If you're spending hours on your phone playing games like Angry Birds and Candy Crush Saga, or posting online to Google+ and Pinterest, you're probably being spied on. The latest releases from NSA whistle blower Edward Snowden reveal that the National Security Agency, and its UK counterpart, GCHQ, are mining the ad networks utilized in these apps to collect a trove of information on you.
This led to hackers defacing the Angry Birds website, superimposing the NSA logo over an "Spying Birds" character.
According to Michael Sutton, VP of Security Research at global cloud-based information security company Zscaler, "Privacy is dead in the digital world that we live in".
The companies' analysis found that "96 percent of the top 25 social-networking apps request e-mail access, 92 percent ask for access to users' address books, and 84 percent inquire about their physical locations," and that most people give these apps the information they want.
While the apps in question may be secure, the information they collect is gathered through ad network data, with AdMob and Millennial Media as two of the largest of the dozens of networks that collect data and share it with marketers. Millennial Media, which partners with Rovio (Angry Birds), Zynga (Farmville), Activision (Call of Duty), and many others, has the ability to gather not just standard information like age and location, but also ethnicity, marital status, and sexual orientation.
"In order to protect our end users, we will, like all other companies using third-party advertising networks, have to re-evaluate working with these networks if they are being used for spying purposes," said Mikael Hed, Rovio's CEO, in the statement.
In addition to your games, documents reveal that uploading and sharing photos taken on your device also present a prime opportunity for snooping. While companies like Facebook and Twitter generally strip uploaded media of EXIF data—location, picture size, phone model, etc.—there may be a point within the upload transmission where this data is readable.
Yikes! But let's not forget about the GCHQ, who managed to get cute with their tactics, referring to various tools as "smurfs".
So the question becomes, "what can we do to protect ourselves?" The simple answer is, nothing. Until there is a sea change regarding how these agencies collect information, our only recourse is not stop feeding them, and the only way to do that is to take yourself off the grid. Sound reasonable? Yea, didn't think so.
Maybe the best piece of advice comes from Zscaler's Michael Sutton. "I tell people, unless you are comfortable putting that statement on a billboard in Times Square and having everyone see it, I would not share that information digitally."