On Tuesday, the Securities and Exchange Commission announced it was charging App Annie—a major mobile data provider—with securities fraud, alleging that the California-based company made “material misrepresentations” to customers and investment firms over the data it was collecting and pawning off. App Annie has agreed to pay $10 million to settle the investigation, the SEC said.
While the Commission’s issued massive fines over data privacy issues before, they’ve largely focused on companies like First American or Pearson misleading investors and shareholders about their respective company’s paltry cybersecurity practices. App Annie’s case, as the SEC lays out, is a bit different. Instead of the company accidentally leaking sensitive details about its clientele, it says App Annie simply promised its customers it would use its data one way, and then backtracked on that pledge behind the scenes. It shows that the data broker industry can have wide-ranging effects that go far beyond targeted advertising.
The SEC’s order lays out the claims in more detail. App Annie, for those who don’t know, is a company that aggregates countless people’s app data using a bevy of sources, like ad networks and consumer panels. App Annie then sells off that data as a standalone product—“Intelligence”—to customers looking to figure out, say, estimates like an app’s overall usage, revenue, or downloads. From 2014 to 2018, the order notes, more than 100 trading firms were paying App Annie for this product to help guide their investment decisions.
Understanding where Intelligence went wrong—and how these firms were misled, and why—is... complicated. We’ll do our best to break it down:
1. One of App Annie’s flagship tech products is called Connect, which the company offers free of charge to any developer looking for some easy analytics. In exchange, App Annie gets access to pretty confidential app information: that app’s total usage numbers, its total revenue, how well it’s retaining users, and more. This data is ultimately what fuels App Annie’s Intelligence product further down the line.
2. App Annie told app developers that eventually, yes, its data will be churned into some sellable product as part of its Terms of Service—but promised that their data would be anonymized using “aggregated pools of information,” before that happened.
The company also promised that it had certain checks in place to comply with federal securities laws when handling apps from publicly traded companies that would onboard its tech. In these cases, the SEC wrote, App Annie promised companies that they could onboard the analytics without their confidential details leaking into a larger product down the line.
3. The biggest snag was that App Annie didn’t actually see those promises through. Per the SEC, App Annie “failed to direct anyone at [the company] to document any such policy until 2017—even though App Annie was making these promises since late 2014. And even then, there was still some public company data being used. Per the doc:
When App Annie first documented a policy restricting the use of public company Connect Data in April 2017, the policy only required that the statistical model exclude app revenue data from certain public companies (i.e., those whose app revenue exceeded 5% of the company’s total revenue), and placed no limitations on the input of app download and app usage data from public companies into the statistical model.
Up until the company learned about the SEC’s investigation in June 2018, “all app download data, all app usage data, and certain app revenue data from public companies were used in App Annie’s statistical model,” the SEC wrote. And it gets worse from there.
4. Between 2015 and 2016, the SEC claims that the App Annie team became “increasingly concerned” over complaints that its Intelligence estimates weren’t accurate enough to the real-world performance figures being generated in Connect user’s apps. In an effort to get customers to stop leaving for competitors, App Annie had two options: overhaul the algorithms that were baked into Intelligence, or commit fraud. Since said overhaul would be “too expensive and time-consuming to implement,” the company apparently went with option B. (App Annie does not admit wrongdoing, it just does all the things one does when one is guilty of wrongdoing.)
5. A team of App Annie engineers based out of Beijing was told by then-CEO Bertrand Schmitt to insert a secret, extra step to the end of Intelligence’s existing algorithmic workflow: “error halving.” This step, the SEC explained, compared the real, confidential intel—like app revenue and usage data—that App Annie was able to glean from Connect users against whatever estimates Intelligence was going to spit out for subscribers. If those figures were too far apart, this step would “cut the difference by half,” and swap that number into Intelligence instead.
6. Apparently, this entire process was such a secret that nobody at the company, barring Schmitt and his team out in China, even knew it existed. Customer-facing reps and executives didn’t know that they were selling investment firms on data that might have fudged some securities laws, and investment firms didn’t know they were using those details to buy or sell stocks. The only difference was that somehow, someway the numbers App Annie was giving out about public company’s apps were a whole lot closer to what those companies were reporting in earnings calls.
7. Investors were happy (and profitable), which meant App Annie was happy (and profitable)—at least until the SEC came into the picture. As soon as the company caught wind of the Commission’s investigation, the SEC writes, App Annie hit the breaks on everything: it cut out public company data from its statistical models, stopped fudging those models with secretly added data, and got a new CEO after Schmitt mysteriously decided to resign.
That brings us to the current day, and the current charges, which can be best summed up with this statement from Gurbir Grewal, overseer of the SEC’s Enforcement division:
The federal securities laws prohibit deceptive conduct and material misrepresentations in connection with the purchase or sale of securities. Here, App Annie and Schmitt lied to companies about how their confidential data was being used and then not only sold the manipulated estimates to their trading firm customers, but also encouraged them to trade on those estimates—often touting how closely they correlated with the companies’ true performance and stock prices.
Yep, that definitely sounds kinda fraud-y alright!
App Annie, for its part, didn’t admit to the agency’s findings—but it didn’t deny them, either. On top of the company’s $10 million penalty, Schmitt will need to pay his own $300,000 fine, and will also be barred from serving as an officer or director over any public company for the next three years.
In the aftermath of the SEC’s announcement, both App Annie and Schmitt put out their own statements. App Annie’s memo notes that the investigation “did not relate to our current products, nor did it relate to our current relationships with customers.” Schmitt, meanwhile, stepped down from App Annie’s board of directors, and put out a post to his Linkedin followers letting them know he was Extremely Sorry™:
We were moving fast and innovating in a new space, but we always understood that compliance was a critical element of the business to ensure that customers could trust the estimates we provided to them. We had obtained legal advice on compliance procedures and even hired an in-house compliance team, but as a private company we did not understand that our level of controls around the use of confidential data in our estimates for Intelligence Reports could form the basis of an SEC action. Indeed I believe that the SEC’s claims represent a significant expansion of existing law.
Aside from App Annie, there are roughly 400 other companies in the so-called “alternative data” space—a term trading firms use to describe non-financial intel used to make trading decisions. This ranges from organizations like App Annie offering app stats, to companies selling off everything from people’s email receipts to literal satellite imagery. In a bit of advice for his fellow start-up founders wanting to get into brokering this kind of data, Schmitt cryptically noted that “if investors are users of your data you can expect that regulators will take a very broad view of how the securities laws may be applied.”
Per the SEC, this settlement marks the first time the agency has ever charged one of these alternative data providers with securities fraud. Given the way these sorts of companies tend to operate when it comes to handling any app’s private data, it’s worth assuming it won’t be the last.