Apple & App Developers Duck Data-Mining Suit

     SAN FRANCISCO (CN) - The lack of specific injury dooms a massive lawsuit accusing Apple and 14 app developers of mining iPhones and iPads for data, a federal judge said.
     IPhone user Oscar Hernandez initiated the dispute with a 2012 federal class action against Path Inc., a social-networking app for mobile phones. He alleged that Path gleaned sensitive data about the location and contact information of its users, minor children included, and stored such information so insecurely that it could be accessed by "even an unsophisticated hacker."
     A federal judge in San Francisco gutted large portions of that action for lack of evidence that Path had intercepted users' communications, a requisite for the Federal Wiretap Act. After the U.S. government found that Path had violated Federal Trade Commission rules by mining and storing data from minors, however, the parties settled with promises from Path to delete collected data and beef up its privacy policy.
     But the case fired up again after reports surfaced that other app developers - including big names like Twitter, Yelp, Instagram and "Angry Birds" maker Rovio - deploy a "friend-finder" function to rifle through users' iPhones and iPads, looking to make connections.
     The disgruntled users joined forces to file a massive, consolidated complaint in Texas. A federal judge there dismissed the first amended complaint for violating court rules on length - 343 pages for 13 causes of action - and transferred the second amended complaint to U.S. District Judge Jon Tigar in California.
     This past fall the app developers and Apple asked Tigar to dismiss the case, noting that, even with 166 pages and 26 causes of action - including six that the Texas judge had dismissed - the users failed to show any sort of injury from the friend-finder function.
     Tigar's 57-page dismissal Wednesday, credits most of the points made by Apple and the app makers. While Tigar declined to go where Apple wanted - that the tech giant should not be held responsible for what app developers put in the App Store - he found the pleadings by Marc Opperman and other plaintiffs had changed very little from previous incarnations.
     Specifically, claims that the plaintiffs had been duped by a drawn-out false advertising campaign which painted Apple products as safe and secure lack the detail needed for them to continue, Tigar said.
     "First, it is not clear that any of the plaintiffs were actually exposed to Apple's advertising campaign," Tigar wrote.
     "Second, although the complaint alleges with sufficient specificity the length of the advertising campaign at issue - it alleges that the campaign began at least by 2008 and continued up through the filing of the complaint - it does not contain sufficient detail concerning the extent of the advertising," Tigar added. "It is unclear from the complaint how often the advertisements were published, or in which media. Without more detail, the court cannot conclude that it would be 'unrealistic' to require plaintiffs to plead with specificity their exposure to each alleged misrepresentation."
     The failure of the misrepresentation claim against Apple also neutralizes unfair-competition, false-advertising and consumer-claims, the judge said. The plaintiffs missed the mark as well in claiming Apple violated California's computer fraud laws as well.
     "To the extent plaintiffs assert a Computer Data Access and Fraud Act claim based on Apple's encouragement of the development of the offending features of the subject apps, those allegations are insufficiently pleaded," Tigar wrote. "Each subsection of the statute plaintiffs assert incorporates expressly or by reference a requirement that the defendant acted 'without permission.' Courts in this district have interpreted 'without permission' to mean 'in a manner that circumvents technical or code based barriers in place to restrict or bar a user's access.'"
     In every case, the plaintiffs voluntarily installed, used and regularly updated the apps in question, according to the ruling. And although they might not have given the apps permission to access their address books, the plaintiffs also did nothing to block the apps from doing so, Tigar said.
     The judge did agree, however, that the plaintiffs had an expectation of privacy regarding their address books, finding that the "consent" to scan contacts that some of the apps obtained was invalid and best left for a jury to decide.
     On the other hand, the plaintiffs failed to show that the app makers had somehow publicly disclosed private information by transmitting over unsecure networks and public WiFi, according to the ruling.
     "While plaintiffs allege that their information could have been intercepted by third parties, they do not allege that any interception occurred, nor do they allege that it was 'substantially certain' that their address books would become 'public knowledge,'" Tigar wrote, citing state law. "To satisfy the requirement, more specific allegations establishing the extent of disclosure are required."
     The judge gave the plaintiffs another chance to fix the deficiencies in their complaint, and advanced the common-law "intrusion upon seclusion," invasion-of-privacy claim against the app developers only. The plaintiffs have 30 days to file a new complaint.