NSA, GCHQ Spying On Angry Birds And Lots Of Phone Apps: Time For Mobile Security To Up Its Game

from the game-over dept

Having already "infiltrated" online games like Second Life and World of Warcraft, it appears that the NSA and GCHQ are also busy playing Angry Birds, Candy Crush and pretty much any other popular mobile app as well, as they've learned that such mobile apps are incredibly "leaky" when it comes to revealing information about who you are, what you do and where you are. In a new report based on Snowden documents, ProPublica, the NY Times and the Guardian all have stories about how deeply the US and UK intelligence agencies can dig into your mobile phone to collect just about anything they want on you. And, as usual, they appear somewhat gleeful about the whole thing, as one slide in a presentation talks about "the golden nugget!" in discussing how they can pull so much information:
Another set of slides, talking about how much information can be obtained from various mobile platforms, suggests that GCHQ and NSA can basically get just about anything from anyone. Take, for example, this slide about what they can get from an Android phone:
Yeah: "If its on the phone, we think we can get it." (Grammar nazis will note the misused "its" there, but everyone else will be concerned about the implications here). Similarly things like "NOSEY SMURF" suggest the ability to turn on the phone's microphone to automatically tap anyone with a phone from anywhere.

Of course, a big part of the issue here is the lack of concern or focus on encrypting and securing mobile apps and data. While there's been increasing talk about encrypting everything on the web, the main focus has been on the desktop. And while there are things like VPNs and security for mobile phones, it's been much less of a priority for many. That needs to change.

In talking about the NSA issue with a variety of startups lately, it's been somewhat depressing to hear more than a few suggest that they were unwilling to speak up, because they were afraid it would shine more of a light on how weak their own privacy and data protection efforts have been. I've told multiple companies that the proper response to this is not to stay quiet but to fix your own data management in order to protect your users. Because sooner or later, people were going to find out about leaky data like this one way or the other.

At this point, it's clear that the NSA, GCHQ and others will seek out and collect any data they can. That makes it imperative for pretty much everyone creating any app that collects any data -- even for something as simple as a game like Angry Birds -- to learn how to properly protect that data and to protect their users. This goes for both small companies and large ones. For example, the reports show the NSA and GCHQ salivating over all of the information that Google Maps provides. Google has been taking a stand that says they're serious about protecting their users' data. If the company is serious about that it should take the lead in making phones much more secure from simple and easy tracking, as is detailed in these documents.




Reader Comments (rss)

(Flattened / Threaded)

  1.  
    identicon
    Anonymous Coward, Jan 27th, 2014 @ 10:54am

    What does NSA stand for again?

    I think we better start calling them the NIA, because they could care less about national security - it seems they're pretty much infatuated with the insecurity of Americans. They seem intent on not only hoarding details of the insecure nature of American infrastructure, devices, and privacy - but also using it to make huge databases of our daily lives to (eventually) blackmail us with.

     

    reply to this | link to this | view in thread ]

  2.  
    icon
    ChurchHatesTucker (profile), Jan 27th, 2014 @ 10:58am

    Re: What does NSA stand for again?

    NOSEY SMURF AGENCY

    Which is surely a trademark violation, no?

     

    reply to this | link to this | view in thread ]

  3.  
    identicon
    Anonymous Coward, Jan 27th, 2014 @ 11:02am

    Does that come with oral? If so I'm applying today!

     

    reply to this | link to this | view in thread ]

  4.  
    identicon
    Anonymous Coward, Jan 27th, 2014 @ 11:04am

    I will take them at their word

    The NSA is just hear to help. Don't you feel safer knowing they have the capability to gather all information from everyones phone? This is why we are so good at fighting terrorism and the reason why there has not been another 9/11, for god's sake. It's just like this rock I paid $7,999 for to keep tigers away from my house. Sure it's expensive and will seem silly to people that "just don't get it" but I have not had a single tiger atttack, so there!

     

    reply to this | link to this | view in thread ]

  5.  
    icon
    ChurchHatesTucker (profile), Jan 27th, 2014 @ 11:08am

    Re: I will take them at their word

    How much for your rock?

     

    reply to this | link to this | view in thread ]

  6.  
    identicon
    Anonymous Coward, Jan 27th, 2014 @ 11:17am

    Re: Re: I will take them at their word

    It's priceless. Really, the gift that keeps on giving. However, I may consider renting a picture of it to you for a monthly fee.

     

    reply to this | link to this | view in thread ]

  7.  
    identicon
    Anonymous Coward, Jan 27th, 2014 @ 11:18am

    Think maybe we can make up some NSA rocks???

    Instead of the children, think of the market!

     

    reply to this | link to this | view in thread ]

  8.  
    identicon
    Anonymous Coward, Jan 27th, 2014 @ 11:26am

    I should probably be embarrassed by this and admittedly , I am! and pretty pissed as well. How many of you sit on the throne with your droid in hand playing games, How many children take their phones a do the exact same thing . the nsa has now become the worlds largest porn and pedo ring.

     

    reply to this | link to this | view in thread ]

  9.  
    identicon
    BigKeithO, Jan 27th, 2014 @ 11:42am

    Just Buy King

    The NSA should just get it over with and buy King. Then when everyone agrees to the permission on Candy Crush Saga as they install the game the whole NSA spying scandal will go away. If everyone is agreeing to it, it can't be illegal!

    I'll let myself out.

     

    reply to this | link to this | view in thread ]

  10.  
    identicon
    Ron, Jan 27th, 2014 @ 11:47am

    CSEC is Canadian. In case anyone was wondering who that is.

     

    reply to this | link to this | view in thread ]

  11.  
    identicon
    Me, Jan 27th, 2014 @ 11:50am

    NSA Pedophiles

    My 11 year old niece pretty much lives on her iPhone. I'm glad the NSA thinks it's appropriate to invade the privacy of an 11 year old American girl who has done nothing wrong. If someone else did the *exact* same thing, they'd be in jail for kiddie porn and stalking.

     

    reply to this | link to this | view in thread ]

  12.  
    identicon
    Anonymous Coward, Jan 27th, 2014 @ 11:51am

    So who is selling NSA branded rocks? I smell an opportunity!

     

    reply to this | link to this | view in thread ]

  13.  
    identicon
    Lori, Jan 27th, 2014 @ 11:52am

    Google worse than NSA

    The average person shouldn't care at all about this. After all, most people use Google and Facebook on a regular basis. They represent a much greater threat to our privacy than the NSA. At least the NSA isn't going to feature my photo in an ad, or show me ads. Put another way, the NSA and Google both violate our privacy - Google goes a step further and exploits our personal information. If this stuff really does bother you, then perhaps you should start using privacy-based sites like DuckDuckGo, Ravetree, HushMail, etc.

     

    reply to this | link to this | view in thread ]

  14.  
    identicon
    ntlgnce, Jan 27th, 2014 @ 11:54am

    GREAT IDEA.

    Start releasing to the public all the ways the NSA gets into phones and computers, to get the information. Once its out in the mainstream, they have no choice but to close the security holes.

     

    reply to this | link to this | view in thread ]

  15.  
    identicon
    Anonymous Coward, Jan 27th, 2014 @ 11:54am

    so far the emphasis has been on the NSA and what it has been doing. that has to change now and bring GCHQ into the frame! it may take a bit of work to get the UK citizens aware of what is going on and the impact it is having on everyone but once they are aroused they will take things on and keep shaking, just like a terrier until the right answer is given. so far Cameron and May haven't served too well and as for Rifkin, who chaired one of the 'investigations' into what was going on, he may just as well have investigated the Beano Annual!

     

    reply to this | link to this | view in thread ]

  16.  
    identicon
    Anonymous Coward, Jan 27th, 2014 @ 12:02pm

    This post was a top story on Google News. WTG Techdirt!

     

    reply to this | link to this | view in thread ]

  17.  
    identicon
    Michael, Jan 27th, 2014 @ 12:48pm

    Re: Google worse than NSA

    Just to point it out again...

    You can opt out of using Facebook and Google. You have to choose them to provide your service. There is no opt-out for NSA surveillance.

    In addition, while Google and Facebook will use the information you have willingly provided them in exchange for using the services they provide for little to no monetary cost, the government can PUT YOU IN JAIL with information they gather.

     

    reply to this | link to this | view in thread ]

  18.  
    identicon
    Anonymous Coward, Jan 27th, 2014 @ 1:04pm

    Fox News is now referring to Edward Snowden as a whistleblower. That's a big change in winds.

     

    reply to this | link to this | view in thread ]

  19.  
    identicon
    Anonymous Coward, Jan 27th, 2014 @ 1:13pm

    Re: Re: Google worse than NSA

    Oh sure, you can avoid using their search engine. You cannot avoid, without extreme difficulty (& while still remaining on the internet) the myriad other vectors Google uses to suck data out of your ass.

     

    reply to this | link to this | view in thread ]

  20.  
    identicon
    Anonymous Coward, Jan 27th, 2014 @ 1:18pm

    Re: Re: Re: I will take them at their word

    You should sell licenses....and copyright that rock!

     

    reply to this | link to this | view in thread ]

  21.  
    icon
    jameshogg (profile), Jan 27th, 2014 @ 1:23pm

    It is just a matter of time before Digital Rights Management opens up the gates for the NSA, or is found out to have been doing so.

    And still you will get the disingenuous remark that the root cause of Digital Rights Management is piracy.

    "You might be a terrorist" and "you might be a thief" are one in the same falsehood.

     

    reply to this | link to this | view in thread ]

  22.  
    icon
    John Fenderson (profile), Jan 27th, 2014 @ 1:43pm

    Re: Re: Re: Google worse than NSA

    Actually, yes, you can. it's not even very hard. A quick internet search will show you lots of sites with instructions.

     

    reply to this | link to this | view in thread ]

  23.  
    identicon
    Anonymous Coward, Jan 27th, 2014 @ 1:59pm

    If your android, rooted, and Xposed, then try xprivecy on xda forums

    Restricts user/system app permission, mic/camera, storage......

    To the nsa

    "These are'nt the droids your looking for"

     

    reply to this | link to this | view in thread ]

  24.  
    icon
    MarcAnthony (profile), Jan 27th, 2014 @ 3:24pm

    Why do we care?

    From slide 13 in the first set of documents:
    "Why do we care?
    Additional exploitation"

    Never have truer words been written.

     

    reply to this | link to this | view in thread ]

  25.  
    identicon
    Anonymous Coward, Jan 27th, 2014 @ 4:09pm

    Re: Why do we care?

    Out of the mouths of evil babes

     

    reply to this | link to this | view in thread ]

  26.  
    identicon
    Anonymous Coward, Jan 27th, 2014 @ 7:45pm

    It's just as silly that game makers need to know where you are so they can send you location based advertisements. There's no grantee these companies won't abuse your data.

     

    reply to this | link to this | view in thread ]

  27.  
    identicon
    @b, Jan 27th, 2014 @ 9:41pm

    Re: Google worse than NSA

    You just made the 'RSA Cryptography Gambit'.

    We use G apps + fb 'presuming' the data isnt 100% private. Even if we skipped passed the T&C we agreed to be legally bound by.

    The complaint here is the NSA is spying secretly, illegally, unconstitionally, and explicitly (by design, since now all the world's phone+internet usage falls within the purview of espionage & terror) without voters' knowledge, let alone consent.

    If voters knew what comms the NSA spied on, then criminal-voters with any brains would go deeper underground. Beyond free public online popular well-known for-profit snoopy cloud services like Google android, gmail, G+, youtube etc.

     

    reply to this | link to this | view in thread ]

  28.  
    identicon
    Anonymous Coward, Jan 28th, 2014 @ 4:09am

    Re: Re: Re: Re: Google worse than NSA

    Oh "nice". Yeah, I'm not gonna google how to anti-google, what with google having the same exact knowledge, and as such, is quick to route around your aforementioned evasion tactics. Google is insidious.

     

    reply to this | link to this | view in thread ]

  29.  
    icon
    blue skies (profile), Jan 28th, 2014 @ 4:14am

    Re: Re: What does NSA stand for again?

    oh dear now I read nosey smurf agency everywhere I see the NSA acronym...and laughing out loud as a results. My colleagues will be so annoyed :)

     

    reply to this | link to this | view in thread ]

  30.  
    icon
    John Fenderson (profile), Jan 28th, 2014 @ 8:34am

    Re: Re: Re: Re: Re: Google worse than NSA

    You don't have to google for it. Use a different engine. Also, the techniques aren't something google can "route around", since they're all about how to make it impossible for your computer to talk to google's servers.

    I can't help you with your unbridled paranoia, though.

     

    reply to this | link to this | view in thread ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Save me a cookie
  • Note: A CRLF will be replaced by a break tag (<br>), all other allowable HTML will remain intact
  • Allowed HTML Tags: <b> <i> <a> <em> <br> <strong> <blockquote> <hr> <tt>
Follow Techdirt
A word from our sponsors...
Essential Reading
Techdirt Reading List
Techdirt Insider Chat
A word from our sponsors...
Recent Stories
A word from our sponsors...

Close

Email This