While accusations about NSA backdoors to Apple devices have been doing the rounds for a while now, yesterday’s revelations about spying agencies using so-called “leaky apps” to capture user data has reignited the debate. Below is a Q&A covering everything we’ve learned so far:
Q) What is a leaky app?
A) An app that transmits private user information across the Internet. While apps have come under fire for collecting private user information before, the current outcry follows revelations leaked by Edward Snowden, suggesting that leaky apps have been the focus of spying organizations such as the NSA and its UK counterpart, GCHQ (Government Communications HQ). The NSA has cumulatively spent more than $1 billion in its phone targeting efforts. A 2010 NSA presentation cites poor secured apps as a “golden nugget” for gathering user information — including, but not limited to, address books and friend lists.
Q) Why is Angry Birds being focused on?
A) Angry Birds was specifically named in a 2012 British intelligence document, claiming that the popular app had become a useful source for gathering user information thanks to advertizing code added by U.S firm Millennial Media. This code generates personal records for every user and uses algorithms to discern information including location, political views, sexual orientation, and marital status. The information is supposed to result in more accurately targeted in-app ads being shown to the user.
Q) Is this only on iPhone?
A) No. In fact, the New York Times report that first mentioned Angry Birds notes that the 2012 document laid out instructions for exacting user information using the Android operating system. That doesn’t mean that similar documents do not exist for iOS, of course — as can be seen in the list of leaky apps below.
Q) Have Angry Birds developers Rovio Entertainment responded?
A) “Our fans’ trust is the most important thing for us and we take privacy extremely seriously,” Mikael Hed, CEO of Rovio Entertainment, said in a statement. “We do not collaborate, collude, or share data with spy agencies anywhere in the world. As the alleged surveillance might be happening through third party advertising networks, the most important conversation to be had is how to ensure user privacy is protected while preventing the negative impact on the whole advertising industry and the countless mobile apps that rely on ad networks. In order to protect our end users, we will, like all other companies using third party advertising networks, have to re-evaluate working with these networks if they are being used for spying purposes.”
Q) What about other responses?
A) “Uninhibited collection of consumers’ personal data by governments hacking into apps is unacceptable,” said Application Developers Alliance President Jon Potter. “Developers are surprised and disappointed to learn that personal information entrusted to them by users has been secretly collected and stored. Consumer trust is paramount in the app industry. This surveillance damages our entire industry and undermines the hard work of app developer entrepreneurs everywhere.”
Q) Where were the reports originally published?
Q) Is there a full list of leaky apps available?
A) In addition to Angry Birds, Facebook, Flickr, Twitter, Google Maps and Flixster’s mobile apps have been named — covering both iPhone and Android platforms. There could be others, but these are the main apps named so far.
Q) How long has this been going on?
A) This is another unknown area, although reports suggest 2007 — the year in which the iPhone was first launched. That year, the NSA budget increased from $204 million to $767 million.