World Cup has everyone excited and scrambling for the right apps to stream the matches. It appears apps are also leveraging this attention to get intrusive permissions from football fans. According to a Spanish website El Diario, the Liga de Fútbol Profesional aka the National Professional Football League, which is responsible for running the most important competition in Spain, has been spying on its fans through their microphones to detect unauthorized broadcasts of matches in the public venues.
With over 10 million downloads, the La Liga app is no untrusted app developed by some random, unknown person or company. El Diario reports that "La Liga and the owners of football television broadcasting rights" have been using device's microphone "to detect if what it sounds like is a bar or public establishment where a football match is being projected without paying the fee established by the chains that own the broadcasting rights."
The paper said that the app is also using location services to pinpoint the location of those establishments.
La Liga says it's only spying on football fans in Spain, everyone else is safe...
The app reportedly takes permission for using your phone's mic and this permission is optional. However, considering how many users read the legalese before hitting the agree buttons, it's likely many La Liga users unwittingly turned themselves into informants for the company.
The National Football League claims that "nobody accesses the audio fragments captured by the microphone" as the sound turns into "a signal, a binary code" and is never stored. However, this won't console anyone who may have given away their local favorite bar to watch a football game to the organization...
La Liga says that it's spying on fans to target piracy that costs it "losses of more than 150 million euros," adding that only Spanish users were targeted. No matter what the reason, the decision to leverage users' naivety to spy on them should come with some serious legal repercussions. However, considering the app did ask for mic and location permissions, it is likely GDPR won't be able to help "victims" in this case.
This is yet another reminder that before hitting on those incessant "agree" buttons, make sure you read what you are agreeing to or you might be giving an app permission to use your mic, camera, and location services that could be used to spy on you and your surroundings.