If you’re a fan of the Angry Birds game, you may have been spied on, new leaked documents reveal.
The Guardian reported on Monday, based on documents provided by whistleblower Edward Snowden, that the National Security Agency (NSA) and its UK counterpart GCHQ have been developing capabilities to take advantage of "leaky" smartphone apps, such as the wildly popular Angry Birds, that transmit users' private information across the internet.
The data pouring onto communication networks from the new generation of iPhone and Android apps ranges from phone model and screen size to personal details such as age, gender and location, noted the Guardian.
Some apps, the documents state, can share users' most sensitive information. Many smartphone owners will be unaware of the full extent this information is being shared across the internet, and even the most sophisticated would be unlikely to realize that all of it is available for the spy agencies to collect, the report said.
Dozens of classified documents provided by Snowden detail the NSA and GCHQ efforts to piggyback on this commercial data collection for their own purposes.
Scooping up information the apps are sending about their users allows the agencies to collect large quantities of mobile phone data from their existing mass surveillance tools – such as cable taps, or from international mobile networks – rather than solely from hacking into individual mobile handsets.
Exploiting phone information and location is a high-priority effort for the intelligence agencies, as terrorists and other intelligence targets make substantial use of phones in planning and carrying out their activities, for example by using phones as triggering devices in conflict zones.
The NSA has cumulatively spent more than $1 billion in its phone targeting efforts, according to the Guardian.
The disclosures also reveal how much the shift towards smartphone browsing could benefit spy agencies' collection efforts.
One slide from a May 2010 NSA presentation on getting data from smartphones sets out the agency's "perfect scenario": "Target uploading photo to a social media site taken with a mobile device. What can we get?"
The question is answered in the notes to the slide: from that event alone, the agency said it could obtain a "possible image", email selector, phone, buddy lists, and "a host of other social working data as well as location," according to the Guardian.
In practice, most major social media sites, such as Facebook and Twitter, strip photos of identifying location metadata (known as EXIF data) before publication. However, depending on when this is done during upload, such data may still, briefly, be available for collection by the agencies as it travels across the networks.
The agencies reportedly made use of their mobile interception capabilities to collect location information in bulk, from Google and other mapping apps.
One basic effort by GCHQ and the NSA was to build a database geolocating every mobile phone mast in the world – meaning that just by taking tower ID from a handset, location information could be gleaned, the British newspaper reported.
Rovio, the maker of Angry Birds, said it had no knowledge of any NSA or GCHQ programs looking to extract data from its apps users.
"Rovio doesn't have any previous knowledge of this matter, and have not been aware of such activity in 3rd party advertising networks," Saara Bergström, Rovio's VP of marketing and communications, told the Guardian. "Nor do we have any involvement with the organizations you mentioned [NSA and GCHQ]."
The NSA said its phone interception techniques are only used against valid targets, and are subject to stringent legal safeguards.
"The communications of people who are not valid foreign intelligence targets are not of interest to the National Security Agency," said a spokeswoman in a statement quoted by the Guardian.
"Any implication that NSA's foreign intelligence collection is focused on the smartphone or social media communications of everyday Americans is not true. Moreover, NSA does not profile everyday Americans as it carries out its foreign intelligence mission. We collect only those communications that we are authorized by law to collect for valid foreign intelligence and counterintelligence purposes – regardless of the technical means used by the targets,” said the statement.
Snowden’s leaks revealed a global surveillance system of unprecedented proportions, and sparked controversy between the U.S. and foreign leaders that had their privacy breached.
One such diplomatic row was with Germany, whose Chancellor Angela Merkel accused the U.S. of tapping her mobile phone.
Even Israel is not immune from surveillance, as recently leaked Snowden documents showed that the U.S. had been monitoring the email traffic of Israeli officials, including former Prime Minister Ehud Olmert and former Defense Minister Ehud Barak.
It has also been reported that the NSA recorded millions of phone calls in France, including calls involving individuals with no links to terrorism, and that the agency had collected almost 200 million text messages a day from across the globe, using them to extract data including location, contact networks and credit card details.