A Little (Angry) Bird Told the NSA What You’re Up To
New documents show that the NSA could use apps to get personal information.
Jan. 27, 2014— -- You may not think that the NSA would care about the games you play on your smartphone, but a new batch of documents from the spy agency suggest otherwise.
Both the National Security Agency and its British counterpart, the Government Communications Headquarters, are capable of getting personal data from phone apps, reporters at The New York Times and the investigative journalism site ProPublica revealed today.
Included in those documents is code written by the security agencies that specifically targeted Angry Birds. In addition to age and gender, the code could also get information about the smartphone user's sexual orientation and marital status, the report found. A spokeswoman for Rovio, the group that developed Angry Birds, said that the company had no knowledge of the intelligence programs.
In a written response to The New York Times and ProPublica, the NSA said the agency "does not profile everyday Americans as it carries out its foreign intelligence mission.”
“Because some data of U.S. persons may at times be incidentally collected in NSA's lawful foreign intelligence mission, privacy protections for U.S. persons exist across the entire process,” the agency added, noting that similar protections exist for “innocent foreign citizens.”
Chris Eng, the vice president of research at the application security company Veracode, said that it's more complicated than complaining to an app developer to stop requesting certain pieces of information from its users' smartphones. "If I don't want an app to know my location, the developer could say, 'I'm planning these new features that rely on location information,'" he told ABC News. "That's where you run into these sorts of issues with apps that leak these sorts of info."
But that doesn't mean that developers are blameless. While it may be difficult to prevent the NSA from hovering over smartphones, Eng said developers can take more proactive measures to try and mask the info obtained from their apps.
Many apps "are communicating to servers without any encryption," said Eng. "Apps that don't encrypt everything in transit are open to eavesdropping."