The US National Security Agency and its UK counterpart, GCHQ, have the ability to harvest sensitive personal data from phone apps that transmit users’ data across the web, such as the extremely popular Angry Birds game.
Along with obtaining information about the specific dimensions and model of an individual’s iPhone or Android, the intelligence agencies are also able to acquire details on that person’s age, gender, and location. Details about a user’s political affiliation, sexual orientation, and how promiscuous they are may also be vulnerable.
This information – which was revealed in dozens of top secret documents provided by NSA whistleblower Edward Snowden – was first reported Monday by the Guardian in partnership with the New York Times and ProPublica.
Both the NSA and GCHQ are able to “piggyback” on third party advertisements that a user unwittingly brings onto their device when they first download an app. Those ads, along with geolocation information embedded in images a user uploads to a social media site like Facebook and Twitter, essentially pinpoints where an individual is in the world.
The slides published Monday by the Guardian also show that the intelligence behemoths can glean a person’s home country, current location, age, gender, zip code, marital status – with “single,” “married,” “divorced,” “swinger,” and more among the options – income, ethnicity, sexual orientation, education level, and number of children.
A more sophisticated effort collects location information by intercepting Google map queries from smartphones. It was deemed to be so successful that GCHQ noted in a 2008 document that it “effectively means that anyone using Google maps on a smartphone is working in support of a GCHQ system.”
Scooping up data from apps allows the agencies to gather large quantities of mobile phone data from their existing mass surveillance tools rather than hacking into individual mobile handsets.
Tapping into phone information is a high priority effort for the agencies, as terrorists and other intelligence targets often use mobile phones to plan illegal activities.
One effort by GCHQ and the NSA consists of a database that geolocates every mobile phone mast in the world. This allows the agencies to gather the mast ID used with any handset, thus giving them a rough location for a particular phone.
The latest disclosures add to the public’s concern about how spy agencies and the technology sector use information, particularly outside the US where people have fewer privacy protections than Americans. However, the NSA says it only deploys its capabilities against “valid foreign intelligence agencies” and does not target Americans.