SEATTLE (CN) – Unhappy customers say in a federal class action that an AccuWeather application that comes installed on EVO smartphones tracks users’ location “to within a few feet,” and transmits the unencrypted data over the Internet so it can be used to “display behaviorally targeted advertising to those users” – and there’s no way to disable the app.
Lead plaintiffs Chad Goodman and Jon Olson sued HTC America, which makes the Android-based EVO 3D and 4G smartphones, and AccuWeather.
They say the app, which was installed “ostensibly to make weather information conveniently available,” tracks “unnecessarily precise” data for a weather forecast.
“In actuality, defendants have used and continue to use the application to track plaintiffs’ exact geographic location for defendants’ own purposes unrelated to weather information,” according to the complaint.
“The location data defendants cause plaintiffs’ smartphones to transmit to AccuWeather is based on GPS coordinates and is accurate to within a few feet of where plaintiffs are holding their smartphones. This location data is unnecessarily precise for displaying local weather information on plaintiffs’ smartphones; HTC smartphones are equipped to transmit ‘coarse’ location data accurate to within a few blocks and which takes less of a toll on plaintiffs’ Internet data usage and battery life,” according to the complaint.
The plaintiffs also object that unencrypted data about their location is transmitted over the Internet.
“This is a substandard practice for transmitting individuals’ precise location data and is unnecessary, since HTC smartphones are capable of transmitting data over the Internet using SSL encryption,” the complaint states.
The plaintiffs say that “at a minimum,” coarse information about their location is transmitted to AccuWeather throughout the day, and fine, GPS-based location data, is transmitted every time they tap the weather application on their phones.
“In addition, AccuWeather automatically received plaintiffs’ and class members’ ‘user agent’ information – information about their device and browser characteristics – that enables AccuWeather to perform ‘device fingerprinting’ to assign unique identifiers to each of plaintiffs’ and class members’ smartphones,” according to the complaint.
It continues: “In addition, the AccuWeather has the capability to read the smartphone’s unique device identifier, send text messages, modify events on the calendar, and transmit email messages.
“Further, AccuWeather derives a substantial portion of its revenue by collecting information from AccuWeather users, including plaintiffs and class members, and analyzing that information to display behaviorally targeted advertising to those users.
“Upon information and belief, AccuWeather uses the location information it unnecessarily receives from plaintiffs and class members to identify individuals, analyze their behavior based on their smartphone uses and locations, build profiles about them, and profit from sharing the profile information and/or using the profile information in providing services to yet other third parties, such as by serving behaviorally targeted advertising to plaintiffs and class members on their smartphones or the Web.”
The class claims that another “unreasonable security defect” called “HtcLoggers” lets providers of third-party apps access all the data on the user’s phone.
“The HtcLoggers feature allows any Internet-connected app, regardless of its purpose, to access plaintiffs’ and class members’ email addresses; phone numbers for calls dialed and received; fine and coarse location and location history; text messages; and activity logs for all apps running on the smartphone – essentially, all information regarding all activity on the smartphone.
“HTC Corporation reportedly has acknowledged the HtcLogger defect but has failed to alert purchasers, rectify the defect, investigate AccuWeather’s use and/or onward transfer of purchasers’ detailed geographic location data, or remediate AccuWeather’s retention of such data,” according to the complaint.
The plaintiffs say they would not have paid a premium price for the phones if they knew about these “defects.”
“Defendants’ competitors manufacture, market, and distribute comparable smartphones that do not send fine location data to third parties without a users’ express permission and without encryption or other reasonable security protocols. In comparison to similar products that display adequate disclosures, defendants charged a premium for the EVO 3D and the EVO 4G,” the complaint states.
The plaintiffs seek refunds, a replacement smartphone or the premium they paid for the phones “above the amount charged for similar, adequately labeled products,” and they want the defendants ordered to fix the defects in the phones and purge all personal location data they collected.
They are represented by Clifford Cantor of Sammamish.