The National Security Agency (NSA) and the UK Government Communications Headquarters (GCHQ) have been able to collect the masses of information leaked by new generation iPhone and Android apps, according to a report from the Guardian based on classified documents provided by NSA whistleblower Edward Snowden.
A series of documents, as well as an NSA presentation on getting data from smartphones, have revealed how the government bodies can use the information leaked from apps.
The information they can gather appears to range from the model of phone and the unique ID of the handset and screen size, through to more intimate details such as age, gender, location and even sexual orientation.
According to the Guardian, the NSA and GCHQ have made significant efforts to “piggyback on this commercial data collection for their own purposes.”
According to data journalist James Ball “Scooping up information the apps are sending about their users allows the agencies to collect large quantities of mobile phone data from their existing mass surveillance tools – such as cable taps, or from international mobile networks – rather than solely from hacking into individual mobile handsets."
A number of documents were cited in the report, including a May 2010 NSA presentation titled ‘Golden Nugget!’ which specifically looked at what information could be gathered when a user uploads a photo to a social media site from a mobile.
Despite sites like Facebook and Twitter removing personal Exchangeable image file format (EXIF) data before publication, the slide states that a "possible image", email selector, phone, buddy lists, and "a host of other social working data as well as location" could be retrieved.
Meanwhile a document dating back to 2008 revealed that the government bodies were able to intercept Google Maps queries made on smartphones, and use them to collect large volumes of location information. According to the document, it "effectively means that anyone using Google Maps on a smartphone is working in support of a GCHQ system."
It is not clear whether the agencies actually collect the data stored or transmitted by apps, or how many users may be affected.
However, the GCHQ uses gaming app Angry Birds – an app downloaded more than 1.7 billion times – as an example in one document detailing the information can be extracted from different ad platforms.
Saara Bergström, Rovio VP of marketing and communications, denied any knowledge pf the practice to the Guardian. She said: “Rovio doesn't have any previous knowledge of this matter, and have not been aware of such activity in 3rd party advertising networks. Nor do we have any involvement with the organisations you mentioned [NSA and GCHQ]."
The NSA and GCHQ had not commented on collecting the data leaked from apps at the time of writing.