Industry News

La Liga fined €250,000 after Android app spied on football fans

The Spanish football league La Liga has been hit with a fine of 250,000 euros (approximately US $280,000) after its official Android app was found to be sneakily listening to people’s surroundings when soccer matches were being played.

According to reports, audio recorded through the Android smartphone’s microphone was combined with GPS location data in an attempt to determine if bars and restaurants were airing live matches without a license.

In effect, millions of football fans were recruited into an army of spies for the Spanish soccer league, helping it crack down on piracy.

To give La Liga some credit, it’s an ingenious use of modern technology.

But not everyone is impressed.

As well as disgruntled fans giving the Android app poor reviews on the official Google Play store, the Spanish data protection agency (AEDP) has weighed in hitting La Liga with a hefty GDPR fine.

And, by all accounts, it was the introduction of GDPR legislation in May 2018 that may have prompted realisation amongst app users about the app’s unusual behaviour.

When the spying behaviour was first highlighted by the Spanish media a year ago, La Liga said that “nobody accesses the audio fragments captured by the microphone” as the audio “automatically becomes a signal, a binary code.”

The snooping was said to only occur in Spain, and “without storing any recording or content.”

In response to the fine from the AEDP, La Liga says it disagrees with the ruling, which it considers unfair, and is launching an appeal. The league claims that for the microphone functionality to be active, users had to expressly give their informed consent on two occasions.

La Liga further argues that it would not be acting diligently if it did not use all the means and technology at its disposal to fight against piracy and fraud, which it estimates costs it 400 million euros per year.

The Google Play store shows that the La Liga app has been downloaded more than 10 million times. I wonder how many of those football fans didn’t understand fully quite why the app was requesting access to their microphone and location…

About the author


Graham Cluley is an award-winning security blogger, researcher and public speaker. He has been working in the computer security industry since the early 1990s, having been employed by companies such as Sophos, McAfee and Dr Solomon's. He has given talks about computer security for some of the world's largest companies, worked with law enforcement agencies on investigations into hacking groups, and regularly appears on TV and radio explaining computer security threats.

Graham Cluley was inducted into the InfoSecurity Europe Hall of Fame in 2011, and was given an honorary mention in the "10 Greatest Britons in IT History" for his contribution as a leading authority in internet security.

1 Comment

Click here to post a comment
  • Hi Graham,

    Good article, note a small correction, as it is AEPD instead of AEDP.
    Regarding the case, well I cannot stop warning people about this kind of behavior, ussually you pay with your data what is free, even sometimes you paid again with your data for something you already paid.
    It is this sad…we are commodities. But still today, people still do not care about. Lots of work still pending to do.