Mobile ad firm fined $950k for secretly collecting Americans’ location data via WiFi

© Stephen Lam
A mobile advertising company has been fined $950,000 for using WiFi signals to collect the location data of hundreds of millions of unsuspecting consumers, including children. The company used private location info to send geo-targeted advertising.

The US Federal Trade Commission (FTC) estimated that Singapore-based InMobi reached more than one billion devices worldwide, accessing consumers via thousands of popular applications. Nearly 20 percent of those affected are located in North America.

“InMobi Pte Ltd. purposefully directed its activities to the United States by marketing and providing online services throughout the United States,” the government said in a complaint filed on Wednesday. 

The FTC accused InMobi of illegally collecting consumers’ locations for its advertising platform that the company offered to mobile app developers and advertisers.

According to the complaint, InMobi provided three options based on people’s physical location: current, spots they visit at certain times or “location history”, meaning places they frequent over a certain period of time.

Normally, both Android and iOS operating systems request that users either enable or disable location-sharing settings. Both systems also require app developers to obtain consumers’ consent through “permissions,” or sending notifications that inform them that their sensitive information might be accessed.

However, the FTC said that InMobi was tracking people’s locations regardless of whether those apps using the company’s software asked for users’ permission to do so and even after consumers had denied access to their location information.

Until December 2015, InMobi was collecting information about the WiFi networks that the consumer’s device connected to or that were in range of the consumer’s device, the complaint says. The company used that information “to create its own geocoder database through which it can match specific WiFi networks to specific locations,” the FTC said.

“Through this method, Defendant could track the consumer’s location and serve geo-targeted ads, regardless of the application developer’s intent to include geo-targeted ads in the application, and regardless of the consumer’s location settings,” the government wrote.

The FTC also accused InMobi of violating the Children’s Online Privacy Protection Act (COPPA) by collecting location data from apps that were clearly directed toward children. Even though it promised not do so, InMobi’s software tracked location in thousands of child-directed apps with hundreds of millions of users without obtaining parental or a guardian’s consent, as required by COPPA.

In a settlement with the US government, InMobi, subjected to a $4-million fine, agreed to pay $950,000 due to its financial state. The company will have to delete all information it collected from children, as well as data collected without consumers’ consent.

“This settlement ensures that InMobi will honor consumers’ privacy choices in the future, and will be held accountable for keeping their privacy promises,” the FTC said in statement.

The settlement also requires InMobi to establish a comprehensive privacy program that will be independently audited every two years for the next 20 years.