NSA, GCHQ Spying On Angry Birds And Lots Of Phone Apps: Time For Mobile Security To Up Its Game

from the game-over dept

Having already "infiltrated" online games like Second Life and World of Warcraft, it appears that the NSA and GCHQ are also busy playing Angry Birds, Candy Crush and pretty much any other popular mobile app as well, as they've learned that such mobile apps are incredibly "leaky" when it comes to revealing information about who you are, what you do and where you are. In a new report based on Snowden documents, ProPublica, the NY Times and the Guardian all have stories about how deeply the US and UK intelligence agencies can dig into your mobile phone to collect just about anything they want on you. And, as usual, they appear somewhat gleeful about the whole thing, as one slide in a presentation talks about "the golden nugget!" in discussing how they can pull so much information:
Another set of slides, talking about how much information can be obtained from various mobile platforms, suggests that GCHQ and NSA can basically get just about anything from anyone. Take, for example, this slide about what they can get from an Android phone:
Yeah: "If its on the phone, we think we can get it." (Grammar nazis will note the misused "its" there, but everyone else will be concerned about the implications here). Similarly things like "NOSEY SMURF" suggest the ability to turn on the phone's microphone to automatically tap anyone with a phone from anywhere.

Of course, a big part of the issue here is the lack of concern or focus on encrypting and securing mobile apps and data. While there's been increasing talk about encrypting everything on the web, the main focus has been on the desktop. And while there are things like VPNs and security for mobile phones, it's been much less of a priority for many. That needs to change.

In talking about the NSA issue with a variety of startups lately, it's been somewhat depressing to hear more than a few suggest that they were unwilling to speak up, because they were afraid it would shine more of a light on how weak their own privacy and data protection efforts have been. I've told multiple companies that the proper response to this is not to stay quiet but to fix your own data management in order to protect your users. Because sooner or later, people were going to find out about leaky data like this one way or the other.

At this point, it's clear that the NSA, GCHQ and others will seek out and collect any data they can. That makes it imperative for pretty much everyone creating any app that collects any data -- even for something as simple as a game like Angry Birds -- to learn how to properly protect that data and to protect their users. This goes for both small companies and large ones. For example, the reports show the NSA and GCHQ salivating over all of the information that Google Maps provides. Google has been taking a stand that says they're serious about protecting their users' data. If the company is serious about that it should take the lead in making phones much more secure from simple and easy tracking, as is detailed in these documents.


Hide this

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: angry birds, encryption, gchq, mobile apps, mobile phones, nsa, security, surveillance


Reader Comments

Subscribe: RSS

View by: Time | Thread


  • identicon
    Anonymous Coward, 27 Jan 2014 @ 10:54am

    What does NSA stand for again?

    I think we better start calling them the NIA, because they could care less about national security - it seems they're pretty much infatuated with the insecurity of Americans. They seem intent on not only hoarding details of the insecure nature of American infrastructure, devices, and privacy - but also using it to make huge databases of our daily lives to (eventually) blackmail us with.

    link to this | view in chronology ]

    • icon
      ChurchHatesTucker (profile), 27 Jan 2014 @ 10:58am

      Re: What does NSA stand for again?

      NOSEY SMURF AGENCY

      Which is surely a trademark violation, no?

      link to this | view in chronology ]

      • icon
        blue skies (profile), 28 Jan 2014 @ 4:14am

        Re: Re: What does NSA stand for again?

        oh dear now I read nosey smurf agency everywhere I see the NSA acronym...and laughing out loud as a results. My colleagues will be so annoyed :)

        link to this | view in chronology ]

  • identicon
    Anonymous Coward, 27 Jan 2014 @ 11:02am

    Does that come with oral? If so I'm applying today!

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 27 Jan 2014 @ 11:04am

    I will take them at their word

    The NSA is just hear to help. Don't you feel safer knowing they have the capability to gather all information from everyones phone? This is why we are so good at fighting terrorism and the reason why there has not been another 9/11, for god's sake. It's just like this rock I paid $7,999 for to keep tigers away from my house. Sure it's expensive and will seem silly to people that "just don't get it" but I have not had a single tiger atttack, so there!

    link to this | view in chronology ]

    • icon
      ChurchHatesTucker (profile), 27 Jan 2014 @ 11:08am

      Re: I will take them at their word

      How much for your rock?

      link to this | view in chronology ]

      • identicon
        Anonymous Coward, 27 Jan 2014 @ 11:17am

        Re: Re: I will take them at their word

        It's priceless. Really, the gift that keeps on giving. However, I may consider renting a picture of it to you for a monthly fee.

        link to this | view in chronology ]

        • identicon
          Anonymous Coward, 27 Jan 2014 @ 1:18pm

          Re: Re: Re: I will take them at their word

          You should sell licenses....and copyright that rock!

          link to this | view in chronology ]

  • identicon
    Anonymous Coward, 27 Jan 2014 @ 11:18am

    Think maybe we can make up some NSA rocks???

    Instead of the children, think of the market!

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 27 Jan 2014 @ 11:26am

    I should probably be embarrassed by this and admittedly , I am! and pretty pissed as well. How many of you sit on the throne with your droid in hand playing games, How many children take their phones a do the exact same thing . the nsa has now become the worlds largest porn and pedo ring.

    link to this | view in chronology ]

  • identicon
    BigKeithO, 27 Jan 2014 @ 11:42am

    Just Buy King

    The NSA should just get it over with and buy King. Then when everyone agrees to the permission on Candy Crush Saga as they install the game the whole NSA spying scandal will go away. If everyone is agreeing to it, it can't be illegal!

    I'll let myself out.

    link to this | view in chronology ]

  • identicon
    Ron, 27 Jan 2014 @ 11:47am

    CSEC is Canadian. In case anyone was wondering who that is.

    link to this | view in chronology ]

  • identicon
    Me, 27 Jan 2014 @ 11:50am

    NSA Pedophiles

    My 11 year old niece pretty much lives on her iPhone. I'm glad the NSA thinks it's appropriate to invade the privacy of an 11 year old American girl who has done nothing wrong. If someone else did the *exact* same thing, they'd be in jail for kiddie porn and stalking.

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 27 Jan 2014 @ 11:51am

    So who is selling NSA branded rocks? I smell an opportunity!

    link to this | view in chronology ]

  • identicon
    Lori, 27 Jan 2014 @ 11:52am

    Google worse than NSA

    The average person shouldn't care at all about this. After all, most people use Google and Facebook on a regular basis. They represent a much greater threat to our privacy than the NSA. At least the NSA isn't going to feature my photo in an ad, or show me ads. Put another way, the NSA and Google both violate our privacy - Google goes a step further and exploits our personal information. If this stuff really does bother you, then perhaps you should start using privacy-based sites like DuckDuckGo, Ravetree, HushMail, etc.

    link to this | view in chronology ]

    • identicon
      Michael, 27 Jan 2014 @ 12:48pm

      Re: Google worse than NSA

      Just to point it out again...

      You can opt out of using Facebook and Google. You have to choose them to provide your service. There is no opt-out for NSA surveillance.

      In addition, while Google and Facebook will use the information you have willingly provided them in exchange for using the services they provide for little to no monetary cost, the government can PUT YOU IN JAIL with information they gather.

      link to this | view in chronology ]

      • identicon
        Anonymous Coward, 27 Jan 2014 @ 1:13pm

        Re: Re: Google worse than NSA

        Oh sure, you can avoid using their search engine. You cannot avoid, without extreme difficulty (& while still remaining on the internet) the myriad other vectors Google uses to suck data out of your ass.

        link to this | view in chronology ]

        • icon
          John Fenderson (profile), 27 Jan 2014 @ 1:43pm

          Re: Re: Re: Google worse than NSA

          Actually, yes, you can. it's not even very hard. A quick internet search will show you lots of sites with instructions.

          link to this | view in chronology ]

          • identicon
            Anonymous Coward, 28 Jan 2014 @ 4:09am

            Re: Re: Re: Re: Google worse than NSA

            Oh "nice". Yeah, I'm not gonna google how to anti-google, what with google having the same exact knowledge, and as such, is quick to route around your aforementioned evasion tactics. Google is insidious.

            link to this | view in chronology ]

            • icon
              John Fenderson (profile), 28 Jan 2014 @ 8:34am

              Re: Re: Re: Re: Re: Google worse than NSA

              You don't have to google for it. Use a different engine. Also, the techniques aren't something google can "route around", since they're all about how to make it impossible for your computer to talk to google's servers.

              I can't help you with your unbridled paranoia, though.

              link to this | view in chronology ]

    • identicon
      @b, 27 Jan 2014 @ 9:41pm

      Re: Google worse than NSA

      You just made the 'RSA Cryptography Gambit'.

      We use G apps + fb 'presuming' the data isnt 100% private. Even if we skipped passed the T&C we agreed to be legally bound by.

      The complaint here is the NSA is spying secretly, illegally, unconstitionally, and explicitly (by design, since now all the world's phone+internet usage falls within the purview of espionage & terror) without voters' knowledge, let alone consent.

      If voters knew what comms the NSA spied on, then criminal-voters with any brains would go deeper underground. Beyond free public online popular well-known for-profit snoopy cloud services like Google android, gmail, G+, youtube etc.

      link to this | view in chronology ]

  • identicon
    ntlgnce, 27 Jan 2014 @ 11:54am

    GREAT IDEA.

    Start releasing to the public all the ways the NSA gets into phones and computers, to get the information. Once its out in the mainstream, they have no choice but to close the security holes.

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 27 Jan 2014 @ 11:54am

    so far the emphasis has been on the NSA and what it has been doing. that has to change now and bring GCHQ into the frame! it may take a bit of work to get the UK citizens aware of what is going on and the impact it is having on everyone but once they are aroused they will take things on and keep shaking, just like a terrier until the right answer is given. so far Cameron and May haven't served too well and as for Rifkin, who chaired one of the 'investigations' into what was going on, he may just as well have investigated the Beano Annual!

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 27 Jan 2014 @ 12:02pm

    This post was a top story on Google News. WTG Techdirt!

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 27 Jan 2014 @ 1:04pm

    Fox News is now referring to Edward Snowden as a whistleblower. That's a big change in winds.

    link to this | view in chronology ]

  • icon
    jameshogg (profile), 27 Jan 2014 @ 1:23pm

    It is just a matter of time before Digital Rights Management opens up the gates for the NSA, or is found out to have been doing so.

    And still you will get the disingenuous remark that the root cause of Digital Rights Management is piracy.

    "You might be a terrorist" and "you might be a thief" are one in the same falsehood.

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 27 Jan 2014 @ 1:59pm

    If your android, rooted, and Xposed, then try xprivecy on xda forums

    Restricts user/system app permission, mic/camera, storage......

    To the nsa

    "These are'nt the droids your looking for"

    link to this | view in chronology ]

  • icon
    MarcAnthony (profile), 27 Jan 2014 @ 3:24pm

    Why do we care?

    From slide 13 in the first set of documents:
    "Why do we care?
    • Additional exploitation"

    Never have truer words been written.

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 27 Jan 2014 @ 7:45pm

    It's just as silly that game makers need to know where you are so they can send you location based advertisements. There's no grantee these companies won't abuse your data.

    link to this | view in chronology ]

  • identicon
    nona, 22 Oct 2014 @ 10:23am

    hacking iphones n htc by nazi spies

    NSA grays out Wi fi on iPhone .disable physical power button.on HTC desire freeze and slow os and disable home buttons why? You oppose the wars. Peace no war say no to Nazi hacking of phones

    link to this | view in chronology ]


Follow Techdirt
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Discord

The latest chatter on the Techdirt Insider Discord channel...

Loading...
Recent Stories

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it
Close

Email This

This feature is only available to registered users. Register or sign in to use it.