The U.S. Securities and Exchange Commission is investigating AppLovin’s data-collection practices, following a whistleblower complaint and short-seller reports, Reuters reports.
The inquiry, handled by the SEC’s cyber and emerging-tech specialists, raises fresh scrutiny of SDK data flows, consent signals, and partner contracts across app ecosystems that rely on targeted advertising.
AppLovin’s share price dropped on disclosure of the probe. The company declined to comment on potential regulatory matters, while the SEC has reviewed allegations that AppLovin violated platform partners’ service agreements to push more targeted advertising, according to the report.
What’s under review
The agency is reviewing allegations tied to partner-platform service agreements and how data is used for targeted advertising; prior short-seller claims cited user-ID handling and app-permission abuse that platforms prohibit.
Immediate reviews for app publishers
Inventory SDKs and their data purpose/retention; remove modules exceeding contract scope. Map every third-party library to a documented use case, attribution, fraud detection, audience modeling, and confirm data expiry schedules match what users see in privacy disclosures.
Re-validate consent strings (CPRA/GDPR), LAT flags, SKAdNetwork settings. Check that opt-out signals propagate into bid requests and that iOS App Tracking Transparency choices gate identifier access as promised in App Store declarations.
Add right-to-audit and prohibited-data clauses to partner terms. Contracts should spell out which fields partners can ingest, bar commingling with other datasets, and grant you audit rights if regulators come calling.
Market and regulatory context
Publishers integrating the SDK can expect questionnaires from advertisers and platform compliance teams seeking assurance that data-handling meets both contract terms and regulatory expectations.
