Power

Anti-Choice Apps Are Violating Google and Apple Privacy Standards

A nonpartisan watchdog group argues the apps don't follow guidelines for templated apps, include extensive tracking, and don't follow privacy rules laid out by Apple and Google.

[Photo: The App Store logo is displayed on the screen of a mobile phone in front of a computer screen displaying the logo of the multimedia application iTunes.]
This isn’t the first time Google and Apple have allowed anti-choice groups to abuse their platforms. Both Apple and Google‘s mapping software has directed people seeking abortion care to anti-choice clinics that spread misinformation about abortion and often lie to patients. Chesnot/Getty Images

A watchdog group has called on Apple and Google to remove apps created by organizations opposed to abortion rights and LGBTQ rights because they misuse personal information, don’t provide privacy policies, and violate the app stores’ basic standards. 

Campaign for Accountability, a nonpartisan group focused on public accountability, argues the apps don’t follow guidelines for templated apps, include extensive tracking, and don’t follow privacy rules laid out by Apple and Google.

“Apple and Google have kicked other apps off their platforms for violating their policies, and these anti-choice groups should be no exception,” Alice C.C. Huling, counsel for Campaign for Accountability, said in a statement. “Tech companies should apply their rules uniformly, rather than turn a blind eye to violations by developers with powerful political and social connections.”

Political Social Media LLC’s services, under the brand names uCampaign and RumbleUp, are used by a range of conservative candidates and organizations. Federal Election Commission (FEC) data shows campaigns and other committees paid the company $361,797.13 in 2018. Since its founding in 2014, Political Social Media LLC has been used by 41 campaigns and other committees, including the presidential runs of Donald Trump and Sen. Ted Cruz (R-TX), and state Republican parties in Mississippi, Missouri, North Dakota, Texas, and Wisconsin.

uCampaign makes an app called Life Impact, which keeps people “up to date on the latest pro-life news and calls to action,” according to its Apple App Store profile. Life Impact is billed as the official app for the Susan B. Anthony List, an anti-choice organization with close ties to the Trump administration.

uCampaign also makes the Stand Firm app, known as the app for those who support the Family Research Council (FRC), a group that spreads misinformation about LGBTQ people and advocates for extreme anti-choice policies. An FRC YouTube video says people can use the Stand Firm app to contact their congressional representatives on “issues of faith, family, and freedom,” and alert others about legislation.

Political Social Media LLC has made apps for the National Rifle Association (NRA) and for conservative groups outside the United States, including one to mobilize Brexit supporters. 

Google and Apple often frame rules about templated apps to ensure quality and include the rules in sections about spam or minimum functionality. Daniel Stevens, executive director of the Campaign for Accountability, said they serve an important transparency purpose.

“[The platforms] want users to develop apps that are genuine,” he said.

The templated apps are not published under the organization’s name but rather the brand, uCampaign.

Another issue raised by Campaign for Accountability is the abuse of people’s private data and the significant amount of tracking code. Analysis of these apps using tools developed by the Exodus project, a French privacy nonprofit, shows they each contain four trackers. That’s more trackers than 57 percent of trackers in the project’s database, based on data the Exodus project provided to Rewire News.

The Exodus project uses a technique called static analysis, meaning it analyzes the app without running any code—in this case, it looks for named units of code like “com.facebook.appevents,” which would indicate the app includes a tracker provided by Facebook. While this catches many trackers, it can’t identify trackers whose names have been deliberately obscured or trackers the project isn’t aware of, Esther Onfroy, the project’s lead developer, told Rewire.News.

Trackers encompass a range of data collection practices, from diagnostic aids for developers to generalist analytic tools like Google Analytics to scripts that funnel users’ information into large databases that can be resold or used to target ads.

In addition to third-party tracking code, the apps themselves are funnels, pressuring people to share their contacts—another platform rule violation. Google and Apple prohibit using contacts en masse to contact users.

The developer makes no secret of its aggressive use of personal data. In a February 2016 Medium post, the company bragged about the wealth of information they make available to campaigns.

“Everything the app supporters do through the app and volunteer about themselves: email, phone, location, age range, gender, social IDs, and, importantly, what calls to action they prefer and avoid,” Thomas Peters, CEO of Political Social Media, wrote. This means campaigns can match the names and phone numbers to voter file data to create a detailed set of data about potential supporters who never opted into the practice. Seemingly unaware of the irony, Peters describes the app as a “safe space” for Cruz supporters in the same post.

Another issue raised by Campaign for Accountability: missing privacy policies. Political Social Media’s policy refers to organization-specific policies that are not linked, meaning users must seek them out. Meanwhile, the in-app policies give campaigns and the company carte blanche to use the data in a variety of ways.

Privacy policies are especially important in the absence of federal privacy laws. Aside from sensitive types of personal information like medical data, “there’s very little hard regulation around app privacy,” Chris Conley, policy attorney at the American Civil Liberties Union of Northern California, told Rewire.News. 

However, the FTC can hold companies accountable for not following their privacy policy. Conley cited a 2011 settlement between the FTC and Facebook as an example. After Facebook, in the FTC’s words, “allegedly made promises that it did not keep,” the agency prevented Facebook from overriding privacy preferences without people’s permission and required it to be independently audited every two years until at least 2031.

While buried privacy policies are still binding, the fact that people might struggle to find them could make them less likely to report violations or realize the scope of data sharing to which they’ve implicitly agreed. 

Stevens said Apple and Google haven’t taken any action. When the Campaign for Accountability’s Google Transparency Project raised concerns about Google’s lobbying efforts, Stevens said the tech giant has tended to be “disingenuous” rather than respond to criticism in good faith. Google, Apple, and Political Social Media LLC did not respond to requests for comment from Rewire.News.

This isn’t the first time Google and Apple have allowed anti-choice groups to abuse their platforms. Both Apple and Google‘s mapping software has directed people seeking abortion care to anti-choice clinics that spread misinformation about abortion and often lie to patients.

Problematic apps like Political Social Media’s exist in a larger context of widespread concern about privacy. In a 2014 poll by Pew Research Center, 9 percent of Americans said they had “a lot of control” over their privacy, and 38 percent said they have “some control.”

Some state legislators are making headway in protecting people’s online privacy. Conley pointed to the passage of the California Consumer Privacy Act (CCPA) in June 2018 as a promising sign, calling it a “good first step.” The CCPA is limited to people in California, but Conley said companies might follow the policy across the board.

“The question is—and we won’t have the answer to this for six months—’How many companies will try to limit that right to people in California?'” he said. “Yes, we have set up a tool where you can virtually. And how many will say, look, we made this tool, we had to be pushed into it, but now that we had it, we think it’s the right thing to do to let everyone use it.”

Even if companies don’t enact privacy rules for all consumers of their own accord, Conley said pressure from people and lawmakers could lead to consumers having more control over their data. At the moment, however, the deck is stacked against them.

“It’s definitely clear that consumers have limited tools at their disposal to understand what information is being collected, how broadly it’s being shared, and what it really means,” he said.