Amplitude Inc.'s technology embedded in popular mobile apps surreptitiously siphons millions of consumers’ geolocation data and other sensitive information it shares with third parties, a DoorDash customer’s proposed federal class action said.
The analytics company’s technology integrated into shopping, productivity, dating, gaming and other types of apps harvests private data and shares it with marketing platforms such as Facebook Ads and TikTok Ads without app users’ consent, according to a complaint filed Thursday in the US District Court for the Northern District of California. Amplitude also collects consumers’ names and email addresses which, together with geolocation data, reveals where users live, work, and frequently visit, it said.
The software company acquired “first-party data” directly from consumers through computer code in its software development kit that developers can integrate into apps to perform tasks, the proposed class action said. More than 40,000 mobile app developers use Amplitude’s technology that “enables backdoor access to consumers’ devices and opens a data collection pipeline directly from consumers to Amplitude,” the complaint said.
“Amplitude collects information across multiple apps and identifies each consumer by a unique ID thus creating a digital dossier for the consumer, which includes information about the locations they have visited, the apps they use, their In-App Activity, and their interests, among other things,” it said.
The company’s “entire business model” relies on collecting and sharing data with other companies, it added, noting geolocation collection could reveal sensitive locations related to people’s medical care, reproductive health, and religious affiliations.
DoorDash app user Kyle Atkins, a California resident alleged in the putative class action that Amplitude’s practices violate federal and state wiretap statutes by intercepting electronic communications, as well as state invasion of privacy and computer data fraud statutes.
Atkins alleged Amplitude designed its system to intercept the content of electronic communications between users and apps. DoorDash app developers integrated the technology into its platform, which enabled Amplitude to collect timestamped geolocation data, device fingerprint information, and the names of restaurants Atkins viewed without his knowledge, the filing said.
Atkins enabled the DoorDash app to use his phone’s location services for delivery purposes, the complaint said. He didn’t consent to Amplitude’s data collection because he had no knowledge of it, it said.
Amplitude didn’t act as a “mere extension” of apps because it used intercepted communications for its own purposes, the complaint said. The company violates California law, which prohibits the installation of a “pen register"—or a device that records addressing or signaling information—without first obtaining a court order, it said.
The company has been “unjustly enriched” with the data it obtained from Atkins and other users, according to the complaint.
The proposed class action seeks injunctive relief and damages including disgorgement of profits.
Amplitude didn’t immediately return Bloomberg Law’s request for comment. Its counsel hasn’t yet entered into appearance.
Atkins and the proposed class are represented by Edelson PC.
The case is Atkins v. Amplitude, Inc., N.D. Cal., No. 3:24-cv-04913, complaint filed 8/8/24.
To contact the reporter on this story:
To contact the editor responsible for this story:
Learn more about Bloomberg Law or Log In to keep reading:
See Breaking News in Context
Bloomberg Law provides trusted coverage of current events enhanced with legal analysis.
Already a subscriber?
Log in to keep reading or access research tools and resources.