NSA, GCHQ Spying On Angry Birds And Lots Of Phone Apps: Time For Mobile Security To Up Its Game

from the game-over dept

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community. Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis. While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Having already "infiltrated" online games like Second Life and World of Warcraft , it appears that the NSA and GCHQ are also busy playing Angry Birds, Candy Crush and pretty much any other popular mobile app as well , as they've learned that such mobile apps are incredibly "leaky" when it comes to revealing information about who you are, what you do and where you are. In a new report based on Snowden documents, ProPublica, the NY Times and the Guardian all have stories about how deeply the US and UK intelligence agencies can dig into your mobile phone to collect just about anything they want on you. And, as usual, they appear somewhat gleeful about the whole thing, as one slide in a presentation talks about "the golden nugget!" in discussing how they can pull so much information:Another set of slides, talking about how much information can be obtained from various mobile platforms, suggests that GCHQ and NSA can basically get just about anything from anyone. Take, for example, this slide about what they can get from an Android phone:Yeah: "If its on the phone, we think we can get it." (Grammar nazis will note the misused "its" there, but everyone else will be concerned about the implications here). Similarly things like "NOSEY SMURF" suggest the ability to turn on the phone's microphone to automatically tap anyone with a phone from anywhere.Of course, a big part of the issue here is the lack of concern or focus on encrypting and securing mobile apps and data. While there's been increasing talk about encrypting everything on the web, the main focus has been on the desktop. And while there are things like VPNs and security for mobile phones, it's been much less of a priority for many. That needs to change.In talking about the NSA issue with a variety of startups lately, it's been somewhat depressing to hear more than a few suggest that they were unwilling to speak up, because they were afraid it would shine more of a light on how weak their own privacy and data protection efforts have been. I've told multiple companies that the proper response to this is not to stay quiet but toin order to protect your users. Because sooner or later, people were going to find out about leaky data like this one way or the other.At this point, it's clear that the NSA, GCHQ and others will seek out and collect any data they can. That makes it imperative for pretty much everyone creating any app that collectsdata -- even for something as simple as a game like Angry Birds -- to learn how to properly protect that data and to protect their users. This goes for both small companies and large ones. For example, the reports show the NSA and GCHQ salivating over all of the information that Google Maps provides. Google has been taking a stand that says they're serious about protecting their users' data. If the company is serious about that it should take the lead in making phones much more secure from simple and easy tracking, as is detailed in these documents.

Filed Under: angry birds, encryption, gchq, mobile apps, mobile phones, nsa, security, surveillance