by Michael Epstein
On Monday it was revealed through documents leaked by former NSA contractor Edward Snowden that United States and UK spy agencies were able to gather end users’ personal data, including such things as age, gender, and even sexual orientation, from various apps installed across the globe. As published in The Guardian, The New York Times and ProPublica, navigation, gaming, and social networking apps are a common target for the NSA and its UK sister agency GCHQ, who are able to gather data even if the apps themselves don’t use it through “leaks” that occur when data is transmitted.
As portrayed in a slide from a classified NSA PowerPoint presentation from 2010 on the topic, the “Golden Nugget! Perfect Scenario” for data collection is when “[a] target [uploads a] photo to a social media site taken with a mobile device.” Between the phone and the server, that data is able to be piggybacked by spy agencies, who can utilize weaknesses in the apps to get information such as the user’s friend list, age, gender, zip code, marital status (including options such as “single”, “divorced”, “married” or even “swinger”), income, or sexual orientation. Of course the data depends on how much the user has told the app.
This capability to determine almost anything about a user can prove extremely dangerous to users in countries where certain sexual orientations or practices may be considered illegal, so there is great cause for concern that the US and UK governments are collecting this data en masse. After all, if they are, who else might be?
One of the largest “leaky apps” mentioned in the report was Finnish company Rovio’s game Angry Birds. Considering that Angry Birds has been downloaded over 2 billion times worldwide on all platforms, this is a huge amount of data that the NSA and GCHQ may have access to. However, Rovio was quick to shift blame away from their game in the face of these allegations. In a press release Tuesday morning, they stated that surveillance of the type being described may be conducted through third-party advertising networks like that used in millions of websites and mobile apps. They also state that they do not allow any third party network to use, nor do they hand over personal data from their apps. Other apps mentioned by name included Google Maps, Facebook Mobile, YouTube, and Flixster.