As a follow up to the Federal grand jury probe of smartphone apps, it has been discovered that Pandora Radio, a music streaming app, transmits ‘massive quantities’ of user data. Software analysis firm Veracode reports that the app ‘tracked users’ age, sex, zip code and precise geographic location’ as well as the phone’s device ID and user’s birthdate. This information was then sent on to AdMob, AdMarvel, comScore, Google Ads, and Medialets. Veracode’s report focused on the Android version of Pandora Radio, but one can assume the same must be true of the iOS counterpart, as reported by the Wall Street Journal. [cached copy]
Tyler Shields concluded on the company’s blog:
Consider for a moment that your current location is being tracked while you are at your home, office, or significant other’s house. Couple that with your gender and age and then with your geolocated IP address. When all that is placed into a single basket, it’s pretty easy to determine who someone is, what they do for a living, who they associate with, and any number of other traits about them. I don’t know about you, but that feels a little Orwellian to me.
This raises huge privacy issues and Federal prosecutors have legitimate cause for inquiry. It’s easy to forget how powerful the devices are that we carry in our pockets. Apps such as Twitter, Foursquare, Gowalla have always made it very obvious when they are using location data, for example. But this report sheds a glaring light on those apps which are sneakily sharing user data to advertisers. Who would’ve dreamt Pandora was sending all of that data? Can you imagine the amount of data other apps must know about you? Is this all a bunch of FUD or have we finally relegated our privacy to the big app developers? You could just carry around an Enigma machine.
Free ($0) isn’t always free.
[via The Register]