Jay-Z wanted to know who you were calling, and now the app that he and Samsung put together may be under investigation by the Federal Trade Commission, if the Electronic Privacy Information Center has its way.
The Electronic Privacy Information Center, or EPIC, announced earlier this week that they had submitted a request to the FTC to investigate Samsung for implementing highly invasive software in the app created for Jay-Z's new album "Magna Carta Holy Grail." According to The Guardian, about 1.2 million people installed the Android Magna Carta app, in order to get early access to the platinum rapper's new album.
By installing the app, and assenting to its terms of service, Jay-Z fans may have gotten a lot more than an advanced look at the new album. According to EPIC's filing with the FTC, the app required permission to: modify or delete contents of phone USB storage, prevent phone from sleeping and view all running apps, access your precise (GPS) and approximate (network-based) location, obtain full network access, read phone status and identity (including who the user is talking to on voice calls), run at startup, test access to protected storage, receive data from Internet, view Wi-Fi connections, view network connections, control the phone's vibration, and to find accounts on the device—meaning rounding up email addresses and social media connections on the device.
Critics fiercely attacked the app's invasive permissions list when the Magna Carta Holy Grail app was released: for example, the New York Times' Jon Pareles called it "an ugly piece of software" and "coercive," "intrusive," and "creepy," asking, "If Jay-Z wants to know about my phone calls and email accounts, why doesn't he join the National Security Agency?"
The app was designed to create (or force users to create) buzz about the new album: in order to sign in with a Facebook or Twitter account to access the album, and in order to view song lyrics, users had to post the following automatic tweet or Facebook status update announcing each song whose lyrics they viewed:
"I just unlocked a new lyric 'SONG TITLE' in the JAY Z Magna Carta app. See them first. https://smsng.us/MCHG2 #MagnaCarta."
Such auto-posting is usually endemic to spam, not apps released by a major IT company and a top-selling pop artist.
EPIC has asked the FTC to suspend distribution of the Magna Carta Holy Grail app until their privacy concerns have been addressed by Samsung. They also requested the FTC to limit Samsung's data collection in the app to only the user data that is necessary to the app's function and to "delete the user data that was improperly obtained" by the app.
According to the Los Angeles Times, intellectual property law experts are skeptical that the FTC would be interested in EPIC's filing. According to Jeremiah Reynolds, an intellectual property specialist and lawyer from the law firm Kinsella Weitzman Iser Kump and Aldisert, the app's data collection was legal as long as the users agreed to it when they downloaded it: "People may believe it's intrusive, but as long [as] it's correctly described and as long as the people give consent, I don't see what the issue is."