Hedge funds embraced alternative data to get market-leading insights without violating insider trading laws, so it was a shock when US regulators fined the leading provider of mobile app data for securities fraud. In this article we’ll examine App Annie’s reactions to the enforcement action and those of challenger Apptopia. It remains an open question how seriously compliance concerns will affect user demand, even as data privacy issues continue to percolate.
App Annie’s response
On September 15, 2021, the day after the SEC’s enforcement action was announced, App Annie’s deputy general counsel posted a blog outlining new controls implemented after June 2018, when the company became aware of the SEC investigation. Those steps included hiring a general counsel thirteen months later and a deputy general counsel in charge of compliance fifteen months after. Not mentioned is the fact that the former CEO Bernard Schmitt, who was ultimately fined and sanctioned by the SEC, remained Chairman of the company until January 2021 and was not removed from the board of directors until the SEC enforcement action was settled.
Additional controls implemented by App Annie included removing public companies from its estimating process ‘by leveraging tools such as CapIQ and others’ and prohibiting ad-hoc manual estimate alterations. A committee was established “to ensure proper representation of product methodology and internal processes” in the company’s sales and marketing efforts. It implemented compliance training and employee compliance attestations.
As a result of actions taken after the SEC enforcement action, App Annie asserts that it is ‘the industry leader in transparency’ and hints that other firms in the industry may utilize material non-public information in their estimation process. In a blog posted the day after the SEC’s announcement, the firm’s general counsel cautioned competitors: “We believe alternative data companies should take note of the SEC order and change their business practices moving forward.” He alleged that practices used by competitors may involve material non-public information: “Since mid-2018, we have implemented processes and controls to prevent ingesting MNPI. We believe that the majority of companies in the alternative data space cannot say the same.” In a public statement, the company’s new CEO made similar allegations: “Many businesses may be unknowingly leveraging data reliant on confidential public company information without explicit consent which we believe puts companies using digital/mobile market data at significant risk.”
Apptopia implements controls
We asked Apptopia, a rival app data provider, about their compliance practices in the wake of the SEC action. According to Jonathan Kay, the firm’s CEO and chief compliance officer, the company has taken steps to prevent the incorporation of MNPI into its estimation process. Apptopia has created a board-level Audit and Compliance Committee comprised of three external board members to monitor compliance policies and metrics. It also created a ‘red alert’ system which notifies the CCO, CFO, HR, and members of the Audit & Compliance Committee of any changes made to the company’s estimation algorithm codebase, including planned changes.
The company obtains an annual risk assessment conducted by multinational law firm DLA Piper. The latest assessment found that ~0.002% of the data used to train the firm’s estimation models was associated with public companies. DLA Piper also conducts annual MNPI training and attestations for key employees and those servicing public equity clients. Apptopia hired NAVEX Global to set up a global whistleblower hotline.
“We’ve gone above and beyond to put in place a compliance program designed to prevent bad actors from causing damage,” said Jonathan Kay in an interview. “From inception, we’ve been committed to building the company and our data estimates the right way.”
Data Privacy
Although insider trading violations are clearly a hot button issue for mobile app data providers, we believe a larger longer-term risk is associated with growing data privacy concerns.
The day after the SEC’s enforcement action was announced, App Annie’s head of data science posted a blog stating that App Annie had adopted operating principles which “embraced privacy, security, transparency and data science best practices.” In a subsequent blog, she outlined the firm’s supervised learning algorithms but did not cover the firm’s data privacy practices.
For his part, the firm’s general counsel disclosed the different data sources App Annie uses: “App Annie leverages various data sources for analysis and for use in our products and services (including estimates), without limitation of the following: (i) our owned panel data apps, (ii) our Connect service [app metrics supplied directly by app owners], (iii) our automated methods that collect data from various sources, including websites and other online sources [i.e., web scraping], and (iv) data partnerships.” However, he did not elaborate on the firm’s data privacy controls.
A 2020 TechCrunch article outlining deceptive data collection practices highlighted App Annie’s use of a subsidiary company’s free apps to collect panel data on app usage, without clearly disclosing the connection between the subsidiary and App Annie. A few months later, App Annie improved its disclosure practices, making clear the connection between the free apps and its usage of the data collected.
Fewer data sources, less risk
In contrast, Apptopia eschews the use of panel data, relying solely on two sources: 1) publicly available data that it collects via web scraping; and 2) data contributed by app owners (similar to App Annie’s Connect service). In a two-part blog, CEO Jonathan Kay outlined the firm’s data methodologies, in part to explain how the firm obtains high correlations with public company KPIs despite using a more constrained set of data sources.
The primary advantage of Apptopia’s approach is that it has no access to personally identifiable information (PII), unlike panel data obtained through VPNs or free software. The data provided by app owners is provided as read-only access through either the Apple App Store or the Google Play Store. The data is aggregated at the app level and governed by the terms of use from Apple and Google, which Apptopia says it reviews quarterly. The company says its web scraping follows industry best practices and is limited to publicly available information such as ranks and ratings available on the Apple App Store and the Google Play Store.
Our Take
To get a sense of the impact of the SEC enforcement action on App Annie’s enterprise, we tracked the changes in the levels of employees registered on LinkedIn as a proxy for business health. Athough there has been a flattening in staffing levels in the two months since September, App Annie’s hiring levels remain above trend. Apptopia’s staffing levels have improved slightly during the period.
For App Annie, the financial sector represents only a portion of its users. Obviously, a $10 million fine is material, but it is not clear that the SEC enforcement action will have a significant impact on its business longer term. Or at least that is how it appears from the firm’s reactive approach to compliance.
App Annie’s closest competitor is Sensor Tower, which launched a new product, ‘Consumer Intelligence’, targeted to the financial sector earlier this year. Previously, Sensor Tower largely ignored the financial sector and therefore limited its compliance focus to data privacy concerns. It is not clear whether Sensor Tower has implemented insider trading controls in the wake of the SEC enforcement action.
In contrast, Apptopia is seeking to carve out a highly compliant niche in the mobile app space, similar to the approach that Facteus is taking with transaction data. This presents its own challenges, such as ensuring the quality of its estimates are at least as good as competitors who may be less compliance-oriented. As data privacy risks increase, the more compliant approach seems to offer longer-term benefits, but the ultimate outcome remains to be seen.