Update on 1-28-2014 by Jeffrey VC: In a statement, Rovio has vehemently denied any involvement with government agencies and claims that any surveillance taking place on its games through advertising networks is not its fault and asserts that almost no Internet device is “immune” to NSA data collection.
“We do not collaborate, collude, or share data with spy agencies anywhere in the world. As the alleged surveillance might be happening through third party advertising networks, the most important conversation to be had is how to ensure user privacy is protected while preventing the negative impact on the whole advertising industry and the countless mobile apps that rely on ad networks,” said Mikael Hed, CEO of Rovio Entertainment. “In order to protect our end users, we will, like all other companies using third party advertising networks, have to re-evaluate working with these networks if they are being used for spying purposes.”
Original article: Apps like ‘Angry Birds’ may be slingshotting your personal data to the NSA
Your Angry Birds habit may reveal more than just how you like to spend your free time. A new batch of reports based on documents leaked by Edward Snowden show that the National Security Agency and GCHQ, its counterpart in the UK, have been working to develop ways to access a wealth of personal data through so-called “leaky” apps, which, like Angry Birds, apparently transmit this information over the Internet insecurely.
What kind of data, you ask? According to the Guardian, it can include “users’ most sensitive information such as sexual orientation – and one app recorded in the material even sends specific sexual preferences such as whether or not the user may be a swinger.”
The data compliments the kind of information the agency can already glean from social networks.
One slide, titled “Golden Nugget!” and dated May 2010, explains that, when a smartphone user uploads a photo to a social network like Facebook, it can provide NSA spies with the user’s phone type, buddy lists, a “possible image,” and “a host of other social working data as well as location.”
As Guardian reporter James Ball notes, many social networks strip photos of their EXIF metadata (which includes information like location and time a photo was taken, among other things). But it may be possible to snag this data in transit, before it is stripped from the photo file.
What is not stripped, however, is the profile data social network users publish about themselves, including where they live, their marital status, sexual orientation, education, and information about their families – all of which the NSA and GCHQ can apparently collect from these leaky apps.
In a document dated 2008, GCHQ analysts used the Google Maps app to collect a trove of location data. The agency stated that the effort worked so well that “”it effectively means that anyone using Google Maps on a smartphone is working in support of a GCHQ system,”
The data gathered by each app is dictated by the developer, and likely differs from app to app. According to the documents, personal information is also collected by advertising networks that serve ads on mobile devices. Ball reports that Millennial Media, an advertising firm that has partnered with Angry Birds maker Rovio for certain editions of the games, “appeared to offer particularly rich information.”
Android users may be at higher risk from this kind of data collection.
In a statement, Rovio VP of marketing and communications, Saara Bergström, told the Guardian: “Rovio doesn’t have any previous knowledge of this matter, and have not been aware of such activity in 3rd party advertising networks. Nor do we have any involvement wight he organizations you mentioned.”
While Apple’s iOS often allows users to disallow apps from accessing certain personal information troves, like photos or contact lists, Android requires that users agree to all “permissions” included in apps in order to complete the download – meaning Android users may be at higher risk from this kind of data collection.
The NSA asserts that it only collects “content” and other sensitive personal information from foreign citizens, and not Americans, though it is unclear whether any Americans’ information was collected through the efforts outlined above. Also, it is important to note that these documents are at least four years old, and it is not known how these capabilities have progressed in the meantime.
Digital Trends Mobile Editor Jeffrey Van Camp contributed to this report.
Article originally published on 1-27-2014 by Andrew Couts.
