fb-pixel Skip to main content

Spy agencies mining data from smartphone apps

US, UK able to tap new features, documents show

US and British surveillance agencies are sharing formulas for gathering personal information from cellphone apps, files leaked by Edward Snowden showed.LARRY W. SMITH/EPA

NEW YORK — When a smartphone user opens Angry Birds, the popular game application, and starts slinging birds at chortling green pigs, spies could be lurking in the background to snatch data revealing the player’s location, age, sex, and other personal information, according to secret British intelligence documents.

In their globe-spanning surveillance, the National Security Agency and its British counterpart have been trying to exploit a basic byproduct of modern telecommunications: With each new generation of mobile phone technology, ever greater amounts of personal data pour onto networks where spies can pick it up.

According to dozens of previously undisclosed classified documents, among the most valuable of those unintended intelligence tools are so-called leaky apps that disclose everything from users’ smartphone identification codes to where they have been that day.

Advertisement



The NSA and Britain’s Government Communications Headquarters were working together on how to collect and store data from dozens of smartphone apps by 2007, according to the documents, provided by Edward J. Snowden, the former NSA contractor.

Since then, the agencies have traded recipes for grabbing location and planning data when a target uses Google Maps and for vacuuming up address books, buddy lists, phone logs, and the geographic data embedded in photos when someone sends a post to the mobile versions of Facebook, Flickr, LinkedIn, Twitter, and other services.

The eavesdroppers’ pursuit of mobile networks has been outlined in earlier reports, but the secret documents, shared by The New York Times, The Guardian, and ProPublica, offer far more details of their ambitions for smartphones.

The efforts were part of an initiative called “the mobile surge,” according to a 2011 British document, an analogy to the troop surges in Iraq and Afghanistan. One NSA analyst’s enthusiasm was evident in the breathless title — “Golden Nugget!” — given to one slide for a top-secret 2010 talk describing iPhones and Android phones as rich resources, a document notes.

Advertisement



The scale and the specifics of the data haul are not clear. The documents show that the NSA and the British agency routinely obtain information from certain apps, particularly some of those introduced earliest to cellphones.

With some newer apps, including Angry Birds, the agencies have a similar capability, the documents show, but they do not make explicit whether the spies have put that into practice.

Some personal data, developed in profiles by advertising companies, could be particularly sensitive: A secret 2012 British intelligence document says spies can scrub smartphone apps that contain such details as a user’s “political alignment” and sexual orientation.

President Obama offered new proposals this month to better protect the privacy of ordinary Americans and foreigners from government surveillance, including limits on how the NSA can view “metadata” of Americans’ phone calls — the routing information, time stamps, and other data associated with calls.

But he did not address the avalanche of information that the intelligence agencies get from leaky apps and other smartphone functions.

The documents do not address how many users might be affected or how often analysts would see personal data.

“NSA does not profile everyday Americans as it carries out its foreign intelligence mission,” the agency said in a written response to questions about the program. “Because some data of US persons may at times be incidentally collected in NSA’s lawful foreign intelligence mission, privacy protections for US persons exist across the entire process.”

Advertisement