What’s new here?
This article reveals how U.S. and British spy agencies have sought to intercept the information transmitted by the games and other apps that users download onto their smartphones. Previous stories have detailed how U.S. and British spies have been intercepting massive quantities of cellphone text messages and gathering the location of cellphones around the world.
How does it work?
Many people don’t realize that when they use a smartphone app – to play a game or listen to music – the app may transmit information back to the app maker and may contain tracking technology placed by advertisers.
The spy agencies call these “leaky apps.” The spies collect information from among others, Google Maps, Twitter, LinkedIn, Facebook, Yahoo’s Flickr, which in turn can transmit location, buddy lists, browsing history and more, according to a 2010 NSA document.
A 2010 Wall Street Journal survey of 101 iPhone and Android apps showed that the majority of apps were transmitting the phone’s unique ID – a type of serial number assigned to the device – and the user’s location to advertisers.
Since then, advertisers have been building even more detailed profiles of app users.
By using the phone’s identifier, advertisers can often monitor the user’s behavior in multiple apps and when the user browses the Web from their smartphone. Advertisers can tie the information together in a dossier that can include a user’s location, income and preferences such as sexual orientation and political leanings.
How does the NSA get it?
The agencies can pick up much of this information as it travels through private cellphone networks around the world. And because the data includes a tag from your phone, the agencies may have the ability to know who you are.
Does this mean the NSA is watching me while I play Angry Birds?
It’s not clear. The documents show that spies have collected data from Google’s AdMob, which is largest mobile advertising network and is one of many advertisers whose ads have appeared in Angry Birds.
The agencies say that even if they collect the data, they don’t look at it unless it is relevant to an investigation.
The NSA also says that it “minimizes“– or throws away – the data it intercepts from people who live in the United States. However, its minimization rules allow it to keep information about U.S. residents if it is deemed suspicious or could be relevant to an investigation.
Do they really know if I’m a “swinger”?
Documents show that analysts at GCHQ in 2012 studied the possibility of collecting traffic from Millennial Media, which included advertising profiles that identified users by ‘sexual orientation’ including the category of swingers.
However, it is unclear whether the data has been used for intelligence purposes.
It is also not clear what type of app usage or Web browsing behavior would lead Millennial Media to characterize someone as a swinger. Millennial declined our request for comment.
Can I stop leaky apps from sending out data about me?
Apple’s latest iPhone software, iOS 7, offers two options to limit ad tracking.
- In privacy settings, users can turn on “limit ad tracking,” which prevents apps from using the phone’s unique ID – which Apple calls an “Advertising Identifier” – to deliver targeted ads within apps. But this setting does not prevent apps from collecting your information.
- In privacy settings, users can also reset their Advertising Identifier, which can make it more difficult but not impossible for advertisers to correlate the user’s behavior to the advertising profile associated with the old identifier.
Google’s Android also offers users two options to limit ad tracking.
- In the Ads section of the Google Settings app, users can check a box to “Opt out of interest-based ads.” But this does not prevent apps from collecting user’s information.
- In the Ads section of the Google Settings app, users can also reset the Google advertising identifier, http://developer.android.com/google/play-services/id.html, which can make it more difficult – but not impossible – for advertisers to correlate the user’s behavior to the advertising profile associated with the old identifier.
This article first appeared on Pro Publica.