Regulator takes lead on app threat

PhonepayPlus, the UK regulator of premium rate telephone services (PRS), today issued a consultation to the telecoms and digital industries in order to tackle hidden threats to consumers from apps on smartphones.

As software applications (‘apps’) revolutionise the way digital content is consumed and paid for in the UK, PhonepayPlus has worked closely with industry to understand developments in the apps market. Apps enrich the lives of millions of consumers and children and are an important part of the UK’s digital economy. PhonepayPlus is taking positive action to ensure that rogue providers do not damage consumers’ enjoyment of apps or harm the UK’s growing digital creative economy.

In recent months, PhonepayPlus has taken action on apps which maliciously charge consumers without their knowledge or consent. In one example, a ‘free battery saver’ app contained malware – identified by PhonepayPlus monitoring – that accessed the phone’s text message function, allowing texts to be automatically sent and received. Text messages were sent that subscribed consumers to a premium rate subscription service without the consumer’s knowledge or consent.

PhonepayPlus immediately shut down the service and, following a full investigation, our independent Tribunal imposed a fine of £135,000.

The PhonepayPlus consultation around apps makes clear to providers a number of risks to both consumers and the digital and m-commerce markets. These risks were identified through PhonepayPlus monitoring, consumer complaints to the regulator and discussions with industry stakeholders. The consultation contains a number of key recommendations to providers aimed at both ensuring consumers are protected and that rogue providers are not allowed to wreck havoc in the growing digital economy. These recommendations include:

Consumers’ consent to charge must be clear.
Services operating on a ‘freemium’ model must make clear what is and is not free and consumers must be clearly informed of the price of any extra purchase options before they interact with the service.
Where malware is found, a Tribunal may not consider any proof of consent, such as records of text messages or calls, to be robust enough evidence of a consumer’s consent.
Stored applications must require that the password is re-entered every time the application is opened – this helps prevent children purchasing digital goods (such as virtual credit) without the phone owner’s permission, empowering parents by giving them better control and choice.
‘Exchange rates’ and ‘expiry dates’ for virtual currencies must be clear (e.g. 100 credits = £1).
Paul Whiteing, PhonepayPlus’ Chief Executive, urged a collaborative effort with the communications and creative industries to ensure those industries retain consumers’ digital trust:

“PhonepayPlus is an independent regulator with over 25 years’ unrivalled experience of the premium rate and mobile micropayment markets. This experience has taught us that we need to be nimble and flexible in our approach. We know that the best regulation is one that works collaboratively with industry to pre-empt before problems occur that harm consumers and damage markets.

“We will not hesitate to use our robust sanctioning powers to drive out rogue providers who could damage a vital part of the UK’s growing and innovative digital and creative economies. We ask all businesses involved in the digital market, and the provision of smartphones and apps, to work with us to ensure we retain consumer confidence in digital content.”