Jul 72015

Joint FTC and NJ AG Complaint and Settlement Against App Developer that Allegedly “Hijacked” and “Drained” Phone Resources

Alan Charles Raul, Vivek K. Mohan and Christopher Eiswerth
, , ,

On June 29, the FTC and New Jersey Attorney General announced the filing of a joint complaint, and proposed, stipulated settlement, against an Ohio-based app developer, Equiliv Investments LLC and an individual officer of the company. The federal and state enforcement agencies alleged that Equiliv marketed a free app that users believed would let them earn rewards points for playing games or downloading affiliated apps.  The agencies alleged that Equiliv explicitly represented the app was free of malware when in fact the app’s main purpose was actually to load malicious software on the users’ phone to mine virtual currency.  Allegedly, the app took control of the devices’ computing resources and degraded the phones’ performance by draining battery life and data plans, and causing the devices to charge slowly.  The malware was alleged to pool the computing resources of consumers’ mobile devices to benefit the company’s effort to generate virtual currencies through a peer-to-peer network to compete with other devices in solving complex mathematical equations – a process known as “mining.”

The complaint cites both the FTC Act and the New Jersey Consumer Fraud Act in each of the two counts in the complaint, one alleging deception (FTC) and misrepresentation (New Jersey), and the other alleging unfairness (FTC) and unconscionable commercial practice (New Jersey).  The FTC described the case as part of its ongoing work to protect consumers using new and emerging financial technology, known as FinTech.

The settlement, which has been submitted to the court for approval, involved injunctive relief and a $50,000 monetary judgment payable to New Jersey (with $44,800 suspended).  The injunctive relief included standard provisions enjoining misrepresentations, as well as the following prohibitions regarding misuse of consumer computer resources that may be of general interest:

Defendants … are enjoined from … engaging in or participating in the marketing, distributing, offering for sale, sale, or installation of any mobile apps or software that uses or interferes with a consumer’s computer or other electronic device without consumers’ express authorization, or for any purpose other than that specifically authorized, including but not limited to software that: A. Damages, disables, or accesses without consumers’ express authorization or in excess of consumers’ authorization, any computer or other electronic device; B. Uses the computing resources of consumers’ computer or other electronic device without consumers’ express authorization or in excess of consumers’ authorization …

The Acting Director of the New Jersey Division of Consumer Affairs, Steve Lee, said,

This is not the first case we’ve seen in which a software developer sought to take over privately owned devices, without the owners’ knowledge or consent, to mine for virtual currency. But this case involved smartphones, rather than computers. This creates a potential for far greater damage, since mobile devices have much more limited processing power and often come with more expensive data plans.

The FTC’s press release, “App Developer Settles FTC and New Jersey Charges It Hijacked Consumers’ Phones to Mine Cryptocurrency; Defendants’ App Installed Malware that Left Phones With Drained Batteries, Depleted Data Plans,” is available here.  The New Jersey press release is available here.

Alan Charles Raul

Washington, D.C., New York

araul@sidley.com

Vivek K. Mohan

vmohan@sidley.com

Christopher Eiswerth

ceiswerth@sidley.com

You might also like
Illinois Supreme Court Clarifies Accrual for Illinois Biometric Privacy Act Claims

For the second time in two weeks, the Illinois Supreme Court clarified the scope of the Illinois Biometric Privacy Act (BIPA) — this time in Cothron v. White Castle. The court, in a 4–3 decision, held that BIPA claims accrue each time biometric data is collected or transmitted, and not just the first time.1

New FTC Guidance for Mobile Health Apps

Healthcare providers, health plans, and technology companies that use mobile health apps to access, collect, share, use, or maintain information related to an individual’s health should take note of the recently issued Federal Trade Commission (FTC) Mobile Health App Interactive Tool. The purpose of the tool is to help mobile health developers determine the federal regulatory, privacy, and security laws and regulations that may apply to the use of a consumer’s health information, such as information related to diagnosis, treatment, fitness, wellness, or addiction. While the tool should not be considered legal advice and cannot guarantee compliance with legal requirements, it can help healthcare providers, health plans, and technology companies issue-spot to manage risk in this heavily regulated space.

FINRA Issues 2023 Report on Its Examination and Risk Monitoring Program

On January 10, 2023, the Financial Industry Regulatory Authority (FINRA) published its 2023 Report on its Examination and Risk Monitoring Program (the Report).1 The 75-page Report includes four new topic areas for 2023: (1) manipulative trading, (2) fixed income — fair pricing, (3) fractional shares — reporting and order handling, and (4) Regulation SHO.