Tuesday, Securities and Exchange Commission announced it accused App Annie — a major mobile data provider — of securities fraud, alleging that the California-based company manufactured “significant misleading” to clients and investment companies over the data it collected and took off. App Annie has agreed to pay $ 10 million to complete the investigation, the SEC said.
Although the Commission has in the past issued massive fines for data protection issues, they have largely focused on companies such as First American or Pearson mislead investors and shareholders about their respective company’s meager cybersecurity practices. App Annie’s case, as the SEC says, is a bit different. Instead of the company accidentally leaking sensitive details about its clientele, it says that App Annie simply promised its customers that it would use its data in a way and then go back to the promise behind the scenes. It shows that the data broker industry can have far-reaching effects that go far beyond targeted advertising.
That SEC’s order states the requirements in more detail. App Annie, for those who do not know, is a company that collects countless people’s app data using a lots of sources, as well as ad networks and consumer panels. App Annie then sells this data as a standalone product – “Intelligence” – for customers who want to find out e.g. Estimates as an app’s total usage, revenue or downloads. From 2014 to 2018, the order paid notes that more than 100 trading companies paid App Annie for this product to help guide their investment decisions.
Understanding where intelligence went wrong – and how these companies were misled, and why – is … complicated. We will do our best to break it down:
1. One of App Annie’s flagship technology products is called Connect, which the company offers for free to any developer looking for some easy analytics. In return, the App Annie gets access to fairly confidential app information: this app’s total usage figures, its total revenue, how well it retains users, and more. This data is ultimately what burns the App Annies Intelligence product further down the line.
2. App Annie told app developers that in the end, yes, its data will be transformed into a product that can be sold as part of its terms of service – but promised that their data would be anonymized using “aggregated information pools”, before it happened.
The company also promised that it had certain controls in place to comply with federal securities laws when handling apps from listed companies that wanted to board its technology. In these cases, the SEC wrote, the app Annie promised companies they could board the analytics without their confidential details leaking into a major product on the line.
3. The biggest downside was that App Annie didn’t actually see these promises through. According to the SEC, App Annie “failed to correct anyone [the company] to document any such policy until 2017 – even though App Annie had made those promises since the end of 2014. And even then, there was still some public company data used. According to the doctor:
When App Annie first documented a policy limiting the use of public enterprise Connect Data in April 2017, the policy only required the statistical model to exclude app revenue data from certain public companies (ie those whose app revenue exceeded 5% of the company’s total revenue) and placed no restrictions on input from app downloads and app usage data from public companies in the statistical model.
Until the company learned about the SEC’s investigation in June 2018, “all app download data, all app usage data and certain app revenue data from public companies were used in App Annie’s statistical model,” wrote the SEC. And it’s getting worse from there.
4. Between 2015 and 2016, the SEC claims that the App Annie team became “more and more worried” over complaints that its intelligence estimates were not accurate enough for the real numbers generated in the Connect user’s apps. In an attempt to get customers to stop leaving competitors, App Annie had two options: overhaul the algorithms baked into intelligence, or commit fraud. Then said inspection would be “too expensive and time consuming to implement”, the company apparently went with option B. (App Annie does not admit mistakes, it just does all the things you do when you are guilty of misconduct.)
5. A team of App Annie engineers based in Beijing was told by then-CEO Bertrand Schmitt to insert a secret, extra step towards the end of Intelligence’s existing algorithmic workflow: “error halving”. This step, the SEC explained, compared the real, confidential intel – like app revenue and usage data – that App Annie was able to retrieve from Connect users against any estimate Intelligence would spit out to subscribers. If these numbers were too far apart, this step would “reduce the difference by half” and instead shift this number to intelligence.
6. Apparently, this whole process was so secret that no one in the company, except Schmitt and his team out in China, even knew it existed. Customer-facing representatives and executives did not know that they were selling investment companies on data that may have violated some securities laws, and investment companies did not know that they were using this information to buy or sell shares. The only difference was that somehow the numbers App Annie released on public company apps were much closer to what those companies reported in earnings calls.
7. Investors were happy (and profitable), which meant that App Annie was happy (and profitable) – at least until the SEC came into the picture. As soon as the company spotted the commission’s investigation, writes the SEC, app Annie hit the breaks on everything: it cut public company data out of its statistical models, stopped fudging those models with secretly added data and got a new CEO after Schmitt decided to mysteriously resign.
That brings us to the current day and the current charges, which can best be summarized by this statement from Gurbir Grewal, SEC’s Enforcement Officer:
Federal securities laws prohibit misleading conduct and material misstatement in the purchase or sale of securities. Here, App Annie and Schmitt lied to companies about how their confidential data was used and then not only sold the manipulated estimates to their trading company customers, but also encouraged them to trade those estimates – often highlighting how closely they correlated with the companies’ true performance and stock prices.
Yep, that definitely sounds a little scam-y okay!
App Annie, for its part, did not admit the agency’s results – but neither did it deny them. In addition to the company’s $ 10 million fine, Schmitt must pay his own $ 300,000 fines and will also be barred from serving as an officer or director of a public company for the next three years.
In the wake of the SEC’s announcement, both App Annie and Schmitt issued their own statements. App Annies note notes that the study “did not relate to our current products, nor did it relate to our current relationship with customers.” Schmitt, meanwhile, stepped down from App Annie’s board and resigned a post to his Linkedin followers letting them know he was extremely upset ™:
We drove fast and renewed ourselves in a new space, but we always understood that compliance was a critical element of the company to ensure that customers could trust the estimates we gave them. We had obtained legal advice on compliance procedures and even hired an internal compliance team, but as a private company we did not understand that our level of control over the use of confidential data in our estimates for intelligence reports could form the basis of an SEC action. In fact, I believe that the SEC’s requirements represent a significant extension of existing legislation.
Apart from the App Annie is there about 400 other companies in the so-called “alternative data” -space-a term used by trading firms to describe non-financial intelligence used to make trading decisions. This ranges from organizations like App Annie, which offers app statistics, to companies that sell everything from people receipts by e-mail to literally satellite images. In some advice to his other start-up founders who want to start disseminating this kind of data, Schmitt cryptically remarked that “if investors are users of your data, you can expect the regulators to have a very broad view of how securities laws can be applied. ”
According to the SEC, this settlement is the first time the agency has ever charged one of these alternative securities fraud providers. Given the way this kind of companies tends to work when it comes to handling anyone apps private data, it’s worth assuming it will not be the last.