Before the
Federal Trade Commission
Washington, D.C. 20580
In the Matter of:
META PLATFORMS, INC.
(formerly Facebook, Inc.)
a Delaware corporation
Docket No.
[TO BE ASSIGNED]
Filed: December 2025
Complaint for Deceptive and Unfair Trade Practices
Pursuant to Section 5 of the Federal Trade Commission Act, 15 U.S.C. 45
Nature of Complaint
This complaint alleges that Meta Platforms, Inc. ("Meta" or "Respondent") has engaged in unfair and deceptive acts or practices in violation of Section 5 of the Federal Trade Commission Act by implementing undisclosed audio surveillance capabilities in its Facebook iOS application that capture ambient audio from users' devices without adequate notice or meaningful consent, and in direct violation of prior FTC consent orders.
I. Background and Jurisdiction
The Federal Trade Commission has jurisdiction over this matter pursuant to Section 5 of the Federal Trade Commission Act, 15 U.S.C. 45, which prohibits "unfair or deceptive acts or practices in or affecting commerce."
Respondent Meta Platforms, Inc. is a Delaware corporation with its principal place of business at 1 Hacker Way, Menlo Park, California 94025. Meta operates the Facebook social media platform, including the Facebook iOS application ("Facebook iOS" or "the App").
At all times relevant to this Complaint, Meta has maintained a substantial course of trade in the advertising, marketing, distribution, and provision of the Facebook iOS application to consumers throughout the United States.
The practices alleged herein have caused, are causing, or are likely to cause substantial injury to consumers in the United States.
II. Prior FTC Enforcement History
Meta has a documented history of privacy violations that have resulted in significant FTC enforcement actions:
| Year | Action | Key Provisions | Status |
|---|---|---|---|
| 2012 | FTC Consent Order | Required express consent before materially changing privacy practices; barred misrepresenting data collection practices | Violated |
| 2019 | $5 Billion Settlement | Enhanced privacy program requirements; established independent privacy committee; extended consent order for 20 years | Violated |
| 2019 | Modified Consent Order | Imposed CEO certification requirements; mandated comprehensive privacy assessments | Under Review |
Key 2019 Consent Order Requirements
- Obtain affirmative express consent before sharing user data beyond privacy settings
- Implement comprehensive privacy program subject to independent assessment
- Notify users about unauthorized access to their data
- CEO and designated compliance officers must certify privacy compliance quarterly
III. Statement of Facts
Independent security research conducted in December 2025 has documented four major categories of deceptive conduct related to audio data collection in the Facebook iOS application:
A. Undisclosed Audio Capture Capabilities
Facebook iOS (version 345.0) contains integrated audio capture infrastructure that operates beyond the scope of user-visible features such as voice messaging or video recording.
Technical analysis revealed the presence of 47 distinct audio-related class definitions implementing sophisticated audio capture, processing, and transmission capabilities.
The application configures audio sessions using the AVAudioSessionCategoryPlayAndRecord category with options enabling background audio capture, even when users are not actively engaged in audio-related features.
Runtime analysis documented audio processing occurring during passive app usage, including while scrolling the News Feed without any user-initiated audio activity.
B. Deceptive Permission Request Practices
Meta requests microphone permissions from users citing specific, limited purposes such as "voice messages" and "video recording," while implementing capabilities that extend substantially beyond these stated purposes.
The application's privacy disclosures do not adequately inform users that audio data may be captured, processed, or analyzed during general application usage unrelated to the stated permission purposes.
Users granting microphone permission for voice messaging reasonably expect such permission to apply only when actively recording messages, not during passive browsing or background operation.
C. Background Audio Processing Infrastructure
The application implements audio processing capabilities designed to operate while the app is backgrounded, utilizing iOS background audio session modes in a manner inconsistent with typical social media application functionality.
Configuration analysis revealed audio buffer management systems capable of continuous audio capture with configurable buffer sizes, supporting sustained audio monitoring.
The audio infrastructure includes integration with Meta's advertising and analytics systems, suggesting audio-derived data may influence advertising targeting without user knowledge.
D. Inadequate Privacy Policy Disclosure
Meta's privacy policy for Facebook does not clearly and conspicuously disclose the full scope of audio data collection capabilities present in the iOS application.
The privacy policy's general language regarding "information collected automatically" is insufficient to provide meaningful notice of ambient audio capture capabilities.
Users are not provided clear, conspicuous notice that their audio data may be processed by artificial intelligence systems, transmitted to Meta's servers, or used for advertising personalization.
IV. Legal Analysis
A. Deceptive Practices Under Section 5
An act or practice is deceptive under Section 5 if it involves a material representation, omission, or practice that is likely to mislead consumers acting reasonably under the circumstances.
The FTC's Three-Part Deception Test
Representation, Omission, or Practice
Meta represents that microphone permissions are for voice messages and video, while omitting disclosure of ambient audio capture capabilities.
Likely to Mislead Reasonable Consumers
Consumers granting microphone access for messaging features would not reasonably expect continuous ambient audio monitoring.
Material to Consumer Decision
Knowledge of ambient audio capture would materially affect consumer decisions regarding permission grants and app usage.
B. Unfair Practices Under Section 5
An act or practice is unfair under Section 5 if it causes or is likely to cause substantial injury to consumers which is not reasonably avoidable and not outweighed by countervailing benefits.
| Unfairness Element | Application to This Matter |
|---|---|
| Substantial Injury | Privacy invasion affecting billions of users; potential exposure of sensitive conversations; loss of consumer autonomy |
| Not Reasonably Avoidable | Consumers cannot avoid the practice without abandoning the service entirely; no meaningful granular controls over audio capture |
| Not Outweighed by Benefits | No disclosed consumer benefit from ambient audio capture; benefits accrue solely to Meta through advertising revenue |
V. Consent Decree Violations
The documented practices constitute violations of the 2012 and 2019 FTC consent orders:
Violation 1: Misrepresentation Prohibition
Order Provision: Meta is prohibited from misrepresenting "the extent to which it maintains the privacy or security of covered information."
Violation: Meta's representations regarding microphone usage misrepresent the actual scope of audio data collection.
Violation 2: Affirmative Express Consent
Order Provision: Meta must obtain "affirmative express consent" before using covered information in a manner materially different from disclosed at collection.
Violation: Audio data captured beyond stated permission purposes constitutes materially different use without express consent.
Violation 3: Privacy Program Requirements
Order Provision: Meta must maintain a comprehensive privacy program with controls to address privacy risks.
Violation: Implementation of undisclosed surveillance capabilities demonstrates failure to maintain adequate privacy controls.
Consent Decree Violation Timeline
November 2011
Original FTC Complaint Filed
FTC alleges Facebook deceived consumers about privacy
August 2012
First Consent Order Entered
20-year order prohibiting privacy misrepresentations
July 2019
$5 Billion Settlement
Largest privacy penalty in FTC history for consent order violations
December 2025
Current Violations Documented
Audio surveillance capabilities discovered violating both orders
VI. State Law Violations (CCPA)
The documented practices also violate the California Consumer Privacy Act (CCPA), Cal. Civ. Code 1798.100 et seq., which the FTC may consider as evidence of broader unfair practices affecting interstate commerce.
| CCPA Requirement | Provision | Alleged Violation |
|---|---|---|
| Notice at Collection | 1798.100(b) | Failure to adequately disclose audio data collection categories and purposes at point of collection |
| Purpose Limitation | 1798.100(c) | Collection of audio data for purposes beyond those disclosed to consumers |
| Sensitive Personal Information | 1798.121 | Audio recordings constitute sensitive personal information requiring enhanced consent |
| Deceptive Practices | 1798.150(c) | Representations regarding data practices are materially misleading |
VII. Consumer Harm Analysis
A. Scale of Impact
2.1B+
Daily Active Facebook Users
900M+
Estimated iOS Users
180M+
U.S. Facebook Users
B. Categories of Harm
Privacy Invasion
Capture of private conversations, including potentially privileged communications (attorney-client, medical, religious)
Autonomy Loss
Inability to make informed decisions about data sharing; erosion of meaningful consent
Economic Harm
Manipulative advertising based on captured audio content; exploitation of revealed preferences
Security Risk
Potential exposure of audio data through data breaches; concentration of sensitive information
C. Vulnerable Populations
The documented practices disproportionately affect vulnerable populations who may be unaware of or unable to mitigate audio capture:
| Population | Specific Vulnerability | Enhanced Risk |
|---|---|---|
| Children & Adolescents | Limited privacy awareness; parental consent circumvention | COPPA implications; developmental privacy interests |
| Elderly Users | Limited technical literacy; trust in platform | Higher susceptibility to manipulative advertising |
| Non-English Speakers | Inadequate translated disclosures | Inability to understand privacy implications |
| Domestic Violence Survivors | Location and activity monitoring risks | Safety implications of audio surveillance |
| Healthcare Patients | Medical conversation capture | HIPAA-adjacent privacy concerns |
VIII. Requested Remedies
Complainant respectfully requests that the Federal Trade Commission:
A Injunctive Relief
- Permanently enjoin Meta from collecting audio data beyond explicitly disclosed purposes
- Require affirmative, granular consent for any audio processing beyond active recording features
- Mandate clear, conspicuous real-time indicators when audio capture is occurring
- Prohibit background audio processing unless essential for user-initiated features
- Require deletion of improperly collected audio data
B Civil Penalties
- Impose maximum civil penalties for each consent order violation ($50,120 per violation as of 2024)
- Calculate penalties reflecting the scope of affected users and duration of violations
- Consider enhanced penalties given Meta's recidivist history
C Consumer Notification
- Require Meta to notify all affected users of the audio collection practices
- Mandate clear disclosure of what audio data was collected and how it was used
- Provide consumers mechanism to request deletion of collected audio data
D Enhanced Monitoring
- Require independent technical audits of audio-related code and data flows
- Mandate submission of application binaries for FTC analysis upon request
- Establish enhanced reporting requirements for audio data collection practices
- Require annual third-party privacy assessments specifically addressing audio capture
E Structural Remedies
- Consider whether structural separation of advertising and audio capabilities is warranted
- Evaluate whether app-by-app microphone permissions should be mandated
- Assess whether prior approval should be required for new audio-related features
IX. Supporting Evidence Appendices
The following supporting evidence is available to substantiate the allegations in this complaint:
| Appendix | Description | Type | Classification |
|---|---|---|---|
| A-1 | Audio Class Definitions and API Documentation | Technical Analysis | Public |
| A-2 | Runtime Audio Session Configuration Logs | Forensic Evidence | Public |
| A-3 | Background Audio Processing Documentation | Technical Analysis | Public |
| A-4 | Frida Instrumentation Scripts | Research Tools | Public |
| B-1 | Facebook iOS Privacy Policy (archived) | Legal Document | Public |
| B-2 | App Store Microphone Permission Description | User Interface | Public |
| C-1 | 2012 FTC Consent Order (Docket No. C-4365) | Legal Document | Public |
| C-2 | 2019 Modified Order and Stipulated Order | Legal Document | Public |
| D-1 | Methodology Documentation | Research Protocol | Public |
| D-2 | Chain of Custody Documentation | Forensic Evidence | Limited |
Evidence Availability
All public evidence referenced in this complaint is available at fb.definitelynot.ai and can be independently verified using standard iOS security research methodologies.
Respectfully submitted,
Independent Security Researcher
FB Exposed Project
December 2025
This document is formatted for both web viewing and print.