Five common compliance and privacy mistakes in mobile that could land you in trouble and lose you customers

You commonly hear the mobile business being referred to as an ecosystem and there’s a good reason for that. Trust has to exist in the mobile ecosystem between customers and mobile marketers, mobile retailers, et al, otherwise they won’t engage and make purchases. Just one bad mobile experience with one company could cause a customer to lose faith with the mobile business as a whole, to the detriment of all. Companies that break the rules and ignore customer privacy are the killing mobile business just as it is getting started.

With the mobile industry being relatively new, it’s no surprise that there are still many companies running non-compliant mobile campaigns and services, but the authorities, carriers and consumers, and the other players in the mobile ecosystem, are rapidly losing patience. Whether you are planning an SMS campaign, promoting your goods or services by mobile ads or mobile site, or soliciting sign-ups for your premium SMS service or downloads for your mobile app, make sure you don’t make the following mistakes – or you might fall foul of the network operators rules, the Mobile Marketing Association (MMA)’s Consumer Best Practices, the FTC’s Online Advertising Disclosure Guidelines or the Children’s Online Privacy Protection Act (COPPA).

This mobile compliance and privacy piece was written by Mike Grabski and Scott Hirschheimer of Aegis Mobile, a company that provides fraud detection for numerous companies in the wireless industry.
• With additional reporting from mobiThinking.

Five common compliance and privacy mistakes to avoid in mobile

1. Not following opt-in and opt-out rules and regulations

Like email marketing, mobile marketing can be a viable and efficient marketing channel. However, advertisers must make sure the recipients signed up to receive the targeted message. Otherwise your company will just be adding to a problem that is growing rapidly and is attracting more and more attention from both the authorities and the class action lawyers.
In the US alone, the number of spam text messages rose 45 percent last year to 4.5 billion messages, according to Bloomberg.
Many well-known brands have faced legal action for sending unsolicited SMS messages, most recently Papa John’s Pizza. Penalties are becoming increasingly costly – last year Heartland Automotive Services, the largest Jiffy Lube franchisee in America, settled for US $47 million in damages to compensate people who received unwanted text marketing. Other companies that have got into trouble over SMS campaigns in the past include Twentieth Century Fox, Simon & Schuster, Timberland, Rolling Stone and Burger King, reports Tatango.
The carriers and the US Federal Trade Commission (FTC) do not take spam text messages lightly and continue to bring lawsuits against spammers, most recently, a group of affiliate marketers, who sent a staggering 180 million spam text messages that falsely offered gift cards for major US brands.
When your company runs an SMS texting campaign, make sure you understand how your mobile contact list was generated. If you do not have proof that recipients opted-in to your campaign, do not send them a text. Keep in mind that text messaging is not a free medium, even in the United States, as many 12 percent of consumers pay for each SMS they receive, estimates the FTC.

2. Using deceptive advertising techniques

Deceptive advertising – making false claims or misleading statements in marketing/advertising campaigns – is a huge issue for all media types, including mobile. The Mobile Marketing Association (MMA) has set the standard for companies to follow when engaging in customer-facing mobile campaigns with an all-encompassing set of Consumer Best Practices (2011). These guidelines were agreed upon by the US carriers (the guidelines have been incorporated into the networks’ rules), aggregators and mobile content providers alike and many companies’ campaigns now comply.

In March 2013, the FTC’s new version of the Online Advertising Disclosure Guidelines made it explicitly clear – if there was any doubt – that the rules of customer engagement are the same whether it is mobile, desktop or offline. There is the same obligation to describe products and services truthfully, and in a manner that ensures consumers understand what they are paying for or signing up to. In days where smartphones can browse PC sites, the guidelines place an onus on Website owners to ensure that disclosures can be easily read whatever the access device, and whatever the screen size (making it increasingly important to have a mobile-friendly Website).

The FTC has, long-since, been chasing companies that use deceitful techniques to solicit sign-ups to premium subscription SMS services, but FTC has also taken action against companies that make unsubstantiated claims about other mobile products, including mobile apps. In 2011, the FTC clamped down on two companies that claimed their apps “AcneApp” and “Acne Pwner” treated acne with colored lights emitted from smartphones or mobile devices. In a settlement both app publishers agreed to cease making “baseless claims” and paid fines.

• For analysis of FTC guidelines see: Websites must be mobile-friendly to comply with FTC’s new digital advertising guidelines.

Here are some of the most common deceptive advertising techniques used in the mobile industry:

• Stacked marketing: The MMA guidelines define stacked marketing (also known as co-registration) as the cross selling of several Premium SMS (PSMS) promotions from the same or different sponsors. While this is prohibited, it remains the most widely used deceptive advertising technique in mobile marketing.
For example, a customer is presented one offer and they decide it is not for them. When they try to leave the page, a popup with a new offer is presented. This is considered stacked marketing and is against the rules of the MMA.

• Incentive marketing: marketers commonly offer incentives – e.g. win a free iPad, free download of a song or ringtone – to encourage consumers to sign up to mobile services. Them MMA says that if an “incentive” is being offered, then it must be delivered once the user complies with the terms of the agreement. The terms of the agreement must be accepted before the user is billed for the mobile product/service.
An example of violation would be where the customer enters their mobile number for the chance to enter iPad, but is unwittingly signing up to a subscription-based text program. See the Wal-Mart gift-card scam example below.

• Not disclosing pricing upfront: the MMA guidelines state that the subscription price and frequency of payment must be “within 125 pixels” of where the customer enters their phone number on the call-to-action (CTA) Webpage. It should be clearly stated in a normal-sized font (12 point or above) and numerical format e.g. $9.99 per month.
Many consumer complaints about mobile services stem from not realizing that they signed up for a premium mobile subscription service until they notice fees being added to their cell-phone bill. It doesn’t matter whether the pricing model was not disclosed or was hidden in the terms and conditions (which consumers rarely read), as such campaigns are breaking the MMA rules.

• Hiding non-compliant pages with cloaking techniques:
Cloaking is a black hat (hacking) technique used by fraudsters and unscrupulous affiliate and search marketers, whereby the Web visitors are shown one page, while regulators, carriers, search-engine spiders etc. are shown another.
Cloaking allows deceptive marketers to show customers a misleading or fraudulent landing page, when they click through from an advertisement, while showing the authorities that are auditing the campaign a compliant page.

• Use of generic mobile identification number (MIN) entry pages: The MMA and carrier guidelines require that opt-ins must be specific to each shortcode, campaign or service. The opt-in page must be controlled by the content provider (rather than an affiliate) and must disclose full details of the service. This means that companies that use a generic MIN entry page to obtain conversions for all their programs are non-compliant and sign-ups on pages that do not display the specific shortcode for the campaign do not count as an opt-in.

Most mobile carriers monitor their networks for deceptive advertising techniques. In many cases, they work with a third-party agency to help keep their mobile networks safe for their customers.

In recent years, the FTC has turned up the heat on the digital media business, with implications that affect Internet and mobile advertisers/publishers alike. In 2012, for example, the FTC won a settlement against Intermark Communications/Copeac. Copeac allegedly owned and operated fake news sites that made false claims about the health products it sold. Consumers were attracted to the sites via a network of affiliates. In the settlement the defendants agreed to pay more than $1.3 million, but the FTC also made Copeac responsible for monitoring all its affiliate marketers and to refuse to process any payments generated by affiliate marketers using deceptive advertisements.

3. Violating the COPPA Act

The United States has strict rules on the collection of personal information from children aged under 13. The Children’s Online Privacy Protection Act (COPPA) 2000 states:

“Before collecting, using or disclosing personal information from a child, an operator must obtain verifiable parental consent from the child’s parent. This means an operator must make reasonable efforts (taking into consideration available technology) to ensure that before personal information is collected from a child, a parent of the child receives notice of the operator’s information practices and consents to those practices.”

Digital services that are aimed at Children or likely to attract children, should give written notice that it wishes to collect personal information from the child; that the parent’s consent is required for the collection. This includes the collection of name, address, email address, hobbies etc for whatever reason e.g. running a contest, marketing or allowing the child to use a chat room.

While COPPA was brought in before mobile Web, apps and services took off, the FTC has made it clear that mobile media is definitely within COPPA’s remit. In 2011 the FTC won a settlement against W3 Innovations/Broken Thumbs Apps, which published a series of apps for iPhone/iPod apps for girls. The FTC alleged the defendants collected and maintained thousands of email addresses from users of the “Emily” apps, by encouraging them to email “Emily” their comments and submit blogs to “Emily’s Blog” via email.

COPPA is being modified in July 2013 to take into account of the way children use and access the Internet, including the increased use of mobile devices and social networking. It will also extend the rules, so that third parties such as companies offering plug-ins to mobile apps and sites and ad networks can’t collect data on children without the permission of the parents.

4. Phishing and SMiShing

Phishing is a fraudulent attempt to obtain information such as passwords, usernames, credit card numbers, etc. from a user. For many years fraudsters have been using email and sham Websites for identity theft-type crimes, now they are also turning their interest to mobile media, including SMS. In a 2012 SMiShing scam (as this type of crime is dubbed), unsuspecting users were sent text messages claiming that they had won a $1,000 Wal-Mart gift card. To claim the prize, they were instructed to click on the Web link and enter their information. Through that submission, they were giving the spammers their personal information and often opting into a mobile subscription. Wal-Mart had to send a fraud alert warning consumers about the scam and underlining that neither the texts nor the mobile site that the SMS linked to were anything to do with Wal-Mart.
Phishing and SMiShing have become a serious problem in the industry. The majority of cell phone users have received a similar text message to the Wal-Mart scam at some point. The cell phone carriers, FTC, attorney generals and compliance agencies have made preventing phishing and SMiShing attempts a top priority.
The viral effects of such tactics continue to weaken the host ecosystem and calls for some form of immune response.

5. Failing to have a legal review of your advertising copy, privacy policy, rules and regulations

The legal review is one of the most important tasks and one that many companies fail to perform. If you have a legal department, use them. If you don’t, follow the MMA and FTC guidelines to make sure your mobile campaign is compliant.
Mobile is growing and changing everyday, so it is of the utmost importance for your legal and marketing team to stay up to date with the rules and regulations of the mobile industry. As many companies have learned, the slightest mistake can land you in a lot of trouble and can cost your company a fortune – both in money and in public relations.
Many children under the age of 13 have a cell phone, so it’s very easy for scammers to target children as they are less likely to understand the ramifications of their actions. They don’t need a credit card to start racking up charges on their cell phone bill – they just need access to a cell phone.
The carriers, the FTC and third-party compliance agencies take these violations against children very seriously.


There are many ways for an organization to get in trouble within a mobile campaign. It is up to all parties to do their part to maintain a clean mobile ecosystem. Mobile is one of the fastest-growing industries in the world and the use of mobile as a marketing medium is catching on fast. The most important participant in this ecosystem is the consumer – they will only continue to engage if they feel safe and can trust providers of mobile products and services. If companies continue to abuse consumer trust by breaking the rules, either flagrantly or out of ignorance, consumers will opt-out of mobile for good. What’s more, rule breaking will only lead to more attention from the regulators – and more legislation will be a bitter pill to swallow.

Don’t miss:

• Websites must be mobile-friendly to comply with FTC’s new digital advertising guidelines
• The insiders’ guides to world’s greatest mobile markets • New country guide: Sweden
• Mobile/smartphone sales 2012: the big picture
• Guide to mobile ad networks • Latest ad network profiles: Hands; • Twinpine
• Guide to mobile agencies • Latest agency profiles: PontomobiThe Hyperfactory
• Guide to mobile industry awards • Check out the video case studies: GSMA Global Mobile Awards
• Mobile events 2013 • best conferences, great discounts and free tickets •
• The big compendium of global mobile stats
• Most popular content on mobiThinking in 2012

Image credits: teaser image ©: Christos Georghiou “An illustration of a cell phone with a fist full of dollars coming out of the screen” via Shutterstock.

Leave a Reply

Exclusive tips, how-tos, news and comment

Receive monthly updates on the world of mobile dev.

Other Products

Market leading device intelligence for the web, app and MNO ecosystems
DeviceAtlas - Device Intelligence

Real-time identification of fraudulent and misrepresented traffic
DeviceAssure - Device Verification

A free tool for developers, designers and marketers to test website performance
mobiReady - Evaluate your websites’ mobile readiness

© 2023 DeviceAtlas Limited. All rights reserved.

This is a website of DeviceAtlas Limited, a private company limited by shares, incorporated and registered in the Republic of Ireland with registered number 398040 and registered office at 6th Floor, 2 Grand Canal Square, Dublin 2, Ireland