Apple, App Makers Escape iDevice Snooping Class Action Lawsuit

Top Class Actions’s website and social media posts use affiliate links. If you make a purchase using such links, we may receive a commission, but it will not result in any additional charges to you. Please review our Affiliate Link Disclosure for more information.

Apple Inc. and 14 app developers escaped a massive privacy class action lawsuit last week that accuses Apple of helping apps like Angry Birds, Foursquare, Instagram, Path, Twitter, and Yelp of stealing customers’ contact info and other personal data from their iDevices.

In a May 14 order, U.S. District Judge Jon S. Tigar stripped all but one of the claims in the consolidated Apple app privacy class action lawsuit, saying the plaintiffs failed to demonstrate that they relied on deceptive user privacy promises in purchasing iPads, iPhones and other iDevices. The plaintiffs will have 30 days to amend and retry their claims.

The millions of Apple mobile device consumers — those who use iPads, iPhones and iPod Touches to download apps — who also store contact information for their friends, family, and acquaintances, found their privacy could have been compromised when it was revealed in February 2012 that the photo sharing and messaging app produced by Path Inc. was secretly harvesting users’ contacts and calendar information. A class action lawsuit against Path was filed in March 2012.

While Path apologized, and Apple revised its privacy settings, the allegations made by the consumers in the Path privacy class action lawsuit troubled many privacy hawks. Judge Tigar wrote a 57-page decision detailing the claims against big app makers like Facebook Inc., Twitter Inc., and these company’s applications as well as popular apps like Angry Birds, Instagram, Yelp and Hipster. Not only are the app makers accused of harvesting user contact info, but Apple is alleged to have helped the app makers learn how to do so, encouraging them to incorporate improper data harvesting into their apps and instructing them on how to conceal those functionalities from users.

According to documents submitted in five class action lawsuits filed against Apple and the app makers, “Apple claims to review each application before offering it to its users, purports to have implemented apps privacy standards, and claims to have created a strong privacy protection for its customers.” But, writes Tigar in his opinion, “some apps offered on the App Store are alleged to have accessed and uploaded information from customers’ iDevices without their knowledge, including contact information. Plaintiffs allege that Apple has failed to safeguard the App Store from such apps, while representing to the public that Apple’s products are ‘safe and secure.'”

While Apple’s App Store guidelines prohibit transmitting user data without prior permission, the guide Apple provides to app developers gives contrary information. According to the decision, “Apple tells developers, ‘don’t force people to give you information you can easily find for yourself, such as their contacts or calendar information,’ and ‘[i]f possible, avoid requiring users to indicate their agreement to your [end user license agreement] when they first start your application. Without an agreement displayed, users can enjoy your application without delay.”

The Apple app privacy class action lawsuit states that after the accessing and uploading of customer data by Path was made public, two members of congress wrote to Apple and to 34 app publishers in February and March of 2012, asking for more information about the practice. In the letter, the congressmen wrote, “claims have been made that ‘there’s a quiet understanding among many iOS app developers that it is acceptable to send a user’s entire address book, without their permission, to remote servers and then store it for future reference. It’s common practice, and many companies likely have your address book stored in their database.'” In March 2012, a Senate investigation was launched.

Apple had made repeated representations about the privacy of Apple device customers’ data, and some of that is detailed in the opinion, notably a statement then-Apple CEO Steve Jobs made when the iPhone and the App Store were launched: “[t]here are going to be some apps that we’re not going to distribute. Porn, malicious apps, apps that invade your privacy.” In September 2011, the Apple web site went further, saying “All apps run in a safe environment, so a website or app can’t access data from other apps.”

The plaintiffs in the Apple and app developer class action lawsuits made claims on alleged violations of a wide variety of laws and statutes, including California consumer protection law, California Unfair Competition Law, California Comprehensive Computer Data Access and Fraud Act, California’s Wiretap / Invasion of Privacy Act,  Uniform Fraudulent Transfer Act, Texas Wiretap Acts, Texas Theft Liability Act, the federal Computer Fraud & Abuse Act, the Electronic Communications Privacy Act, and the Racketeer Influenced and Corrupt Organizations Act.

The judge was unmoved by the nature and quantity of the allegations, discarding several of the claims because the plaintiffs did not convince him they relied on the privacy statements from Apple when purchasing the iDevices. He wrote, “plaintiffs have failed to plead with particularity the specific representations upon which they relied, have failed adequately to plead a long-term and extensive advertising campaign and have failed to satisfy the requirements for a pure nondisclosure or concealment claim,” and dismissed them with the ability to amend the claims.

The plaintiffs lacked “Article III” standing, said Judge Tigar. “For the Court to have jurisdiction over Plaintiffs’ claims, their alleged injury must be ‘fairly traceable’ to Apple, and not the result of the ‘independent action of some third party not before the court,'” he wrote. He dismissed most of the claims on this basis, including the common law conversion and trespassing claims; he wrote in dismissing those the the plaintiffs did not suffer any injury to their property rights based on the applicable decisions.

The claims against the app developers were dismissed for a number of reasons. The wiretap claims were dismissed because there is no evidence, said Judge Tigar, the developers “intercepted” the contact info of the plaintiffs; and the Computer Fraud and Abuse Act claims failed because there is no evidence the developers gained access to users’ devices without authorization (presumably, all plaintiffs chose to download the apps to their phones, granting authorization to access devices for the purposes of using the apps).

Only one claim stood with regard to the app developers: common law invasion of privacy. Judge Tigar wrote, “The Court finds it is sufficient to confer standing for those claims on which the injury bears — intrusion upon seclusion and public disclosure of private facts.”

Despite dismissing all the app privacy class action lawsuit claims against Apple and all but one against the app developers, Judge Tigar did give the plaintiffs leave to amend the complaints; if the consumers choose to go forward with these class action lawsuits outside of the invasion of privacy claim, the standing issue and demonstrating reliance on Apple’s statements regarding privacy is sure to be at the forefront of the minds of the plaintiffs’ attorneys.

Although, according to the 2012 letter by the congressmen to Apple and 34 app developers, millions of pieces of consumer data and contact information may be stored on the servers of the defendants and other app developers; for now the claims available to pursue in class action lawsuits regarding that information are very slim.

The plaintiffs are represented by Phillips Erlewine & Given LLP, The Law Offices Of Carl F. Schwenker, Edwards Law, Gardy & Notis LLP, The Law Offices Of Martin S. Bakst, Strange & Carpenter, and Joseph H Malley Law Office, among others.

The Mobile App Privacy Class Action Lawsuit consolidated case is Opperman, et al. v. Path Inc. et al., Case No. 3:13-cv-00453. The preceding cases are Pirozzi v. Apple, Inc, Case No. 3:12-cv-01529-JST; Hernandez v. Path, Inc., Case No. 3:12-cv-01515-JST; Gutierrez v. Instagram, Inc, Case No. 3:12-cv-06550-JST; Espitia et al v. Hipster, Inc., Case No. 3:13-cv-00432-JST.

UPDATE: On Apr. 1, 2016, Apple and Path filed briefs opposing certification of this class action lawsuit that accuses Path of improperly obtaining users’ contacts stored on Apple devices.

UPDATE 2: On Apr. 22, 2016, Apple is seeking dismissal of a class action claim that it improperly helped developers of the Path social media app secretly access users’ address books.

UPDATE 3: On June 1, 2016, Twitter argued that the class action alleging its “Find Friends” app violates users’ privacy should be dismissed because the users allowed Twitter to access their personal contacts.

UPDATE 4: On July 15, 2016, a California federal judge partially certified a class action lawsuit filed by Path users who claim Apple Inc. let the app access their contacts on their smartphones.

UPDATE 5: On Aug. 11, 2016, the plaintiffs in a class action lawsuit accusing a host of app developers and Apple Inc. of improperly harvesting user data without permission argued that Twitter knowingly violated their privacy because it only began asking permission to access users’ address books after public outcry over the practice.

UPDATE 6: On Sept. 9, 2016, Yelp will continue to face a privacy rights class action lawsuit alleging it made unauthorized use of users’ address book data, following a federal judge’s denial of the company’s motion for summary judgment.

UPDATE 7: On April 3, 2017, several app companies, including Twitter, Yelp, and Instagram, asked a federal judge to sign off on a $5.3 million preliminary settlement deal that would resolve a mobile app privacy class action lawsuit.

UPDATE 8: The Twitter, Instagram, Yelp App Privacy Class Action Settlement is now open. Click here to file a claim. 

UPDATE 9: On June 6, 2018, Top Class Actions viewers started receivingchecks in the mailworth as much as $94.55 from a class action settlement over alleged privacy violations by developers of certain apps available on the iOS mobile app. Congratulations to everyone who filed a claim and got PAID!