Which Apps Expose Your Data to the NSA’s Spying?

Source: Thinkstock

Source: Thinkstock

A recent Pew Research Center report found that some Internet users have changed their use of social networking services, apps, email, and even search engines as a result of former National Security Agency (NSA) contractor Edward Snowden’s 2013 revelations about the government’s pervasive online surveillance. So how does your smartphone — the device that many of us find indispensable in our day-to-day lives — have the potential to expose your personal data and your online activity to government snooping? How does your mobile device protect your anonymity, and how does it leave your communications vulnerable to interception by the NSA and other intelligence agencies?

Which apps are tapped (or asking to be tapped) by the NSA?

Documents leaked by whistleblower Edward Snowden revealed that the NSA and GCHQ exploit not only the location data that our phones share, but all of the data that streams from the apps we use everyday, according to the New York Times. With each new generation of mobile phones, greater amounts of personal data pour onto networks where spies can access it. Among the most valuable of those “unintended intelligence tools” are so-called leaky apps, which share everything from the smartphone identification codes of users to where users have been that day.

The NSA and its British counterpart were working together on how to collect and store data from dozens of smartphone apps as early as 2007, and since then have traded techniques for acquiring location and planning data when a “target” uses Google Maps, and for accessing address books, friends lists, phone logs, and geographic data embedded in photos when someone sends a post to the mobile versions of Facebook, Flickr, LinkedIn, Twitter, and other services.

The agencies also showed particular interest in Google Maps, which is accurate to within a few yards or better, and collected so much data from the app that an NSA report from 2007 claimed that the agencies would “be able to clone Google’s database” of global searches for directions. A British report from 2012 included the code needed to access the profiles generated when Android users play Angry Birds.

But the scale and specifics of the data the agencies collect wasn’t — and still isn’t — clear. The documents showed that the agencies routinely obtained information from apps, particularly those introduced earlier to smartphones. And the personal data collected in profiles by advertising companies offer particularly sensitive details, such as a user’s “political alignment” and sexual orientation. The agencies have long been intercepting earlier forms of cellphone traffic, such as text messages and metadata from nearly every segment of the network. Sometimes, just keeping your phone’s basic software up to date can leave you vulnerable. One leaked report showed that just by updating Android software, a user sent more than 500 lines of data about the phone’s history and use to the network.

How do the ads in your favorite apps leave you vulnerable?

The data that intelligence agencies can collect from your phone’s communications with the network is, in some cases, the same kind of information that helps mobile advertising companies create profiles of people based on how they use their devices, where they travel, and the apps and websites they open. From that information, the firms can triangulate web shopping data and browsing history, and guess whether someone is wealthy or has children.

The NSA and its British counterpart mine this data for new information, and compare it with their lists of intelligence targets. A report noted that the profiles vary by ad company, but most contain a string of characters that identifies the phone, plus basic data like the user’s age, sex, and location. One company’s profile notes whether the user is listening to music or making a call, and another has an entry for household income. And an ad company called Millennial Media creates even more intrusive profiles that include information like ethnicity, marital status, and sexual orientation.

The report explained that the possible categories for marital status include single, married, divorced, engaged and “swinger.” The categories for sexual orientation are straight, gay, bisexual and “not sure,” a category that could either exist because so may phone apps are used by children or because insufficient data may be available for the information to be inferred. There’s also no explanation of how the ad company defines the categories, or whether users volunteer the information or if the company infers it by other means. It also isn’t specified how that information is useful for marketing (0r intelligence).

What other ways can the NSA access your data via your phone?

And it’s not just your favorite apps that are vulnerable; intelligence agencies are exploiting our mobile phones in multiple ways to access our information and communications. As Tech Cheat Sheet recently reported, researchers at the CIA have spent years trying to break the encryption of Apple’s iOS devices, targeting the security keys used to encrypt the data that millions of users store on their devices.

A joint force of operatives from the NSA and Britain’s Government Communications Headquarters demonstrated their ability to successfully implant malware on iPhones as part of WARRIOR PRIDE, a GCHQ framework for accessing private communications. The researchers have also created a modified version of Xcode, the software used by thousands of developers to create apps sold through the App Store, which could plant surveillance backdoors into apps and enable spies to steal passwords or messages or force all apps to send data to a “listening post.”

Most recently, documents revealed that American and British spies have hacked the world’s largest SIM card producers to access the private data of billions of phone users around the world, according to Al Jazeera. Operatives from the National Security Agency (NSA) and its U.K. counterpart Government Communications Headquarters (GCHQ) obtained the encryption keys that protect cell phone privacy, which enables the surveillance of encrypted communications. The operatives reportedly obtained the keys by cyber-stalking employees of Gemalto, a firm that makes the chips used in cellular phones, biometric passports, and next-generation credit cards and whose clients include AT&T, T-Mobile, Verizon, Sprint, and 450 other wireless providers in the world.

Al Jazeera notes that hacking the encryption keys allows the agencies to sidestep the process of getting a warrant or wiretap, and to leave no trace of the surveillance. One secret GCHQ slide boasted that the operatives “believe we have their entire network.” The Verge points out that the stolen SIM keys don’t just give the NSA the power to listen in on calls, but also to plant spyware on any phone at any time.

Apps that use Transport Layer Security (TLS), the same mechanism that forms the secure HTTPS web protocol, enable users to protect themselves from surveillance. TextSecure and Silent Text provide more secure messaging, while Signal, RedPhone, and Silent Phone encrypt voice communications. The agencies may still be able to access those communications, but they would have to hack each specific handset to do so, in a process that would be noticeable to a sophisticated “target.”

Leaked documents show that the NSA tracks the location of mobile phone users around the world by tapping into major telecommunications networks. As The Washington Post reported, the NSA collects locations from mobile devices by monitoring several signals that reveal their location. When mobile devices connect to a cellular network, they announce their presence on one or more registers maintained by network providers. Registration messages include the phone’s location at the level of a city or a country, and at the level of its position based on its distance from a cell tower. Many devices also use WiFi signals, which can locate the device down to the level of a city block. GPS receivers can locate a device with a 100-meter radius, and providers can track phones precisely by triangulating their distance from multiple towers.

More from Tech Cheat Sheet: