If you are constantly working on the go, you definitely value your breaks. One thing a lot of people like to have with them when they are always on the go is music and no other service is quite as popular as Pandora. Now we all know that the Pandora app sends a ton of personal information to third party developers according to an analysis by Veracode. Well, Veracode decided to do a follow-up on their news that Pandora, as well as a lot of other mobile app makers, was being investigated by a federal grand jury and found that information, such as birth date, gender, Android ID and GPS information, was being sent to a plethora of advertising companies. Pandora recently revealed that they had been subpoenaed by a federal grand jury to produce documents about their user data collection practices on Android and iOS devices. Pandora also stated that they believe the subpoena is part of an industry-wide investigation into popular applications on Android and iOS devices. The Wall Street Journal didn't waste any time following up on this news and reported that the purpose of the investigation is to find out whether or not app makers fully describe to users the kinds of information they obtain from them and exactly why they need it. Veracode decided to dig deeply into the Pandora Android app to see just what data might be transmitted. Veracode's analysis stated that Pandora's app seems to be integrated with five separate ad libraries that included AdMarvel, AdMob, comScore (SecureStudies), Google.Ads and Medialets. Veracode verified that the AdMob library accessed a user's GPS information as well as various other data about the application itself like package name and version info. That is all pretty low level but Veracode said that there are other references which appear to transmit your birthday, gender and postal code. In addition to that, the app also appears to send your Android ID and seems to continually access your GPS location for updates. According to a blog post by Veracode, "The analysis into the remaining libraries resulted in even more of the same.The SecureStudies library accesses the android_id and directly sends a hash of the data to http://b.scorecardresearch.com while the Medialets library accesses the device's GPS location, bearing, altitude, android_id, connection status, network information, device brand, model, release revision and current IP address." Pandora has argued that they need this type of user information in order to continue delivering personalized music streams. However, the analysis from Veracode shows that Pandora is not simply collecting that information for itself. They are also using it for advertising purposes. If the grand jury comes to the same conclusion as Veracode, then Pandora, as well as a whole host of other app makers, could be facing some pretty serious legal difficulties. "Your personal information is being transmitted to advertising agencies in mass quantities," according to Veracode. "In isolation some of this data is uninteresting, but when compiled into a single unifying picture, it can provide significant insight into a person's life... When all that is placed into a single basket, it's pretty easy to determine who someone is, what they do for a living, who they associate with and any number of other traits about them. I don't know about you, but that feels a little Orwellian to me." If all this is true then Pandora and other app makers will have some serious explaining to do. I, for one, do not want any kind of personal information like that being slung around carelessly to advertisers. Who knows, if advertisers can get it that easily, then what stops an identity thief from getting it? Source: ars technica - Pandora sends users' GPS, sex, birthdate, other data to ad servers
No comments:
Post a Comment