On October 6, 2025, Bloomberg reported that the Securities and Exchange Commission (SEC) has launched an investigation into AppLovin Corporation’s data-collection practices, following an alleged whistleblower complaint and a series of short-seller reports. We previously covered the shareholder class action against AppLovin in another blog post. The company is a mobile advertising technology business that operates a software-based platform connecting mobile game developers to new users. AppLovin, which recently rebranded its consumer ads division as “AXON,” now faces heightened scrutiny over how its technology interacts with user data. Forbes estimates that news of the probe caused AppLovin’s stock to drop 14% on October 6, wiping out approximately $8.65 billion in executive and major investor wealth.
The SEC’s Cyber and Emerging Technologies Unit is conducting the investigation, which was established by the agency in February 2025 to address cyber-related misconduct and safeguard retail investors in the emerging technologies sector. Allegedly, the probe centers on allegations that AppLovin violated platform partner agreements to deliver more targeted advertising to consumers, potentially using unauthorized tracking methods such as device fingerprinting. These methods were reportedly outside the parameters permitted by the service agreements of its platform partners.
Fingerprinting is a tracking technique that collects a combination of device and browser characteristics, such as screen resolution, installed fonts, and hardware settings, to create a unique identifier for a user. Unlike cookies, which can be deleted or blocked, fingerprints are harder to erase and often invisible to users. When used for ad targeting without clear consent, fingerprinting could raise privacy compliance concerns under platform policies and data protection laws. In fact, fingerprinting has been banned by Apple and was previously restricted by Google.
AppLovin has not yet commented on the investigation beyond statements that it “regularly engages with regulators” and will disclose any material developments through appropriate channels. However, the SEC’s alleged involvement, especially from its cyber-focused unit, signals that data privacy and platform integrity are no longer peripheral concerns. These issues are central to how companies will be evaluated by regulators, investors, and consumers alike.
For companies operating in the ad tech space, this SEC investigation is a reminder that violations of partner agreements, or opaque data practices, can trigger not only regulatory action but reputational damage as well. Businesses should review their platform agreements and assess whether data practices align with the terms of service of major platforms. Companies should also audit their tracking technologies, as advanced tracking methods such as fingerprinting may expose a company to regulatory risk if not properly disclosed or authorized. As AI continues to reshape digital advertising, regulators and consumers are watching closely. Businesses should be, too.
[View source.]
