinois Institute of Technology Chicago-Kent College of Law, Chicago, and colleagues examined the privacy policies of Android diabetes ...

Finding an online advertising compromise

November 16, 2016

How can the internet balance targeted advertising with privacy concerns? A novel approach to targeted advertising would allow companies to offer users relevant advertisements without having to expend energy tracking and data ...

Privacy notices online probably don't match your expectations

June 2, 2015

Consumers often complain that online companies violate their privacy—but the problem may be with the consumers themselves. According to a new study in the Journal of Public Policy & Marketing, there can be a big discrepancy ...

Senator calls for smartphone app privacy policies

May 25, 2011

(AP) -- A key member of the Senate Judiciary Committee is challenging Apple Inc. and Google Inc. to require all developers that make apps for their mobile devices to adopt formal privacy policies.

Recommended for you

What can snakes teach us about engineering friction?

May 21, 2018

If you want to know how to make a sneaker with better traction, just ask a snake. That's the theory driving the research of Hisham Abdel-Aal, Ph.D., an associate teaching professor from Drexel University's College of Engineering ...

Flexible, highly efficient multimodal energy harvesting

May 21, 2018

A 10-fold increase in the ability to harvest mechanical and thermal energy over standard piezoelectric composites may be possible using a piezoelectric ceramic foam supported by a flexible polymer support, according to Penn ...

2 comments

Adjust slider to filter visible comments by rank

Display comments: newest first

rderkis
Apr 26, 2017
This comment has been removed by a moderator.
antialias_physorg
5 / 5 (1) Apr 26, 2017
Oh NO! Not spying on us. How dreadful. :-)

You really have no clue how badly even the most innocent type of information can be used against you, do you?
Well...you'll learn eventually. The hard way.

Please sign in to add a comment. Registration is free, and takes less than a minute. Read more

Click here to reset your password.
Sign in to get notified via email when new comments are made.