One of the first revelations by Edward Snowden, a former contract employee of the National Security Agency, involved the NSA's use of popular services for data gathering. Among these services were Facebook and Gmail, which the NSA had been using since 2007 to obtain information on people around the world. Now, new information reportedly released by Snowden shows the NSA also tapped into mobile apps like Angry Birds and Twitter to collect data.
By tapping into these applications, both the NSA and its British counterpart, GCHQ, have been able to collect end-user information like GPS location, age and ethnicity. Much of this information is already shared with advertising networks, which may allow the NSA to collect data from numerous applications as long as they are reliant on the same ad providers.
Some of the latest Snowden documents, reported by The Guardian newspaper in the U.K. and The New York Times and ProPublica in the U.S., were accompanied by NSA or GCHQ presentation slides. Within the presentation was a slide titled "Golden Nugget," which stated that the "perfect scenario" for data collection would be a photo posted to a social media Web site that originates from a mobile device. This is presumably the "perfect scenario" because of how much information can be obtained by examining just one photo.
Other slides and documents accompanying the presentation detailed various ways that the spy agencies would be able to use "leaky" applications to grab data. Twitter and Facebook both remove private information encoded into photos before they go public, but if the NSA or GCHQ has access to the media files early in the upload process, that data -- such as time, date, GPS location and what type of camera or smartphone took the photo -- may still be present.
Angry Birds Denial
Just as companies denied any involvement with the NSA in early 2013, when the first Snowden documents were released, app creators are doing the same now. Rovio, the creator of the hit mobile app Angry Birds, has already issued a statement claiming it had no knowledge of the NSA's data collection, and instead blamed ad networks for the lack of user privacy.
"Rovio Entertainment Ltd, which is headquartered in Finland, does not share data, collaborate or collude with any government spy agencies such as NSA or GCHQ anywhere in the world," the company said. "The alleged surveillance may be conducted through third-party ad networks used by millions of commercial Web sites and mobile applications across all industries."
By denying any responsibility for the NSA's ability to collect data on users, Rovio has brought up an important point, that the ad networks used by thousands of services are in control of user data as well. Unlike if the NSA was to break into a single app, infiltrating an ad network would yield far more data. While Rovio is making the claim that ad networks could be responsible, it is still not clear where the NSA is infiltrating to obtain the information.