Privacy advocates called out rapper/entrepreneur Jay-Z this week, filing a complaint with the Federal Trade Commission over an app he released earlier this month that many critics feel goes overboard in the amount of the information it requests from users.
Citing “deceptive business practices,” EPIC, the Electronic Privacy Information Center, filed the complaint (.PDF) last week alleging the app collected “massive amounts of personal information from users and required substantial user permissions.”
The app, “Magna Carta Holy Grail,” was launched July 4 on Samsung Galaxy Nexus devices in advance of the release of the record of the same name.
EPIC is asking the FTC to have Samsung suspend distribution of the app until its privacy concerns are addressed and the app falls in line with the Consumer Privacy Bill of Rights the Obama administration laid out in the spring of 2012.
Among the permissions required, the app asks:
- To modify or delete contents of phone USB storage.
- To prevent phone from sleeping and view all running apps.
- To access your precise (GPS) and approximate (network-based) location.
- For full network access
- To read phone status and identity (i.e. who the user is talking to on voice calls).
- To run at startup
- To test access to protected storage
- To receive data from Internet, view Wi-Fi connections, and view network connections.
- To control the phone’s vibration
- To find accounts on the device (gathering e-mail addresses and social-media user names connected to the phone)
On top of that, the app also asks to see what numbers users call and when they call them – all before the user even hears a note of music.
To download the record, users have to hand over their Twitter or Facebook credentials and give the app permission to post on users’ behalf to create social buzz. Users had to either tweet or post on Facebook about the record in order to “unlock” lyrics from songs, a process EPIC is calling “hidden spam techniques” in its complaint.
Over the last few years, applications have gotten much more aggressive when it comes to gathering users’ personal data. These apps are nothing new – the NFL’s Android app demands a similar set of information from its users – but the complaint filed by EPIC points out the amount of permissions the “Magna Carta” app requests “verges on parody.”
Samsung defended its app on Wednesday, calling the complaint EPIC filed with the FTC “baseless.”
“We are aware of the complaint filed with the FTC and believe it is baseless. Samsung takes customer privacy and the protection of personal information very seriously,” a Samsung spokesperson said.
Samsung went on to say that any information obtained through the app, which has been downloaded more than half a million times in the last two weeks, was obtained for customer verification, app functionality and marketing purposes.
The privacy implications of the app have been one of the more interesting storylines surrounding the release of the record this month.
The New York Times’ music critic Jon Pareles called it “creepy” that Jay-Z wants to know about his fans phone calls in a piece earlier this month.
“If Jay-Z wants to know about my phone calls and e-mail accounts, why doesn’t he join the National Security Agency?” Pareles said at, poking fun at the app in the context of post-Snowden revelations.
EPIC is hoping previous decisions handed down by the FTC regarding privacy and the protection of users’ personal information on their handheld devices will force Samsung’s hand.
The FTC settled with Path, a social networking app, earlier this year after EPIC complained that the application gathered information from users’ address books without their consent. Similar settlements were also reached in the last few years with HTC and Carrier IQ and after EPIC filed privacy complaints against the short-lived Google Buzz.