As part of their arsenal of spying tools, the National Security Agency and its British counterpart, the GCHQ, are sucking up personal data leaked from smartphone apps, according to documents provided by NSA whistleblower Edward Snowden.
Smartphone users may have numerous apps on their phones to play games, navigate and use social networking sites, but these data-using and data-gathering tools also appear to be providing a treasure trove of information for the NSA and GCHQ to exploit.
According to their reporting, the spy agencies collaborated to work out how to best obtain and store all the data—which could include users' age, geolocation, sexual orientation, address books, marital status, number of children and other personal information—from the burgeoning number of from iPhone and Android apps.
One app GCHQ specified as being amongst its targets for gathering data is the popular game AngryBirds, while a 2010 slide from the NSA seen by the news agencies titled "Golden Nugget!" says that a "target uploading a photo to a social media site taken with a mobile device" is a "perfect scenario."
The Guardian reports:
In practice, most major social media sites, such as Facebook and Twitter, strip photos of identifying location metadata (known as EXIF data) before publication. However, depending on when this is done during upload, such data may still, briefly, be available for collection by the agencies as it travels across the networks.
Another goldmine app for surveillance listed was Google Maps. From the Times and ProPublica:
Intelligence agencies collect so much data from the app that “you’ll be able to clone Google’s database” of global searches for directions, according to a top-secret N.S.A. report from 2007.
“It effectively means that anyone using Google Maps on a smartphone is working in support of a G.C.H.Q. system,” a secret 2008 report by the British agency says.
The pathways for the NSA and GCHQ to gather all this app data was already established, ProPublica and the Times explain:
The agencies have long been intercepting earlier generations of cellphone traffic like text messages and metadata from nearly every segment of the mobile network — and, more recently, mobile traffic running on Internet pipelines. Because those same networks carry the rush of data from leaky apps, the agencies have a ready-made way to collect and store this new resource.
The documents did not reveal how many users were affected or how often the collection took place, nor did they state that companies provided the user data to the spy agencies.
Part of a statement from the NSA provided to the Guardian said, "We collect only those communications that we are authorized by law to collect for valid foreign intelligence and counterintelligence purposes – regardless of the technical means used by the targets."