Popular Spanish Soccer Mobile App Has Been Turning Users Into Piracy-Spotters Via Mobile Devices

from the unwitting-spy-network dept

As readers here will already know, the GDPR is now in full swing in Europe, with all of its crippling and stupid regulation in the name of personal privacy. It's a hilariously overly broad law that has had the happy coincidental effect of forcing companies that store personal data to at least be more upfront about how they are using that data. This effect has caused some to embrace the GDPR as wholly good, which is exactly the wrong conclusion to draw. Instead, the GDPR swings way too far in the direction of users controlling their personal data mostly by reaching way too far and keeping its language as vague and broad as possible, something that is already causing chaos in the digital marketplace.

And, yet, it cannot be ignored that the revelations of just how users' data are being abused by some bad actors keep coming. The latest of these concerns the mobile app for La Liga, Spain's most popular soccer league. La Liga recently revealed, having its hand forced by the GDPR, that users of its mobile app were unwittingly part of La Liga's spy network for uncovering unauthorized broadcasts of soccer matches at public venues.

The La Liga app, which is the official streaming app for Spain’s most popular football league, has reportedly been using the microphones on fans’ phones to root out unauthorized broadcasts of matches in public venues like bars and restaurants.

It sounds exactly like the kind of surveillance people are afraid of when it comes to modern technology, but as is often the case, the La Liga app technically asks users in Spain for permission to access their mics, according to Spanish Website El Diario.

Technically, yes, except that this request is buried in the fine print of an opt-in request the app makes for user permissions that nobody ever reads. One need only review the horror of many users of the app at this news to understand that many (most? all?) of the app's users had absolutely no idea that they were serving a soccer league's attempt at ratting out their favorite watering holes and restaurants. It also appears that this technique has been in place for years, and La Liga only drew recent attention to it due to the GDPR being enacted.

La Liga has pushed back on the concerns of its users and the press coverage, stating that it doesn't retain any of this data locally and that it converts the recordings into pure code, which is something of a non-sequitor. Either the data gathered is useful because it combines GPS data and audio recordings in a way that can pinpoint where a user is and what is on the television screens there... or it isn't. Whatever the technical specifics, the end result is a soccer league peeking in on soccer fans as they watch matches, with most of those fans having no idea that this was occurring at all.

Again, the GDPR is not a solution to this problem. For proof of that, you can note that La Liga says in its statements that everything here is above board. This has far more to do with just how much important privacy-implicating notifications are buried in fine print that goes unread by the masses.

Why anyone would download the La Liga app in the future would be a mystery to me.

Hide this

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: copyright, fotball, gdpr, la liga, privacy, spain, spying
Companies: la liga


Reader Comments

Subscribe: RSS

View by: Time | Thread


  1. identicon
    Anonymous Coward, 12 Jun 2018 @ 10:54am

    I think you mean Formerly Popular Spanish Soccer Mobile App.

    link to this | view in thread ]

  2. identicon
    Anonymous Coward, 12 Jun 2018 @ 11:09am

    So, a company has been spying on customers for who knows how long, and the GDPR forced them to admit it? I don't see how that's a bad thing.

    Really, except for that one point, this story doesn't really seem to have much of anything to do with the GDPR. The law has its issues, but in this case I think you might be trying too hard to push a "GDPR bad" narrative.

    link to this | view in thread ]

  3. identicon
    Anonymous Coward, 12 Jun 2018 @ 11:47am

    GDPR is now in full swing in Europe, with all of its crippling and stupid regulation in the name of personal privacy. It's a hilariously overly broad law that has had the happy coincidental effect of forcing companies that store personal data to at least be more upfront about how they are using that data

    That's a lot of whining about GDPR without substance. What, exactly, is your problem with GDPR? Do its cons outweigh its pros? Why or why not?

    Or maybe keep the hyperbole out of future articles that have nothing to do with target of your complaint.

    link to this | view in thread ]

  4. identicon
    Anonymous Coward, 12 Jun 2018 @ 12:08pm

    Nobody ever reads

    Technically, yes, except that this request is buried in the fine print of an opt-in request the app makes for user permissions that nobody ever reads.

    You don't have to "read" the request to simply hit the "don't allow" button. The picture in the article (though of an unrelated "Honey Quest" game) is straightforward, not "fine print". "Would Like to Access the Microphone"—why would anyone ever click OK to that if they're just trying to stream a game?

    Of course, a good phone UI would show an indicator whenever the microphone is on, and allow you to tap it to revoke any permissions.

    link to this | view in thread ]

  5. identicon
    I.T. Guy, 12 Jun 2018 @ 12:13pm

    Re:

    link to this | view in thread ]

  6. identicon
    I.T. Guy, 12 Jun 2018 @ 12:18pm

    Re: Nobody ever reads

    ""Would Like to Access the Microphone"—why would anyone ever click OK to that if they're just trying to stream a game?"

    I dunno, maybe it supports voice commands. Just like apps ask for permission to access your photos and music. Makes sense if the game has a function to use your photos and music, or to save to those locations.

    Now if the app said explicitly we want to use your microphone at any time for our own purposes to find illegal activity. I doubt anyone would agree.

    link to this | view in thread ]

  7. identicon
    Anonymous Coward, 12 Jun 2018 @ 12:19pm

    > stating that it doesn't retain any of this data locally and that it converts the recordings into pure code

    Probably, they're trying to dodge allegations that this is recording and retaining human conversations. If they immediately convert it to just a note that the game's audio was detected, and store that + GPS, they have what they need for their claimed purpose of hunting down unauthorized rebroadcasts. It's still an abuse of trust, and depending on local wiretapping law might still be illegal for all the human conversations it captures while hunting for game audio, even if those conversations are not retained or used in any way. Wiretapping laws are not known for their reasonableness.

    link to this | view in thread ]

  8. identicon
    Anonymous Coward, 12 Jun 2018 @ 12:51pm

    Re: Re:

    I shouldn't have to do a search in the hopes of finding the reasons for this author's angst. An article should stand on its own merits. This one fails.

    link to this | view in thread ]

  9. icon
    Jeffrey Nonken (profile), 12 Jun 2018 @ 12:53pm

    I think I'll download the La Liga app and let it listen to me humming the bass line to '70s music and yell at the computer while developing firmware. Then I'll give them a 5-star review that accuses them of spying and links back to this article.

    Used to be when I got an unsolicited robo-call I'd stick the phone in front of the speaker to keep it online as long as possible, in hopes of driving up their costs, while costing me zero effort. Unfortunately their software is too clever to fall for that any more.

    link to this | view in thread ]

  10. icon
    Ninja (profile), 12 Jun 2018 @ 12:58pm

    Oh. And where are the fines? I want to see the Euros flying!

    Ahem.

    I do recognize the GDPR has many flaws but it's good that at the very least it is unearthing the widespread bad practices going on. I hope they revisit the law to make it more sensible but it's hard to disagree that a more hard line approach wasn't needed.

    And they say companies can police themselves and behave without govt regulations. Right.

    link to this | view in thread ]

  11. identicon
    Anonymous Coward, 12 Jun 2018 @ 1:21pm

    Re: Re: Nobody ever reads

    I dunno, maybe it supports voice commands.

    Maybe. Unless they've given a reasonable explanation like this ahead of time, people should say no.

    It's still the wrong model to be using. Any app that wants to do this should have to register some "wake word" with a system framework, and only get access for a short time after it's heard—and users should be well aware when the app is receiving audio. If an audio-recording icon was visible the whole time, people would have noticed this.

    Just like apps ask for permission to access your photos and music. Makes sense if the game has a function to use your photos and music, or to save to those locations.

    They shouldn't need to be able to "access" photos to save them. As for viewing them, the powerbox design pattern is well established in capability-system literature.

    link to this | view in thread ]

  12. identicon
    Anonymous Coward, 12 Jun 2018 @ 2:00pm

    Re:

    Oh. And where are the fines?

    For what? They kept it secret while allowed to, and disclosed it when legally required to.

    link to this | view in thread ]

  13. identicon
    Anonymous Coward, 12 Jun 2018 @ 4:48pm

    So in an effort to combat piracy, the app probably violated wiretap and privacy laws by recording people without their permission?

    link to this | view in thread ]

  14. identicon
    Anonymous Coward, 12 Jun 2018 @ 6:26pm

    Remember when average_joe insisted that Sony's rootkit was an anomaly and we shouldn't be allowed to accuse copyright enforcers of installing malware on consumer devices?

    link to this | view in thread ]

  15. identicon
    Anonymous Coward, 12 Jun 2018 @ 6:45pm

    Re:

    "Remember when average_joe insisted that Sony's rootkit was an anomaly and we shouldn't be allowed to accuse copyright enforcers of installing malware on consumer devices?"

    He was kinda right, but the anomaly was that they got caught doing it.

    link to this | view in thread ]

  16. icon
    That Anonymous Coward (profile), 13 Jun 2018 @ 4:30am

    DOUBLEPLUS GOOD!

    link to this | view in thread ]

  17. identicon
    Anonymous Coward, 13 Jun 2018 @ 4:37am

    Re: Re: Re:

    Whaaaaaa

    link to this | view in thread ]

  18. icon
    Ehud Gavron (profile), 13 Jun 2018 @ 5:45am

    Re: Re: Re:

    "I shouldn't have to do research" is another way to say "I shouldn't have to think or backup my position."

    You are right! You should NOT have to do research. Also you should not have to REPLY on a forum, impugn the article, or in any way kvetch about it.

    Go bitch somewhere where it's acceptable to say "Couldn't be bothered to read it or to read about it or read anyone else's comments but here are my opinions."

    E

    link to this | view in thread ]

  19. identicon
    Anonymous Coward, 13 Jun 2018 @ 6:01pm

    "But we were just trying to stop illegal activities"

    So? You can't prevent "bad" stuff from happening by removing people's right to privacy.

    Fuck you, Big Brother, I know you're watching.

    link to this | view in thread ]


Follow Techdirt
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Discord

The latest chatter on the Techdirt Insider Discord channel...

Loading...
Recent Stories

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it
Close

Email This

This feature is only available to registered users. Register or sign in to use it.