Tag Archives: Google Maps

‘Leaky Apps’ Scandal: Where Does the Buck Stop?

Apps stock imageThis week’s revelations about the role that app developers and advertising networks may have (potentially accidentally) played in UK and US government spying raises very important questions for the mobile industry.

Aside from Rovio, which released a comprehensive statement assuring its users that it does not give data to spying agencies, and levelling blame at third-party networks, the silence from the industry has been deafening.

Google’s Doubleclick ads are among those served within Rovio’s Angry Birds, which implicates the company in this alleged haemorrhaging of personal details. Google is also an app owner, with its suite of productivity apps among the most widely used in the world, giving it even greater visibility of data and relevant security issues.

Google: No comment

Asked what the company made of the Wikileaks information, a Google spokesperson said: “We don’t have a comment on this.” When pressed on its responsibility to its users, Google added: “No one’s available for comment.”

Ad networks including Millennial Media and Nexage also serve ads within Rovio’s apps. Millennial Media’s EMEA content and communications manager Dave Ross-Tomlin, made a short statement yesterday. “There has been reporting over the last 24 hours about the collection of mobile data by government ‘spy’ agencies,” he said. “Let us be clear: Millennial Media has not and does not work with, nor pass information to, the NSA, GCHQ, or any other such agencies.”

The company said that it uses non-personally identifiable data provided by publishers – in this case, app developers – with the permission of users. It then adds additional filtering for regulatory compliance, relating to laws like the Children’s Online Privacy Protection Act. We were directed to their privacy policy but Millennial could not give any more detail about whether data could have been collected without them knowing and, if so, how this could be stopped in the future.

MMA: We take privacy seriously

It is not entirely clear within whose jurisdiction this lies and who should be held accountable if consumers’ privacy is infringed. While the Internet Advertising Bureau said it is unable to comment, Stephen Upstone, UK chair of the Mobile Marketing Association, a trade body for the industry, said that his organisation and its members take the issue of consumer privacy very seriously.

“I am not aware of any companies sharing of customer data accidentally or deliberately,” Upstone said. “The MMA takes an active role in encouraging regulation and best practice with the mobile marketing and advertising industry globally. We consult with brand marketers, advertising agencies, publishers, software and service suppliers on behalf of the industry and consumers.”

When asked who could be held responsible if data has been handed over to security services, purposefully of not, Upstone added: “Individual companies that handle data are responsible for ensuring it is properly handled, securely stored and that the laws and regulations are being respected. App developers who work with third-party suppliers and manage data are responsible for choosing vendors who are managing data properly.”

Rovio has said that it is now re-evaluating its work with ad networks as it considers how to ensure that data is not made so freely available in future, but without clear evidence of who has done what, many in the industry face having this key app ad inventory removed from their arsenal. And with little response from app developers and the ad networks they work with, it is difficult to know how the industry can stop this happening in the future.

ICO: We have raised concerns about US spying

We got in touch with a number of consumer protection organisations, including Consumer Future and Which?, but they were unable to comment as they did not have the relevant expertise. An Information Commissioner spokesperson said that app developers must comply with the requirements of the Data Protection Act, including being open about how data will be used and that data collection is not excessive, on which the organisation has created guidelines.

On the NSA and surveillance, the ICO spokesperson said: “There are real issues about the extent to which US law enforcement agencies can access personal data of UK and other European citizens. Aspects of US law under which companies can be compelled to provide information to US agencies potentially conflict with European data protection law, including the UK’s own Data Protection Act. The ICO has raised this with its European counterparts, and the issue is being considered by the European Commission, who are in discussions with the US Government.”

This is just the latest in a long list of examples of government infringing on civil liberties, so are people right to ask whether privacy itself is a thing of the past? Online security firm Bitdefender says that users who embrace privacy are ‘denied access to modern technology’.

Bitdefender: Internet is a pool of data waiting to be mined

“Many of the apps that we install on a daily basis are paid for with our private details,” said Alexandru Catalin Cosoi, chief security strategist at Bitdefender. ”On one hand, advertisers are becoming greedier and greedier, because the more personal information they get, the more accurate their profiling, and on the other hand, developers are better paid if they accept the task of getting more information for the advertiser.

“It looks like a win-win situation, but the end-user has the most to lose in the case of a data breach, and what’s most harmful is that most of the time they aren’t even aware that their private information is being harvested. Social networks are booming and a good chunk of users either have no idea how to, or do not care about, safely using these. The internet has become a pool of personal information ready to be mined.”

It was announced yesterday that Ed Snowden, the man who did some data mining of his own when he leaked documents about government spying to Wikileaks, has been nominated for the Nobel Peace Price. But the prize is not without its critics, with past nominees including Joseph Stalin.

In an interview in December Edward Snowden said: “I didn’t want to change society. I wanted to give society a chance to determine if it should change itself.” These revelations look like a good opportunity for the mobile industry to do some soul-searching of its own.

We reached out to a number of ad networks, including Nexage and Medaiplex, who did not get back to us. Adblock, creators of software to stop ads, declined to comment and App Annie, the app data analytics platform that tracks 3.9m apps, said it ‘may be next week when they engage with the question’. We are awaiting further comment from a number of other organisations. 

Written for Mobile Marketing Magazine and first published here:  http://mobilemarketingmagazine.com/leaky-apps-scandal-where-does-the-buck-stop/#vouAJQ4eioHpUut1.99

Rovio Points to Ad Networks Over Data Leaks to NSA and GCHQ

Angry Birds CartoonAfter revelations in the Guardian today, on the EU’s international Data Protection Day no less, that Angry Birds and other ‘leaky’ phone apps like Google Maps have been targeted by NSA and GCHQ for private user data, the app developer Rovio has responded by pointing the finger at third-party ad networks.

The allegations about the security of popular apps relate to documents leaked by Edward Snowden to Wikileaks and subsequently passed on to the Guardian, the New York Times and ProPublica.

They show that apps, where commercial data is collected by developers or advertising networks, are considered a target for spies, with Angry Birds used as a case study. Information that may have been intercepted includes phone model and screen size, personal details like age, gender, sexual orientation and sexual preferences, and location data, including live Google Maps queries.

‘Anyone using Google Maps on a smartphone is working in support of GCHQ’ 

The documents do not show how much data has been collected, stored or searched, or how many people are affected, but a document from 2008 highlighted by the Guardian explains that the level of access ‘effectively means that anyone using Google Maps on a smartphone is working in support of a GCHQ system’. And apps have certainly come a long way since then. The NSA has spent more than $1bn in its phone targeting efforts, the Guardian reports.

Rovio, who spoke to Mobile Marketing last week about its plans for the Angry Birds apps, which have been downloaded more than 2bn times to date, has now issued a statement. The company says that it ‘does not share data, collaborate or collude with any government spy agencies such as NSA or GCHQ anywhere in the world’.

“The alleged surveillance may be conducted through third-party advertising networks used by millions of commercial web sites and mobile applications across all industries,” Rovio said. “If advertising networks are indeed targeted, it would appear that no internet-enabled device that visits ad-enabled web sites or uses ad-enabled applications is immune to such surveillance. Rovio does not allow any third-party network to use or hand over personal end-user data from Rovio’s apps.”

‘We will have to re-evaluate working with these networks’

Mikael Hed, CEO of Rovio Entertainment, added: “The most important conversation to be had is how to ensure user privacy is protected while preventing the negative impact on the whole advertising industry and the countless mobile apps that rely on ad networks. In order to protect our end users, we will, like all other companies using third-party advertising networks, have to re-evaluate working with these networks if they are being used for spying purposes.”

We have reached out to ad networks working with Rovio, including Millennial Media, Nexage and Google’s DoubleClick, along with the relevant industry bodies and privacy campaigners to comment on the story. Watch this space.

Written for Mobile Marketing Magazine and first published here: http://mobilemarketingmagazine.com/rovio-points-to-ad-networks-over-data-leaks-to-nsa-and-gchq/#LVXpgpxoBCtYwy80.99