Skip to main content

Spotify needs to crack down on labels’ apps snatching user data

Spotify seems to have learned little from the Facebook developer platform’s scandals despite getting a huge boost from the social network in its early days. Spotify has been caught allowing record labels to grab tons of unnecessary user data and permissions to even control their accounts just so people can “pre-save” upcoming song releases.

An investigation by Billboard’s Micah Singleton found major label Sony’s app for pre-saving demanded access to users’ email address, what you’ve listened to and saved to your library, playlists you’ve made or subscribed to, artists you follow, and what you’re playing right now. It also asks to be able to take actions on your behalf including change who you follow, add or remove songs from your library, create/edit/follow playlists, and even control Spotify on your devices.

Spotify Pre Save Developer Abuse

An example of Universal Music Group’s pre-save app that asks for unnecessary user data and access permissions

This means that by agreeing to use a pre-save feature, a record label could index you music tastes and determine your current mood for marketing purposes, subscribe you to all of their artists and playlists, force you to create playlists that include their artists or add them to your existing playlists, and delete or unfollow any music or artists represented by their competitors.

Since users often speed through platform app permission screens assuming they’re just asking for what’s required, many likely gave up valuable data about themselves and the ability to manipulate their accounts without fully understanding what was happening. Other major labels like Warner and Universal’s pre-save apps like this one similarly ask for 10 types of permission — most extraneous.

In reality, the only permission a pre-save app should need is to be able to add the song you wanted to pre-save to your library. Anything else is theoretically prohibited by Spotify’s developer policy section 5.2: “You will only request the data you need to operate your Spotify Developer Application.” If you’ve used these apps, you can go into your Spotify account settings here to remove their access.

In a post-Cambridge Analytica world, platforms like Spotify should know better than to let developers run amok without proper oversight. That’s why I was so disappointed when Spotify refused to provide a statement, explanation, or even talk with me about the issue.

Offering a flexible developer platform has plenty of advantages for users. Apps for DJing with streaming music, discovering new bands, or synchronizing playback with friends could be built with rightful and transparent use of Spotify’s APIs. But for something as simple and common as volunteering to have a new song from your favorite band show up in your library on the day it’s released shouldn’t become a lure for an exploitative data grab.

That’s why Spotify should build its own in-house pre-save app that labels could all use to pre-promote their releases. Approved labels and their artists should be able to punch in their upcoming single’s Spotify URL and get a shareable link back that they can distribute through social media or wherever that only grants permission to pre-save that specific song, and that expires once that action is completed.

Spotify vs Apple Music Subsscribers

Spotify is widening its subscriber lead over Apple Music

Otherwise, Spotify risks losing all the goodwill its built up with listeners by being a music-first company compared to competitors like Apple and Google where music is a rounding error. Apple Music provides app developers with less data about users.

Just today Apple Music announced it has 60 million subscribers, lagging increasingly further behind Spotify which now has 100 million subscribers and 217 million total monthly users. Spotify already dominates cultural mind share for streaming, having used the playlists it controls to become a hit-maker and gain leverage over the labels for royalty negotiations. But turning a blind eye to shady developers just because they own the music it streams could make listeners question their loyalty and stray to Apple, which is notoriously serious about privacy.

If Spotify is unwilling to push back on data abuse by its record label partners, then it’s undeserving of users’ ears and subscription dollars.



from TechCrunch https://ift.tt/2NxJ5XR
Labels:

Comments

Post a Comment

Popular posts from this blog

How To Play Doom – And More – On An NES

Doom was a breakthrough game for its time, and became so popular that now it’s essentially the “Banana For Scale” of hardware hacking. Doom has been ported to countless devices, most of which have enough processing ability to run the game natively. Recently, this lineup of Doom-compatible devices expanded to include the NES even though the system definitely doesn’t have enough capability to run it without special help. And if you want your own Doom NES cartridge, this video will show you how to build it . We featured the original build from [TheRasteri] a while back which goes into details about how it’s possible to run such a resource-intensive game on a comparatively weak system. You just have to enter the cheat code “RASPI”. After all the heavy lifting is done, it’s time to put it into a realistic-looking cartridge. To get everything to fit in the donor cartridge, first the ICs in the cartridge were removed (except the lockout IC) and replaced with custom ROM chips. Some modifica...
Post a Comment
Read more

Try NopSCADlib for your Next OpenSCAD Project

Most readers of this site are familiar by now with the OpenSCAD 3D modeling software, where you can write code to create 3D models. You may have even used OpenSCAD to output some STL files for your 3D printer. But for years now, [nophead] has been pushing OpenSCAD further than most, creating some complex utility and parts libraries to help with modeling, and a suite of Python scripts that generate printable STLs, laser-ready DXFs, bills of material, and human-readable assembly instructions complete with PNG imagery of exploded-view sub-assemblies. Recently [nophead] tidied all of this OpenSCAD infrastructure up and released it on GitHub as NopSCADlib . You can find out more by browsing through the example projects and README file in the repository, and by reading the announcement blog post on the HydraRaptor blog . Some functionality highlights include: a large parts library full of motors, buttons, smooth rod, et cetera many utility functions to help with chamfers, fillets, precis...
Post a Comment
Read more

The Newbie’s Guide To JTAG

Do you even snarf? If not, it might be because you haven’t mastered the basics of JTAG and learned how to dump, or snarf, the firmware of an embedded device. This JTAG primer will get you up to snuff on snarfing, and help you build your reverse engineering skills. Whatever your motivation for diving into reverse engineering devices with microcontrollers, JTAG skills are a must, and [Sergio Prado]’s guide will get you going. He starts with a description and brief history of the Joint Test Action Group interface, from its humble beginnings as a PCB testing standard to the de facto standard for testing, debugging, and flashing firmware onto devices. He covers how to locate the JTAG pads – even when they’ve been purposely obfuscated – including the use of brute-force tools like the JTAGulator . Once you’ve got a connection, his tutorial helps you find the firmware in flash memory and snarf it up to a file for inspection, modification, or whatever else you have planned. We always apprec...
Post a Comment
Read more