Spanish football league La Liga's official smartphone app has been caught using its fans' smartphone microphones and geolocation service (GPS) to detect pirate broadcasts of football games. If a user granted their permission, La Liga could quietly detect the location of users, specifically if they were in a bar.
If so, the app used the device's microphone to quietly record audio clips. These audio recordings were then compared with the location to identify whether the establishment had paid for a license to show the match or not.
As one of the top football leagues in the world, La Liga's official app has garnered over 10 million installs in the Google Play Store. After news broke that the app has been listening to its users, however, the app has drawn a slew of one-star reviews for the Android app.
La Liga has defended its actions saying it has a "responsibility to protect the clubs and their fans" from unlicensed broadcasts made in public places, claiming such streaming costs the league an estimated €150 million in losses annually. However, they said users are specifically asked for their consent to provide permissions for this functionality and can always choose to not allow it or revoke the permissions at any time.
When signing up for the app, users are presented with two tick boxes - one to confirm they have read the app's terms and conditions. The second begins with a fervent call to "protect your team" and asks users to agree to the app's use of data obtained via access to the device's mic and GPS functionalities to detect illegal match broadcasts.
In a statement on their website, La Liga claimed the spying functionality was solely used to detect unlicensed broadcasts of football matches and "implemented appropriate technical measures to protect the user's privacy if you authorize us to use this functionality."
According to La Liga, the audio clips captured by the device microphone are automatically converted locally into an irreversible binary code that is then accessed by the league. This code is then compared to a reference database. If no match is found between the two, the code is discarded. However, the "content of the recording will never be accessed", the league claimed.
The feature has only been deployed in its Android app and was active since June 8, La Liga added. They also noted that this functionality has only been used in Spain.
La Liga further stressed that the functionality is only turned on during time slots of the league's matches.
"We will periodically remind you that La Liga can activate your microphone and geolocation and we will ask you to confirm your consent," it added.
Still, news of the intrusive functionality has already triggered a probe from Spain's data protection watchdog, AEPD. It also comes just weeks after Europe's new privacy laws, the GDPR, went into effect that prohibits such practices. Under the landmark regulations, users must clearly and easily understand what they are signing with regards to their data before they agree to any terms or agreements set by a company.