NSA, GCHQ Spying On Angry Birds And Lots Of Phone Apps: Time For Mobile Security To Up Its Game

Privacy

from the game-over dept

Mon, Jan 27th 2014 10:49am — Mike Masnick

Having already "infiltrated" online games like Second Life and World of Warcraft, it appears that the NSA and GCHQ are also busy playing Angry Birds, Candy Crush and pretty much any other popular mobile app as well, as they've learned that such mobile apps are incredibly "leaky" when it comes to revealing information about who you are, what you do and where you are. In a new report based on Snowden documents, ProPublica, the NY Times and the Guardian all have stories about how deeply the US and UK intelligence agencies can dig into your mobile phone to collect just about anything they want on you. And, as usual, they appear somewhat gleeful about the whole thing, as one slide in a presentation talks about "the golden nugget!" in discussing how they can pull so much information:

Another set of slides, talking about how much information can be obtained from various mobile platforms, suggests that GCHQ and NSA can basically get just about anything from anyone. Take, for example, this slide about what they can get from an Android phone:

Yeah: "If its on the phone, we think we can get it." (Grammar nazis will note the misused "its" there, but everyone else will be concerned about the implications here). Similarly things like "NOSEY SMURF" suggest the ability to turn on the phone's microphone to automatically tap anyone with a phone from anywhere.

Of course, a big part of the issue here is the lack of concern or focus on encrypting and securing mobile apps and data. While there's been increasing talk about encrypting everything on the web, the main focus has been on the desktop. And while there are things like VPNs and security for mobile phones, it's been much less of a priority for many. That needs to change.

In talking about the NSA issue with a variety of startups lately, it's been somewhat depressing to hear more than a few suggest that they were unwilling to speak up, because they were afraid it would shine more of a light on how weak their own privacy and data protection efforts have been. I've told multiple companies that the proper response to this is not to stay quiet but to fix your own data management in order to protect your users. Because sooner or later, people were going to find out about leaky data like this one way or the other.

At this point, it's clear that the NSA, GCHQ and others will seek out and collect any data they can. That makes it imperative for pretty much everyone creating any app that collects any data -- even for something as simple as a game like Angry Birds -- to learn how to properly protect that data and to protect their users. This goes for both small companies and large ones. For example, the reports show the NSA and GCHQ salivating over all of the information that Google Maps provides. Google has been taking a stand that says they're serious about protecting their users' data. If the company is serious about that it should take the lead in making phones much more secure from simple and easy tracking, as is detailed in these documents.

Converged Analysis of Smartphone Devices Nsa May (PDF)Converged Analysis of Smartphone Devices Nsa May (Text)

Mobile Theme Briefing Gchq May 2010 (PDF)Mobile Theme Briefing Gchq May 2010 (Text)

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: angry birds, encryption, gchq, mobile apps, mobile phones, nsa, security, surveillance

31 Comments

If you liked this post, you may also be interested in...

Reader Comments

Subscribe: RSS

View by: Time | Thread

Anonymous Coward, 27 Jan 2014 @ 10:54am

What does NSA stand for again?
I think we better start calling them the NIA, because they could care less about national security - it seems they're pretty much infatuated with the insecurity of Americans. They seem intent on not only hoarding details of the insecure nature of American infrastructure, devices, and privacy - but also using it to make huge databases of our daily lives to (eventually) blackmail us with.
[ link to this | view in chronology ]
- ChurchHatesTucker (profile), 27 Jan 2014 @ 10:58am
  
  Re: What does NSA stand for again?
  NOSEY SMURF AGENCY
  
  Which is surely a trademark violation, no?
  [ link to this | view in chronology ]
  - blue skies (profile), 28 Jan 2014 @ 4:14am
    
    Re: Re: What does NSA stand for again?
    oh dear now I read nosey smurf agency everywhere I see the NSA acronym...and laughing out loud as a results. My colleagues will be so annoyed :)
    [ link to this | view in chronology ]
Anonymous Coward, 27 Jan 2014 @ 11:02am

Does that come with oral? If so I'm applying today!
[ link to this | view in chronology ]
Anonymous Coward, 27 Jan 2014 @ 11:04am

I will take them at their word
The NSA is just hear to help. Don't you feel safer knowing they have the capability to gather all information from everyones phone? This is why we are so good at fighting terrorism and the reason why there has not been another 9/11, for god's sake. It's just like this rock I paid $7,999 for to keep tigers away from my house. Sure it's expensive and will seem silly to people that "just don't get it" but I have not had a single tiger atttack, so there!
[ link to this | view in chronology ]
- ChurchHatesTucker (profile), 27 Jan 2014 @ 11:08am
  
  Re: I will take them at their word
  How much for your rock?
  [ link to this | view in chronology ]
  - Anonymous Coward, 27 Jan 2014 @ 11:17am
    
    Re: Re: I will take them at their word
    It's priceless. Really, the gift that keeps on giving. However, I may consider renting a picture of it to you for a monthly fee.
    [ link to this | view in chronology ]
    - Anonymous Coward, 27 Jan 2014 @ 1:18pm
      
      Re: Re: Re: I will take them at their word
      You should sell licenses....and copyright that rock!
      [ link to this | view in chronology ]
Anonymous Coward, 27 Jan 2014 @ 11:18am

Think maybe we can make up some NSA rocks???

Instead of the children, think of the market!
[ link to this | view in chronology ]
Anonymous Coward, 27 Jan 2014 @ 11:26am

I should probably be embarrassed by this and admittedly , I am! and pretty pissed as well. How many of you sit on the throne with your droid in hand playing games, How many children take their phones a do the exact same thing . the nsa has now become the worlds largest porn and pedo ring.
[ link to this | view in chronology ]
BigKeithO, 27 Jan 2014 @ 11:42am

Just Buy King
The NSA should just get it over with and buy King. Then when everyone agrees to the permission on Candy Crush Saga as they install the game the whole NSA spying scandal will go away. If everyone is agreeing to it, it can't be illegal!

I'll let myself out.
[ link to this | view in chronology ]
Ron, 27 Jan 2014 @ 11:47am

CSEC is Canadian. In case anyone was wondering who that is.
[ link to this | view in chronology ]
Me, 27 Jan 2014 @ 11:50am

NSA Pedophiles
My 11 year old niece pretty much lives on her iPhone. I'm glad the NSA thinks it's appropriate to invade the privacy of an 11 year old American girl who has done nothing wrong. If someone else did the *exact* same thing, they'd be in jail for kiddie porn and stalking.
[ link to this | view in chronology ]
Anonymous Coward, 27 Jan 2014 @ 11:51am

So who is selling NSA branded rocks? I smell an opportunity!
[ link to this | view in chronology ]
Lori, 27 Jan 2014 @ 11:52am

Google worse than NSA
The average person shouldn't care at all about this. After all, most people use Google and Facebook on a regular basis. They represent a much greater threat to our privacy than the NSA. At least the NSA isn't going to feature my photo in an ad, or show me ads. Put another way, the NSA and Google both violate our privacy - Google goes a step further and exploits our personal information. If this stuff really does bother you, then perhaps you should start using privacy-based sites like DuckDuckGo, Ravetree, HushMail, etc.
[ link to this | view in chronology ]
- Michael, 27 Jan 2014 @ 12:48pm
  
  Re: Google worse than NSA
  Just to point it out again...
  
  You can opt out of using Facebook and Google. You have to choose them to provide your service. There is no opt-out for NSA surveillance.
  
  In addition, while Google and Facebook will use the information you have willingly provided them in exchange for using the services they provide for little to no monetary cost, the government can PUT YOU IN JAIL with information they gather.
  [ link to this | view in chronology ]
  - Anonymous Coward, 27 Jan 2014 @ 1:13pm
    
    Re: Re: Google worse than NSA
    Oh sure, you can avoid using their search engine. You cannot avoid, without extreme difficulty (& while still remaining on the internet) the myriad other vectors Google uses to suck data out of your ass.
    [ link to this | view in chronology ]
    - John Fenderson (profile), 27 Jan 2014 @ 1:43pm
      
      Re: Re: Re: Google worse than NSA
      Actually, yes, you can. it's not even very hard. A quick internet search will show you lots of sites with instructions.
      [ link to this | view in chronology ]
      - Anonymous Coward, 28 Jan 2014 @ 4:09am
        
        Re: Re: Re: Re: Google worse than NSA
        Oh "nice". Yeah, I'm not gonna google how to anti-google, what with google having the same exact knowledge, and as such, is quick to route around your aforementioned evasion tactics. Google is insidious.
        [ link to this | view in chronology ]
        
        John Fenderson (profile), 28 Jan 2014 @ 8:34am
        
        Re: Re: Re: Re: Re: Google worse than NSA
        You don't have to google for it. Use a different engine. Also, the techniques aren't something google can "route around", since they're all about how to make it impossible for your computer to talk to google's servers.
        
        I can't help you with your unbridled paranoia, though.
        [ link to this | view in chronology ]
- @b, 27 Jan 2014 @ 9:41pm
  
  Re: Google worse than NSA
  You just made the 'RSA Cryptography Gambit'.
  
  We use G apps + fb 'presuming' the data isnt 100% private. Even if we skipped passed the T&C we agreed to be legally bound by.
  
  The complaint here is the NSA is spying secretly, illegally, unconstitionally, and explicitly (by design, since now all the world's phone+internet usage falls within the purview of espionage & terror) without voters' knowledge, let alone consent.
  
  If voters knew what comms the NSA spied on, then criminal-voters with any brains would go deeper underground. Beyond free public online popular well-known for-profit snoopy cloud services like Google android, gmail, G+, youtube etc.
  [ link to this | view in chronology ]
ntlgnce, 27 Jan 2014 @ 11:54am

GREAT IDEA.
Start releasing to the public all the ways the NSA gets into phones and computers, to get the information. Once its out in the mainstream, they have no choice but to close the security holes.
[ link to this | view in chronology ]
Anonymous Coward, 27 Jan 2014 @ 11:54am

so far the emphasis has been on the NSA and what it has been doing. that has to change now and bring GCHQ into the frame! it may take a bit of work to get the UK citizens aware of what is going on and the impact it is having on everyone but once they are aroused they will take things on and keep shaking, just like a terrier until the right answer is given. so far Cameron and May haven't served too well and as for Rifkin, who chaired one of the 'investigations' into what was going on, he may just as well have investigated the Beano Annual!
[ link to this | view in chronology ]
Anonymous Coward, 27 Jan 2014 @ 12:02pm

This post was a top story on Google News. WTG Techdirt!
[ link to this | view in chronology ]
Anonymous Coward, 27 Jan 2014 @ 1:04pm

Fox News is now referring to Edward Snowden as a whistleblower. That's a big change in winds.
[ link to this | view in chronology ]
jameshogg (profile), 27 Jan 2014 @ 1:23pm

It is just a matter of time before Digital Rights Management opens up the gates for the NSA, or is found out to have been doing so.

And still you will get the disingenuous remark that the root cause of Digital Rights Management is piracy.

"You might be a terrorist" and "you might be a thief" are one in the same falsehood.
[ link to this | view in chronology ]
Anonymous Coward, 27 Jan 2014 @ 1:59pm

If your android, rooted, and Xposed, then try xprivecy on xda forums

Restricts user/system app permission, mic/camera, storage......

To the nsa

"These are'nt the droids your looking for"
[ link to this | view in chronology ]
MarcAnthony (profile), 27 Jan 2014 @ 3:24pm

Why do we care?
From slide 13 in the first set of documents:
"Why do we care?
� Additional exploitation"

Never have truer words been written.
[ link to this | view in chronology ]
- Anonymous Coward, 27 Jan 2014 @ 4:09pm
  
  Re: Why do we care?
  Out of the mouths of evil babes
  [ link to this | view in chronology ]
Anonymous Coward, 27 Jan 2014 @ 7:45pm

It's just as silly that game makers need to know where you are so they can send you location based advertisements. There's no grantee these companies won't abuse your data.
[ link to this | view in chronology ]
nona, 22 Oct 2014 @ 10:23am

hacking iphones n htc by nazi spies
NSA grays out Wi fi on iPhone .disable physical power button.on HTC desire freeze and slow os and disable home buttons why? You oppose the wars. Peace no war say no to Nazi hacking of phones
[ link to this | view in chronology ]