By Kiran Jassal
Eight companies (Foodspotting, Foursquare, Gowalla, Instagram, Kik, Path, Twitter, and Yelp) have agreed to a proposed settlement of $5.3 million in a case surrounding the “Find Friends” feature in iOS apps. As the name suggests, “Find Friends” allows consumers to quickly discover if any of their contacts are also using an app. Interestingly, both Apple and LinkedIn are among the companies named in the lawsuit; however, they are continuing to fight the case while the aforementioned entities have decided to settle.
This case began in 2012 when a number of consumers sued all named defendants over the “Find Friends” feature of their apps because the consumers were not informed that their contact lists would be saved to the servers of each respective company. A consumer’s address book is a digital repository of personal and professional relationships they have amassed in their lifetime. Much of this data belongs to other people and has been entrusted to personal connections with the understanding that their contact information will remain relatively private. For years, developers have understood that if they give consumers an easy way to find their friends who are already using the developer’s applications, then those consumers might continue to use their apps.
In order to find connections, app developers are accessing address books, gathering phone numbers and email addresses, and uploading that data to its servers. Often privacy concerns arise with how this information is uploaded. Responsible developers may use an encrypted HTTPS connection to upload address book data, use the data to determine contact matches, and discard the data immediately. Since 2016, Apple has required encrypted HTTPS connections for iOS apps. Unfortunately, this secure procedure is not always used by companies. The entities named in this lawsuit allegedly uploaded contacts’ phone numbers and email addresses to their servers for matching purposes all without first requesting permission or informing consumers how long they plan to store this data. The consumer class argues that the named companies violated their privacy by not informing them upon downloading their respective apps that the companies would upload and store contact lists on their servers. In short, no consent was given.
While the defendants have insisted that they did nothing wrong for years, emphasizing that they had to store contact lists for “Find Friends” to function properly, U.S. District Judge Jon Tigar of the Northern District of California disagreed. “Fundamentally, this case is about whether Apple’s conduct and that of application developers violated community norms of privacy… A ‘reasonable’ expectation of privacy is an objective entitlement founded on broadly based and widely accepted community norms.”
Judge Tigar must approve the settlement before it takes effect. If he does, users of the aforementioned apps from April 2009 to February 2012, will be awarded a fraction of the $5.3 million. The proceeds, which will be distributed via Amazon.com credits or by check, are likely to be paid late this year. The settlement also calls for the app makers to inform eligible users by email or, in Twitter’s case, by a tweet with the suggested handle of “@settlementnews.”
How much of a payout can consumers expect? Not that much, especially since the decision probably affects millions of people. All the same, if you’re looking for a quick way to make a few dollars, you may want to check out whether or not you have utilized “Find Friends” between 2009 and 2012. You can find out if you’re eligible to collect here. Moving forward, companies may avoid violating consumer privacy issues when uploading and storing address book data by amending their terms of service or incorporating “Fiend Friends” as an opt-in feature.