Lawsuit: Mobile apps accessing users’ address books

A class-action lawsuit filed this week in Austin alleges that makers of some of the world’s most popular mobile apps routinely steal address book data such as names, phone numbers, email addresses, job titles and even birthdays from millions of users without their knowledge or consent.

In the filing in U.S. District Court in Travis County, attorneys representing 13 people — 12 of them Central Texans — claim almost 20 apps, including Facebook, Foursquare, Yelp and Twitter, continue to be available for download even though developers appear to be violating policies put in place by distributors such as Apple’s App Store, Amazon’s Appstore and Google Play, formerly known as the Android Market.

Makers of the popular Angry Birds and Cut the Rope games are also accused of possibly accessing personal information.

The lawsuit seeks to stop tech firms from harvesting data without permission and asks for monetary compensation.

Apple, which had sold more than 183 million iPhones and 55 million iPads as of Dec. 31, is named in the suit. Google and Amazon are not, but more companies could be added as the case progresses, said Jeff Edwards, lead counsel for the plaintiffs.

Apple has more than 3,500 Austin-area employees and announced plans last week to add 3,600 more. Other defendants with Central Texas offices include Facebook and video game maker Electronic Arts.

Gowalla, a location-based social networking site that wound down operations at its Austin headquarters early this year after several key staffers were recruited by Facebook, is also included in the suit.

The court filing cites an industry publication that claims the information collected could fetch 60 cents to several dollars per contact.

So far, there does not appear to be evidence that the information has been resold.

Facebook alone had 845 million active users as of December, the company reports on its website, each connected to dozens — perhaps even hundreds or thousands — of friends. Twitter reports it just hit 500 million accounts, with a quarter of them in active use.

The suit, which is being handled by the Edwards Law Firm, the Law Offices of Carl F. Schwenker and the Jordan Law Firm, alleges invasion of privacy, intentional interception, disclosure or use of wire or electronic communication, breach of computer security, negligence, unjust enrichment and racketeering, among other claims.

“We’re making some fairly serious allegations against the big boys,” Edwards said. “We’re saying, ‘Hey, you took something that didn’t belong to you, and you’re making a profit off it.’ ”

The case is likely to go to trial next year, Edwards said.

Spokesmen for Apple and Facebook declined to talk with the American-Statesman, and Electronic Arts, Foursquare, Instagram and Yelp did not respond to email messages seeking comment.

The suit was sparked in part by a recent New York Times article headlined “Mobile Apps Take Data Without Permission,” Edwards said.

“The address book in smartphones — where some of the user’s most personal data is carried — is free for app developers to take at will, often without the phone owner’s knowledge,” writers Nicole Perlroth and Nick Bilton reported last month.

The story cites a 2011 study that claims as many as 11 percent of the free products in Apple’s App Store can access details about users’ contacts.

“If these reports are accurate, they’re taking something fundamental and private, and they shouldn’t be,” Edwards said. “The idea that you play a video game and your address book is given away is really disconcerting.”

Apple hit 25 billion app downloads this month, according to the court filing, and 10 billion Android apps had been downloaded as of January.

The story in the Times ran about the same time that Path, a social networking site, opted to purge all personal information it had amassed after criticism from users around the globe.

Path is named in the suit.

“We are deeply sorry if you were uncomfortable with how our application used your phone contacts,” Path co-founder and CEO Dave Morin said on the company’s blog Feb. 8.

Morin said Path used the details it collected only to improve its “Add Friends” feature. All data were stored securely, he said.

“We believe you should have control when it comes to sharing your personal information,” he wrote. “We also believe that actions speak louder than words. So, as a clear signal of our commitment to your privacy, we’ve deleted the entire collection of user uploaded contact information from our servers. Your trust matters to us and we want you to feel completely in control of your information on Path.”

Edwards said a simple apology isn’t good enough.

“It appears as if they feel like it’s better to ask for forgiveness, not permission, and we think that’s not right,” he said.

Taking on Facebook, Twitter and so many other big-name targets all at once could prove a challenge, said Timothy Walton, an Internet attorney in Aptos, Calif., not affiliated with this case.

“It surprises me,” he said. “These defendants have a ton of money. The plaintiffs’ attorneys will need to have a deep war chest so they can afford what could be millions of dollars in litigation costs.”

Similar cases have popped up elsewhere, Walton said, and have prompted sites such as Facebook to “modify their privacy practices repeatedly to let people know what’s going on and to protect any revenue they’re getting from this information.”

Email addresses, he said, are typically what online companies are most interested in.

“The reason people want this information 99 percent of the time is for advertisements,” said Walton, who has handled several cases against alleged spammers.

With lawsuits popping up, increased media coverage and growing scrutiny from elected officials, app developers — and distributors — could be in for a rough ride this year, said Richard B. Newman, an Internet law attorney and managing partner of the Hinch Newman firm, which has offices in California and New York.

“The mobile communications industry is finding that failing to properly inform consumers of what is happening to their information is increasingly grabbing the attention of regulatory authorities, including the Federal Trade Commission,” said Newman, who is not involved in this case.

“The staggering growth in the number of devices, users and applications are converging with general privacy principles, and the challenge lies with how to create a framework whereby proper precautions are taken.”