Advertisement

We need your help now

Support from readers like you keeps The Journal open.

You are visiting us because we have something you value. Independent, unbiased news that tells the truth. Advertising revenue goes some way to support our mission, but this year it has not been enough.

If you've seen value in our reporting, please contribute what you can, so we can continue to produce accurate and meaningful journalism. For everyone who needs it.

Rovio.com
leaky apps

US and UK security agencies target Angry Birds and co for user data

Tracking a smartphone’s apps could reveal its settings, what documents it had downloaded, and in some cases, the owner’s political alignment or sexual orientation.

DOCUMENTS LEAKED BY former NSA contactor Edward Snowden suggest that spy agencies have a powerful ally in Angry Birds and a host of other apps installed on smartphones across the globe.

The documents, published by The New York Times, the Guardian, and ProPublica, suggest that the mapping, gaming, and social networking apps which are a common feature of the world’s estimated one billion smartphones can feed America’s NSA and Britain’s GCHQ with huge amounts of personal data, including location information and details such as political affiliation or sexual orientation.

The size and scope of the program aren’t publicly known, but the reports suggest that US and British intelligence easily get routine access to data generated by apps such as the Angry Birds game franchise or the Google Maps navigation service.

The joint spying program “effectively means that anyone using Google Maps on a smartphone is working in support of a GCHQ system,” one 2008 document from the British eavesdropping agency is quoted as saying. Another document — a hand-drawn picture of a smirking fairy conjuring up a tottering pile of papers over a table marked “LEAVE TRAFFIC HERE” — suggests that gathering the data doesn’t take much effort.

The NSA did not directly comment on the reports but said in a statement that the communications of those who were not “valid foreign intelligence targets” were not of interest to the spy agency.

“Any implication that NSA’s foreign intelligence collection is focused on the smartphone or social media communications of everyday Americans is not true,” the statement said. “We collect only those communications that we are authorised by law to collect for valid foreign intelligence and counterintelligence purposes — regardless of the technical means used by the targets.”

GCHQ said it did not comment on intelligence matters, but insisted that all of its activity was “authorised, necessary and proportionate.”

Intelligence agencies’ interest in mobile phones and the networks they run on has been documented in several of Snowden’s previous disclosures, but the focus on apps shows how everyday, innocuous-looking pieces of software can be turned into instruments of espionage.

Angry Birds, which has been downloaded more than 1.7 billion times worldwide, was one of the most eye-catching examples. The Times and ProPublica said a 2012 British intelligence report laid out how to extract Angry Bird users’ information from phones running the Android operating system.

Golden Nugget

Another document, a 14-page-long NSA slideshow published to the Web, listed a host of other mobile apps, including those made by social networking giant Facebook, photo sharing site Flickr, and the film-oriented Flixster.

It wasn’t clear precisely what information can be extracted from which apps, but one of the slides gave the example of a user who uploaded a photo using a social media app.

Under the words, “Golden Nugget!”, it said that the data generated by the app could be examined to determine a phone’s settings, where it connected to, which websites it had visited, which documents it had downloaded, and who its users’ friends were. One of the documents said that apps could even be mined for information about users’ political alignment or sexual orientation.

Google and Rovio Entertainment, the maker of Angry Birds, did not immediately return messages seeking comment on the reports.

The Times’ web posting of a censored US document on the smartphone surveillance briefly contained material that appeared to publish the name of an NSA employee. Computer experts said they were able to extract the name of the employee, along with the name of a Middle Eastern terror group the program was targeting and details about the types of computer files the NSA found useful.

Since Snowden began leaking documents in June, his supporters have maintained they have been careful not to disclose any intelligence official’s name or operational details that could compromise ongoing surveillance.

The employee did not return phone or email messages from the AP.

Michael Birmingham, a spokesman for the Director of National Intelligence, said the agency requested the Times redact the information. Danielle Rhodes Ha, a Times spokeswoman, attributed the posting to a production error and said the material had been removed.

Read: It’s Data Protection day – are you up to speed on your data privacy rights? >

Read: Private answers: Irish people are now less worried about social media security >

Author
Associated Foreign Press
Your Voice
Readers Comments
12
    Submit a report
    Please help us understand how this comment violates our community guidelines.
    Thank you for the feedback
    Your feedback has been sent to our team for review.