Washington, DC - Technology company Vulcun has agreed to settle Federal Trade Commission charges that it unfairly replaced a popular web browser game with a program that installed applications on consumers’ mobile devices without their permission.

In its complaint, the FTC alleges that Vulcun and its founders, Ali Moiz and Murtaza Hussein, purchased Running Fred, a Google Chrome browser extension game used by more than 200,000 consumers, and replaced it with Vulcun’s own extension, which purported to offer users unbiased recommendations of popular Android applications.

What Vulcun’s extension actually did, the FTC charged, was to install apps directly on the Android devices of consumers, while bypassing the permissions process in the Android operating system.

“After Vulcun acquired the Running Fred game, they used it to install a different app, commandeer people’s computers, and bombard them with ads,” said Jessica Rich, Director of the FTC’s Bureau of Consumer Protection. “We’re very pleased we were able to stop these practices.”

Browser extensions are downloadable programs that provide enhancements to a particular web browser. Extensions for the Chrome browser are available to consumers through the Chrome Web Store.

The extension installed by Vulcun caused a number of consumers to complain to Google, the owner of both Chrome and Android, according to the FTC. Some complained that the browser extension was opening multiple tabs and windows on their browser advertising various apps. Others complained about the installation of apps on their mobile device without their permission, noting that the apps would reinstall themselves even when deleted.

The FTC’s complaint charges that Vulcun’s actions unfairly put consumers’ privacy at risk. By bypassing the permissions process in the Android operating system, the apps placed on consumers’ mobile devices also could have easily accessed users’ address books, photos, location, and device identifiers.  Indeed, once installed, the apps could have gained further access to even more sensitive data by using their own malicious code, according to the complaint.

In addition, the complaint alleges that Vulcun misled consumers by saying that their extensions, including Weekly Android Apps and another called Apps By Cindy, provided independent and impartial selections of apps, as well as misrepresenting third-party endorsements received by the extensions.

Under the terms of the settlement, the defendants will be required to tell consumers about the types of information a product or service will access and how it will be used, display any built-in permissions notice associated with installing a product or service, and get users express affirmative consent before the installation or material change of a product or service

In addition, the settlement prohibits the defendants from misrepresenting to consumers whether their products have been endorsed by a third party or been covered by the media, how consumers’ personal information is collected and used, the level of control consumers’ might have over the collection, use or sharing of their data, or the extent to which the defendants maintain the privacy or security of information collected from consumers.

The Commission vote to issue the administrative complaint and to accept the consent agreement was 4-0. The FTC will publish a description of the consent agreement package in the Federal Register shortly. The agreement will be subject to public comment for 30 days, beginning today and continuing through March 8, 2016, after which the Commission will decide whether to make the proposed consent order final. Interested parties can submit comments electronically