Popular Spanish Soccer Mobile App Has Been Turning Users Into Piracy-Spotters Via Mobile Devices
from the unwitting-spy-network dept
As readers here will already know, the GDPR is now in full swing in Europe, with all of its crippling and stupid regulation in the name of personal privacy. It's a hilariously overly broad law that has had the happy coincidental effect of forcing companies that store personal data to at least be more upfront about how they are using that data. This effect has caused some to embrace the GDPR as wholly good, which is exactly the wrong conclusion to draw. Instead, the GDPR swings way too far in the direction of users controlling their personal data mostly by reaching way too far and keeping its language as vague and broad as possible, something that is already causing chaos in the digital marketplace.
And, yet, it cannot be ignored that the revelations of just how users' data are being abused by some bad actors keep coming. The latest of these concerns the mobile app for La Liga, Spain's most popular soccer league. La Liga recently revealed, having its hand forced by the GDPR, that users of its mobile app were unwittingly part of La Liga's spy network for uncovering unauthorized broadcasts of soccer matches at public venues.
The La Liga app, which is the official streaming app for Spain’s most popular football league, has reportedly been using the microphones on fans’ phones to root out unauthorized broadcasts of matches in public venues like bars and restaurants.
It sounds exactly like the kind of surveillance people are afraid of when it comes to modern technology, but as is often the case, the La Liga app technically asks users in Spain for permission to access their mics, according to Spanish Website El Diario.
Technically, yes, except that this request is buried in the fine print of an opt-in request the app makes for user permissions that nobody ever reads. One need only review the horror of many users of the app at this news to understand that many (most? all?) of the app's users had absolutely no idea that they were serving a soccer league's attempt at ratting out their favorite watering holes and restaurants. It also appears that this technique has been in place for years, and La Liga only drew recent attention to it due to the GDPR being enacted.
La Liga has pushed back on the concerns of its users and the press coverage, stating that it doesn't retain any of this data locally and that it converts the recordings into pure code, which is something of a non-sequitor. Either the data gathered is useful because it combines GPS data and audio recordings in a way that can pinpoint where a user is and what is on the television screens there... or it isn't. Whatever the technical specifics, the end result is a soccer league peeking in on soccer fans as they watch matches, with most of those fans having no idea that this was occurring at all.
Again, the GDPR is not a solution to this problem. For proof of that, you can note that La Liga says in its statements that everything here is above board. This has far more to do with just how much important privacy-implicating notifications are buried in fine print that goes unread by the masses.
Why anyone would download the La Liga app in the future would be a mystery to me.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: copyright, fotball, gdpr, la liga, privacy, spain, spying
Companies: la liga
Reader Comments
Subscribe: RSS
View by: Time | Thread
I think you mean Formerly Popular Spanish Soccer Mobile App.
[ link to this | view in chronology ]
Really, except for that one point, this story doesn't really seem to have much of anything to do with the GDPR. The law has its issues, but in this case I think you might be trying too hard to push a "GDPR bad" narrative.
[ link to this | view in chronology ]
That's a lot of whining about GDPR without substance. What, exactly, is your problem with GDPR? Do its cons outweigh its pros? Why or why not?
Or maybe keep the hyperbole out of future articles that have nothing to do with target of your complaint.
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re: Re:
[ link to this | view in chronology ]
Re: Re: Re:
[ link to this | view in chronology ]
Re: Re: Re:
You are right! You should NOT have to do research. Also you should not have to REPLY on a forum, impugn the article, or in any way kvetch about it.
Go bitch somewhere where it's acceptable to say "Couldn't be bothered to read it or to read about it or read anyone else's comments but here are my opinions."
E
[ link to this | view in chronology ]
Nobody ever reads
You don't have to "read" the request to simply hit the "don't allow" button. The picture in the article (though of an unrelated "Honey Quest" game) is straightforward, not "fine print". "Would Like to Access the Microphone"—why would anyone ever click OK to that if they're just trying to stream a game?
Of course, a good phone UI would show an indicator whenever the microphone is on, and allow you to tap it to revoke any permissions.
[ link to this | view in chronology ]
Re: Nobody ever reads
I dunno, maybe it supports voice commands. Just like apps ask for permission to access your photos and music. Makes sense if the game has a function to use your photos and music, or to save to those locations.
Now if the app said explicitly we want to use your microphone at any time for our own purposes to find illegal activity. I doubt anyone would agree.
[ link to this | view in chronology ]
Re: Re: Nobody ever reads
Maybe. Unless they've given a reasonable explanation like this ahead of time, people should say no.
It's still the wrong model to be using. Any app that wants to do this should have to register some "wake word" with a system framework, and only get access for a short time after it's heard—and users should be well aware when the app is receiving audio. If an audio-recording icon was visible the whole time, people would have noticed this.
They shouldn't need to be able to "access" photos to save them. As for viewing them, the powerbox design pattern is well established in capability-system literature.
[ link to this | view in chronology ]
Probably, they're trying to dodge allegations that this is recording and retaining human conversations. If they immediately convert it to just a note that the game's audio was detected, and store that + GPS, they have what they need for their claimed purpose of hunting down unauthorized rebroadcasts. It's still an abuse of trust, and depending on local wiretapping law might still be illegal for all the human conversations it captures while hunting for game audio, even if those conversations are not retained or used in any way. Wiretapping laws are not known for their reasonableness.
[ link to this | view in chronology ]
Used to be when I got an unsolicited robo-call I'd stick the phone in front of the speaker to keep it online as long as possible, in hopes of driving up their costs, while costing me zero effort. Unfortunately their software is too clever to fall for that any more.
[ link to this | view in chronology ]
Ahem.
I do recognize the GDPR has many flaws but it's good that at the very least it is unearthing the widespread bad practices going on. I hope they revisit the law to make it more sensible but it's hard to disagree that a more hard line approach wasn't needed.
And they say companies can police themselves and behave without govt regulations. Right.
[ link to this | view in chronology ]
Re:
For what? They kept it secret while allowed to, and disclosed it when legally required to.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
He was kinda right, but the anomaly was that they got caught doing it.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
So? You can't prevent "bad" stuff from happening by removing people's right to privacy.
Fuck you, Big Brother, I know you're watching.
[ link to this | view in chronology ]