The US National Security Agency and its UK counterpart, GCHQ, have the ability to harvest sensitive personal data from phone apps that transmit users’ data across the web, such as the extremely popular Angry Birds game.
Along with obtaining information about the specific dimensions and model of an individual’s iPhone or Android, the intelligence agencies are also able to acquire details on that person’s age, gender, and location. Details about a user’s political affiliation, sexual orientation, and how promiscuous they are may also be vulnerable.
This information – which was revealed in dozens of top secret documents provided by NSA whistleblower Edward Snowden – was first reported Monday by the Guardian in partnership with the New York Times and ProPublica.
Both the NSA and GCHQ are able to “piggyback” on third party advertisements that a user unwittingly brings onto their device when they first download an app. Those ads, along with geolocation information embedded in images a user uploads to a social media site like Facebook and Twitter, essentially pinpoints where an individual is in the world.
The slides published Monday by the Guardian also show that the
intelligence behemoths can glean a person’s home country, current
location, age, gender, zip code, marital status – with “single,”
“married,” “divorced,” “swinger,” and more among the options –
income, ethnicity, sexual orientation, education level, and
number of children.
A more sophisticated effort collects location information by intercepting Google map queries from smartphones. It was deemed to be so successful that GCHQ noted in a 2008 document that it “effectively means that anyone using Google maps on a smartphone is working in support of a GCHQ system.”
Scooping up data from apps allows the agencies to gather large quantities of mobile phone data from their existing mass surveillance tools rather than hacking into individual mobile handsets.
Tapping into phone information is a high priority effort for the agencies, as terrorists and other intelligence targets often use mobile phones to plan illegal activities.
One effort by GCHQ and the NSA consists of a database that
geolocates every mobile phone mast in the world. This allows the
agencies to gather the mast ID used with any handset, thus giving
them a rough location for a particular phone.
The latest disclosures add to the public’s concern about how spy
agencies and the technology sector use information, particularly
outside the US where people have fewer privacy protections than
Americans. However, the NSA says it only deploys its capabilities
against “valid foreign intelligence agencies” and does
not target Americans.
The Washington Post reported in December that the NSA was making
use of ‘cookies’ – an online tool which allows internet
advertisers to track consumers. The report said that cookies,
along with location data, were being used by the agency
to“pinpoint targets for government hacking” and “bolster
surveillance.”
Although cookies provide much vaguer information than what is
available through phone apps, a 2010 GCHQ document reveals that
they have become extremely important to intelligence agencies.
But it’s the actual phone handset that remains of paramount
importance. GCHQ’s tools against smartphones are named after
characters in ‘The Smurfs’ cartoon. The ability to make a phone’s
microphone ‘hot’ – in order to listen to conversations – is known
as “Nosey Smurf.” The sophisticated geolocation ability is called
“Tracker Smurf.” Power management – the ability to activate a
phone that is turned off – is known as “Dreamy Smurf.” The
spyware’s self-hiding capabilities are called “Paranoid Smurf.”