When we think about companies “harvesting our data,” chances are we’re thinking of The Big Tech Names doing that harvesting. But sometimes, even these companies get taken for a bit of a ride. Case in point: earlier today, the adtech company OneAudience got slammed with a hefty Facebook lawsuit, on charges that the company with claims that it peddled “malicious” software to app developers that would pull sensitive intel from an app downloader’s Facebook, Twitter and Google accounts—behind all of these company’s backs.
“These apps were distributed online to app users on various app stores, including the Google Play Store, and included shopping, gaming, and utility-type apps, the lawsuit states. In Facebook’s case, users that logged in using their Facebook account handed over their “name, email address, locale (i.e. the country that the user logged in from), time zone, Facebook ID, and, in limited instances, gender.”
This is the latest leg of the Facebook versus OneAudience saga, after the company was first found to be harvesting this data late last year. At the time, Facebook requested “an audit” of the company’s data-sucking behaviour, which the lawsuit states OneAudience didn’t comply with. In lieu of this “compliance”, OneAudience shut down this software, stressing that the data of the hundreds of users effected was “never intended to be collected” and was never used.
“We believe that consumers should have the opportunity to choose who they share their data with and in what context,” OneAudience said at the time.
Naturally, this data was collected for the purposes of targeted advertising. While the software in question—OneAudience’s mobile-specific SDK, or software device kit—might be no more, the company is still touting its ability to target “real, verified users” to be pelted with a given ad campaign. Older pitch decks from the company suggest that aside from the mobile-specific intel, it also profiled users based on where they lived and the language they spoke.
Ultimately, as pointed out by Recode, this lawsuit opens a can of worms about the complexity of the data-sharing chain of command. While companies like Facebook can control the ways their own ecosystem operates, its sheer reach means that it can’t keep an eye on every partner at every time—and just short of filing lawsuits or plugging up obvious loopholes as they arise, it’s unclear whether their commitment lies more with advertisers, or the consumers that they’re targeting.