New York Times, Guardian and ProPublic have reported that Spy Agencies Probe Angry Birds and Other Apps for Personal Data. In their globe-spanning surveillance for terrorism suspects and other targets, the National Security Agency and its British counterpart have been trying to exploit a basic byproduct of modern telecommunications: With each new generation of mobile phone technology, ever greater amounts of personal data pour onto networks where spies can pick it up. The data pouring onto communication networks from the new generation of iPhone and Android apps ranges from phone model and screen size to personal details such as age, gender and location. Some apps can contain also more sensitive information they can report.
NSA and GCHQ target ‘leaky’ phone apps like Angry Birds to scoop user data article tells that the National Security Agency and its UK counterpart GCHQ have been developing capabilities to take advantage of “leaky” smartphone apps, such as the wildly popular Angry Birds game, that transmit users’ private information across the internet, according to top secret documents. Many smartphone owners will be unaware of the full extent this information is being shared across the internet, and even the most sophisticated would be unlikely to realise that all of it is available for the spy agencies to collect.
From some app platforms, relatively limited, but identifying, information such as exact handset model, the unique ID of the handset, software version, and similar details are all that are transmitted. Other apps choose to transmit much more data. One popular mobile ad platform, Millennial Media, appeared to offer particularly rich information. Millennial Media’s website states it has partnered with Angry Birds maker Rovio; with Farmville maker Zynga; with Call of Duty developer Activision, and many other major franchises.
It seems that installing an app is always a risk. Study finds most mobile apps put your security and privacy at risk article tells that hhe average smartphone user has 26 apps installed. If recent research conducted by HP is any indication, approximately, well, all of them, come with privacy or security concerns of some sort.
For more related information in smart phone spying check also my postings How I’m Being Followed on Web, Security trends for 2013, Security trends for 2014 and comments posted to those blog articles.
6 Comments
Tomi Engdahl says:
Rovio does not provide end user data to government surveillance agencies
28.01.2014
http://www.rovio.com/en/news/press-releases/450/rovio-does-not-provide-end-user-data-to-government-surveillance-agencies/
Espoo, Finland — January 28th — Rovio Entertainment Ltd, which is headquartered in Finland, does not share data, collaborate or collude with any government spy agencies such as NSA or GCHQ anywhere in the world.
There has been speculation in the media that NSA targets Angry Birds to collect end user data. The speculation is based on information from documents leaked by Edward Snowden.
The alleged surveillance may be conducted through third party advertising networks used by millions of commercial web sites and mobile applications across all industries. If advertising networks are indeed targeted, it would appear that no internet-enabled device that visits ad-enabled web sites or uses ad-enabled applications is immune to such surveillance. Rovio does not allow any third party network to use or hand over personal end-user data from Rovio’s apps.
“In order to protect our end users, we will, like all other companies using third party advertising networks, have to re-evaluate working with these networks if they are being used for spying purposes.”
Tomi Engdahl says:
Rovio: We do not give players information to NSA
Finnish gaming company Rovio contests have circulated information or that they did anything cooperation with the States spy organizations such as the United States NSA’s or Britain’s GCHQ with the company informs .
Rovio comments that the spyware has been made possible through a network of advertising, which is also used by millions of other mobile services and websites. If this is true, there is nothing connected to the Internet and advertisements on pages featuring the guest machine is not secure.
Rovio CEO Mikael Hed, the company is considering whether to continue its co-operation with the ad network, if the spy allegations are true.
Source: Tietoviikko
http://www.digitoday.fi/tietoturva/2014/01/28/rovio-emme-anna-pelaajien-tietoja-nsalle/20141367/66?rss=6
Tomi Engdahl says:
Fancy a little kinky sex? GCHQ+NSA will know – thanks to ANGRY BIRDS
Evil spooks slurped EVERYTHING about your life from app’s phone-home data
http://www.theregister.co.uk/2014/01/27/leaking_smartphone_apps_nsa_gchq/
Poorly secured mobile apps have proved to be a “golden nugget,” according to a May 2010 NSA presentation: harvesting sensitive data sent over public networks by applications is not a problem
A 2012 British intelligence document states that the immensely popular Angry Birds game from Finnish developer Rovio had become a useful source thanks to advertising code added by US firm Millennial Media.
The documents don’t suggest that NSA and GCHQ staffers are directly hacking mobile applications. Instead it’s made clear the snoopers are simply skimming and decoding sensitive data the apps collect and transmit back to their developers.
Tomi Engdahl says:
Angry anti-NSA activists deface Angrybirds.com after GCHQ revelations
Developers Rovio strongly deny helping gov spooks, blame ad networks for leak
http://www.theregister.co.uk/2014/01/29/angrybirds_website_defaced_nsa_gchq_spying/
Anti-NSA hackers defaced Rovio’s official Angry Birds website on Tuesday night as a reprisal against revelations that GCHQ and the NSA were feasting on data leaked from the popular smartphone game.
Angrybirds.com became “Spying Birds” as a result of the defacement (Zone-h mirror here). Rovio has confirmed the defacement, the International Business Times reports.
The Angrybirds.com website was back to normal by Wednesday morning. The defacement, which Zone-h has yet to confirm is genuine, must have been brief. Defacing a website is an act more akin to scrawling graffiti on a billboard put up by a company than breaking into its premises and ransacking its files.
It’s unclear how the defacement was pulled off by a previously unknown hacker or defacement crew using the moniker “Anti-NSA hacker”.
Jimmy says:
Wow amazing nice research Tomi keep it up.
Tomi Engdahl says:
The TRUTH about LEAKY, STALKING, SPYING smartphone applications
How bad is it? 1 in 3 can hunt you down at HOME – research
http://www.theregister.co.uk/2014/01/31/smartphone_app_spy_risks/
More than a third of smartphone apps can track user location, according to a study based on an analysis of more than 800,000 Android applications.
Other privacy concerns include apps that divulge email addresses over the internet and either leak address books or phone logs
One in 30 (3 per cent) of the apps analysed can divulge email addresses over the internet.
Almost 10 per cent of apps tested included permissions to read contact lists. Many have a legitimate need for this data but others are clearly intrusive.
Facebook and Twitter both clear photos of metadata before publication
“The bulk of apps are free, but developers need to turn a profit somehow,”
96 per cent of iOS apps require email, address book (92 per cent), location (84 per cent), camera (52 per cent), calendar (32 per cent) permissions.