Pandora has been served a subpoena related to a federal investigation into personal information shared by smartphone apps "that run on the Apple and Android mobile platforms," according to an update to the SEC filing that announced the company's plans for an IPO.
Pandora said the government has informed the company it is "not a specific target in the investigation." The company believes other subpoenas "were issued on an industry-wide basis to the publishers of numerous other smartphone applications."
The investigation is most likely the result of a December 2010 Wall Street Journal article that showed what user data is shared by a wide range of popular smartphone apps. Other apps investigated for the article include Facebook, Foursquare, the New York Times, Shazam and Groupon.
Of the 101 apps the Journal investigated, 56 were found to transmit the user's phone ID without the user's consent while 47 were found to transmit the phone's location and five sent age, gender and other personal details. The Journal found that Pandora's apps for iPhone and Android shared age, gender, location and phone ID information with third parties.
What will become of this investigation is difficult to say at this point. In its SEC filing, Pandora warned it may be subject to "fines by credit card companies and loss of our ability to accept credit and debit card payments" as a result of claims or allegations that it violated laws and regulations related to privacy and data security. But keep in mind that this statement came in the filing's "risk factors" section. Companies are required to disclose this type of contingency in order for investors to decide whether or not to invest in their stocks. Thus, Pandora's admission of risk surrounding the subpoena is less a dire warning and more a legal obligation.