NSA, GCHQ target 'leaky' apps to gather data on smartphone users, according to Snowden leak

The National Security Agency and its British counterpart, the Government Communications Headquarters, have been targeting smartphone applications as part of a years-long surveillance effort to gather data such as a smartphone users' locations and the unique identifying characteristics of their phones, according to documents leaked by former NSA contractor Edward Snowden.

The documents, which were leaked to and reported on by the New York Times, the Guardian and ProPublica, reveal that as far back as 2007, when the first iPhone was introduced, the NSA and GCHQ were collaborating on how to collect and store data from dozens of smartphone apps. The best source of data they found was from so-called leaky apps that send out location and other identifying data.

According to the reports, the scale and the specifics of the data is that is collected via these methods are unclear. However, the reports note that some personal data, developed in profiles by advertising companies, could be particularly sensitive. According to the Times, a secret British intelligence document dated in 2012 said that spies can determine a user's "political alignment" and sexual orientation by scrubbing apps.

It's also unclear how many users might be affected by these methods, whether Americans are included or how often analysts actually see personally identifiable information. The agencies apparently collect the data via methods similar to how they collect telephone metadata and other IP traffic.

"NSA does not profile everyday Americans as it carries out its foreign intelligence mission," the agency wrote in response to questions about the program. "Because some data of U.S. persons may at times be incidentally collected in NSA.'s lawful foreign intelligence mission, privacy protections for U.S. persons exist across the entire process." Similar protections, the agency said, are in place for "innocent foreign citizens."

GCHQ declined to comment on any specific program, but said all its activities are in line with British law.

Interestingly, one app that seems to have aroused particular interest at the spy agencies is Google (NASDAQ:GOOG) Maps. Spies got so much data from the app that "you'll be able to clone Google's database" of global searches for directions, according to a top-secret NSA report from 2007 cited by the Times. The use of Google Maps on phones is likely much higher now than it was then because of the explosive growth of Google's Android platform, which uses Google Maps as its default mapping app.

In December, the Washington Post reported that, according to documents leaked by Snowden, the NSA is tracking the location data and movements of hundreds of millions of mobile devices overseas, and is also occasionally scooping up location data on U.S. citizens as part of a massive surveillance effort to track foreign intelligence targets.

The reports indicate that the spy agencies sometimes seem a bit overwhelmed with how to sift through all the smartphone app data they are collecting. For example, in 2009, the American and British spy agencies each analyzed a small sliver of their smartphone app databases. Crunching just one month of NSA cellphone data, one secret report said, required 120 computers and turned up 8,615,650 "actors"--apparently "callers of interest," as the Times called them. A similar analysis using three months of British data came up with 24,760,289 actors. "Not necessarily straightforward," the report said of the analysis.

For more:
- see this NYT article
- see this Guardian article
- see this ProPublica article

Related Articles:
Huawei warns of a fractured network gear market following NSA revelations
NSA review panel recommends changes to telephone metadata program
NSA tracking location data on hundreds of millions of cell phones, according to Snowden leak
NSA confirms pilot program that tried to track cell phone location data
Report: NSA can hack into Apple, Google and BlackBerry smartphone data

Suggested Articles

Ligado Networks is still getting push-back, including from the National Telecommunications and Information Administration (NTIA).

Telefonica will source 5G gear from multiple vendors, but has selected Huawei as one supplier for its 5G core network.

One of the tools in 3GPP Release 15 related to the 5G standard is something called Integrated Access and Backhaul (IAB).