After revelations in the Guardian today, on the EU’s international Data Protection Day no less, that Angry Birds and other 'leaky' phone apps like Google Maps have been targeted by NSA and GCHQ for private user data, the app developer Rovio has responded by pointing the finger at third-party ad networks.
The allegations about the security of popular apps relate to documents leaked by Edward Snowden to Wikileaks and subsequently passed on to the Guardian, the New York Times and ProPublica.
They show that apps, where commercial data is collected by developers or advertising networks, are considered a target for spies, with Angry Birds used as a case study. Information that may have been intercepted includes phone model and screen size, personal details like age, gender, sexual orientation and sexual preferences, and location data, including live Google Maps queries.
'Anyone using Google Maps on a smartphone is working in support of GCHQ'
The documents do not show how much data has been collected, stored or searched, or how many people are affected, but a document from 2008 highlighted by the Guardian explains that the level of access 'effectively means that anyone using Google Maps on a smartphone is working in support of a GCHQ system'. And apps have certainly come a long way since then. The NSA has spent more than $1bn in its phone targeting efforts, the Guardian reports.
Rovio, who spoke to Mobile Marketing last week about its plans for the Angry Birds apps, which have been downloaded more than 2bn times to date, has now issued a statement. The company says that it ‘does not share data, collaborate or collude with any government spy agencies such as NSA or GCHQ anywhere in the world’.
“The alleged surveillance may be conducted through third-party advertising networks used by millions of commercial web sites and mobile applications across all industries,” Rovio said. “If advertising networks are indeed targeted, it would appear that no internet-enabled device that visits ad-enabled web sites or uses ad-enabled applications is immune to such surveillance. Rovio does not allow any third-party network to use or hand over personal end-user data from Rovio’s apps.”
'We will have to re-evaluate working with these networks'
Mikael Hed, CEO of Rovio Entertainment, added: “The most important conversation to be had is how to ensure user privacy is protected while preventing the negative impact on the whole advertising industry and the countless mobile apps that rely on ad networks. In order to protect our end users, we will, like all other companies using third-party advertising networks, have to re-evaluate working with these networks if they are being used for spying purposes.”
We have reached out to ad networks working with Rovio, including Millennial Media, Nexage and Google's DoubleClick, along with the relevant industry bodies and privacy campaigners to comment on the story. Watch this space.