Vlingo

The popular Android app Vlingo has come under a bit of fire the past several days, as it seems the application is sending a bit more data than they explain in their privacy agreement.  The folks over at Android Pit found some things that raised a few eyebrows, so we reached out to Vlingo to see what was what, and if we need to worry.  We spent some time talking to product engineers, and our conclusion is that everything's on the up-and-up, but there were some issues with the way their privacy agreement was written or presented to the user and a software bug or two at work.  

Things get a little muddy, partially because there's more than one Android version.  One is available in the Market for any device to download, and there's a more customized version offered by OEM's like Samsung on the Galaxy Note.  Different versions with different licenses and agreements simply led to the wrong version of the privacy agreement being presented to the user.  The developers and staff at Vlingo recognize that there's an issue, and were completely transparent about the entire thing.

They also came across a bug that allowed the service to run even if the user initially canceled the request, and another that sends location data when none is requested.  Again, Vlingo was up front about the issue and answered any questions we asked.  They even have set up an opt-out process for folks who don't want to use the product with these issues, and they will delete all user data from anyone who requests it.

Yes, it's bad when software bugs force an application to send the wrong data.  It's also bad when users aren't presented with the correct use policies -- even though most would never read them.  But these types of things happen, and the real test is how the company reacts when presented with issues of this sort.  And Vlingo aced it.  They were courteous, and seemed genuinely concerned about the issues, without trying to back pedal or lay the blame at someone else's feet.  This kind of transparency with the community is exactly what we deserve and expect.  Hit the break for the official statement, in its entirety.

More info about the privacy concerns: Android Pit

 

We take any claims about our customers’ privacy and security very, very seriously.  We certainly appreciate that we have individuals who are passionate enough about Vlingo’s products and about their own privacy rights to conduct this sort of in depth investigation.  No question it has raised some real issues, and we have already begun to address the bugs internally. 

First, to be clear, Vlingo does make use of information about each device in order to improve the quality of our service.  Some examples of this include:

  • We use the current location of the device to improve search results, for example, to display nearby restaurants when the user does a restaurant search.
  • We use the device make & model to improve recognition accuracy since microphone characteristics can vary from one type of device to the next.
  • We use names from the address book on the device to improve speech recognition accuracy (and to spell those names correctly) when users speak those names while performing tasks like voice dialing or SMS dictation.
  • We use song titles and artist names from music on the device to improve speech recognition accuracy when users speak those names while requesting that specific music be played.
  • We use the carrier information to work around some issues we’ve found on some carrier-specific wap gateways

While we transmit and store this information, Vlingo itself does not store any user-identifiable information—meaning we have no way to associate a list of songs or contact names to the user they came from. 

Even though we intend to be very transparent about what information we are using in our Privacy Policy, we have discovered that our Privacy Policy is somewhat out of date.  For example, we are not mentioning the fact that we are sending song titles and artist names from the device.  We will be updating the Privacy Policy to reflect this.

The above information is currently being sent via the HTTP protocol.  We are in the process of migrating our communication protocols from HTTP to more secure HTTPS.  Already, some of our client applications are using HTTPS, and new versions of our applications will be using HTTPS in the future.

In many cases, we are using the device IMEI as the unique identifier to distinguish communication from different devices to our system, which matches the convention used by many other mobile applications to identify unique devices.  The IMEI cannot be used to track the actual identification of the user, but we understand that in some rare cases, the IMEI can be abused.  We’re investigating switching to other mechanisms like cookies in the future.

We have found several bugs that are causing us to send more data than we intend:

  • If you start the application for the first time using the widget (and only using the widget) and then cancel out of the initial disclaimer, we are currently sending some device-specific data to the server erroneously.
  • Our application is currently including the device location information with device information like contact names and song titles.  Our intention is to only send location with a speech recognition request, and the location should be omitted from background device-information transmissions.

These issues are errors and are by no means intentional.  We plan to fix them as soon as possible and will release updates to the user community as well as through our OEM partners.  In addition, we will be improving our processes to ensure that our application behavior with respect to privacy matches our intention.

For users who are happy with the Vlingo application and want to continue using it, we thank you and recommend that you continue using the service.  For users who want to stop using Vlingo and are concerned that our servers can still contain data from your device, you can contact support@vlingo.com with your IMEI, and we will remove sensitive information such as contact names from our servers.

Again, we are grateful to the individuals that uncovered these security issues.  We are all very proud of the service that Vlingo provides to millions of happy active users, we apologize for these mistakes, and we are doing all we can to ensure that our users can continue accessing our application in full knowledge that their personal information is secure.

Latest And Best Prime Day Deals

Amazon's Fire TV Cube is down to just $70 thanks to this Prime Day deal
Amazon Fire TV Cube
$69.99 $119.99 Save $50

Save $80 on the Neato D4 robot vacuum during this Prime Day Lightning deal
Neato Robotics D4 Alexa-enabled laser-guided robot vacuum cleaner
$319.99 $400.00 Save $80

Time is running out. And so is the supply. Grab it while you can.

Grab TCL's 32-inch 720p Roku TV for less than $100 in this Prime Day Lightning deal
TCL 32S325 32-inch 720p Roku TV
$99.99 $130.00 Save $30

Act fast while you can. These Lightning deals tend to sell out quick.

The Ring Alarm security system is reaching new low prices for Prime Day
Ring Alarm home security systems

Various configurations of the Ring Alarm are discounted to their best prices yet exclusively for Prime members at Amazon through Tuesday night to help keep your home secure.

The Sonos Beam Prime Day deal includes a $40 discount and 2 $50 Amazon gift cards
The Sonos Beam Prime Day deal includes a $40 discount and $100 in Amazon gift cards
$359.00 $499.00 Save $140

That's just so much savings in one deal. You'll have to wait for the physical gift cards, but that's basically $100 to spend however you want.

Prime Day dropped this PlayStation 4 console bundle to just $250
PlayStation 4 Slim 1TB console with Marvel's Spider-Man and Horizon Zero Dawn
$249.99 $359.98 Save $110

This deal on the PlayStation 4 Slim console saves you $50 off its regular price while also including Marvel's Spider-Man and Horizon Zero Dawn Complete Edition for free. You'll just need an Amazon Prime membership to snag it.

The newest device in the Echo family, the Show 5, is now down to just $50
Echo Show 5
$49.99 $89.99 Save $40

It's only been on the market since May, but it hasn't escaped the Prime Day price cuts.

Amp up your home security with these huge Prime Day discount on nearly all Ring products
Save on Ring products today only

Whether you need a video doorbell, whole home alarm system, or some lights to brighten a dark area, Amazon has it all marked down today!

More Prime Day Deals