The Spanish football league La Liga has been hit with a fine of 250,000 euros (approximately US $280,000) after its official Android app was found to be sneakily listening to people’s surroundings when soccer matches were being played.
According to reports, audio recorded through the Android smartphone’s microphone was combined with GPS location data in an attempt to determine if bars and restaurants were airing live matches without a license.
In effect, millions of football fans were recruited into an army of spies for the Spanish soccer league, helping it crack down on piracy.
To give La Liga some credit, it’s an ingenious use of modern technology.
But not everyone is impressed.
As well as disgruntled fans giving the Android app poor reviews on the official Google Play store, the Spanish data protection agency (AEDP) has weighed in hitting La Liga with a hefty GDPR fine.
And, by all accounts, it was the introduction of GDPR legislation in May 2018 that may have prompted realisation amongst app users about the app’s unusual behaviour.
When the spying behaviour was first highlighted by the Spanish media a year ago, La Liga said that “nobody accesses the audio fragments captured by the microphone” as the audio “automatically becomes a signal, a binary code.”
The snooping was said to only occur in Spain, and “without storing any recording or content.”
In response to the fine from the AEDP, La Liga says it disagrees with the ruling, which it considers unfair, and is launching an appeal. The league claims that for the microphone functionality to be active, users had to expressly give their informed consent on two occasions.
La Liga further argues that it would not be acting diligently if it did not use all the means and technology at its disposal to fight against piracy and fraud, which it estimates costs it 400 million euros per year.
The Google Play store shows that the La Liga app has been downloaded more than 10 million times. I wonder how many of those football fans didn’t understand fully quite why the app was requesting access to their microphone and location…
*** This is a Security Bloggers Network syndicated blog from HOTforSecurity authored by Graham Cluley. Read the original post at: https://hotforsecurity.bitdefender.com/blog/la-liga-fined-e250000-after-android-app-spied-on-football-fans-21332.html