Forgot your password?
typodupeerror
Privacy Music Your Rights Online

Pandora App Sends Private Data To Advertisers 198

Posted by CmdrTaco
from the of-course-it-does dept.
Trailrunner7 writes "An analysis of the popular free mobile application from online music service Pandora.com that is the subject of a grand jury investigation into loose data privacy practices in the mobile application market confirms that the application silently sends reams of sensitive data to advertisers. The analysis was conducted by application security firm Veracode and found that Pandora's free mobile application for Android phones tracked and submitted a range of data, including the user's gender, geographic location and the unique ID of their phone, according to an entry on Veracode's blog."
This discussion has been archived. No new comments can be posted.

Pandora App Sends Private Data To Advertisers

Comments Filter:
  • As I said last time (Score:5, Informative)

    by Anonymous Coward on Thursday April 07, 2011 @08:51AM (#35743498)

    As I said last time [slashdot.org], "I stopped using their app when it wanted access to the system logs. This includes all notifications of pretty much everything going on on your phone. It might help them debug the app, it might help them with advertisers. Who knows. I just knew their app wasn't worth it."

    This is potentially a much more massive problem than we have been told.

    • by Creepy (93888)

      I stopped at the user agreement, which had something like "address book access"... - why the @*%& does a music app need access to my address book? And the conclusion I came to was "so it can steal all of the email addys in there and sell them to spammers." This is hardly the first app I've nixed for wanting way more access than I was willing to give it.

      • by Gutboy (587531) on Thursday April 07, 2011 @10:11AM (#35744296)
        Google needs to allow you to authorize specific permissions for apps, not their current 'all or nothing' system. This way you could say "Yes, you can have my position because I believe a GPS mapping system needs that, but no you can't have my address book, since a GPS system doesn't need that". Sure it would screw advertisers over, but I don't care about them. Not everything in the world needs to have advertising on it.
        • Here's why that is flawed about this: a GPS system would need an address book - what if you want directions to someone in your address book? People also ask why GPS program would need access to the dialer? Remember that funny iPhone ad where they use google maps to find Sushi in SanFrancisco and then *call* the place up?

          All that setting would do for the app maker is generate an angry call/comment from some idiot end user who didn't click on that permission... I agree it would be a cool tool for power users

        • by IICV (652597)

          You know, I was about to post "there's no way that could work, it would make developing for the Android too difficult if the user can arbitrarily lock you out of the phone's features".

          But then I realized that there's a very simple solution: if the user denies access, just give the app dummy data. Deny access to my GPS co-ords? Well then, whenever the app asks for location data it's told we're at the North Pole. Deny access to contacts? The app is told you only have one contact, whose name is "access denied"

          • Any well written app already has to be able to deal with the permissions they request not being available, for instance if a user has GPS turned off, is out of network range, has no contacts stored on their phone, etc... If the app doesn't crash when I go into airplane mode then it wouldn't have a problem if I disabled its network permission.

            • by IICV (652597)

              Any well written app...

              Well, that's your problem right there, now isn't it? This change would not only affect apps written in the future, but would have to be backwards compatible with well-written apps from the past that are simply no longer updated.

              Pointers to dummy, blank information is better than null pointers any day.

              • No, I mean the change wouldn't have to affect anything. Apps that don't currently break during regular usage would not break with this change, because any blocked permissions could be implemented to look like situations the app already has to deal with.

      • by Coren22 (1625475)

        http://blog.pandora.com/faq/contents/1643.html [pandora.com]

        I guess they lie in their FAQ, but they do explain why they need that access.

    • by gothzilla (676407)

      I went to check this out and found that their privacy policy said all this could be controlled through my privacy settings. It took a bit to find them, but when I did find the link (http://www.pandora.com/privacysettings) It said:

      Server Error

      We're sorry, there has been an unexpected error with our server.

      Please try again, or visit the Pandora Home Page

  • Wait a minute... (Score:5, Insightful)

    by Nidi62 (1525137) on Thursday April 07, 2011 @08:56AM (#35743554)
    So, you mean all those ads at the bottom of the Pandora app that were specific to my home town wasn't just a random coincidence? How is it taking these things "silently" when it tells you exactly what you are giving it access too? Obviously, knowing where you live has no bearing on the type of music it's going to play. What else did people think this was going to be used for?
    • The only ads I ever got on Pandora before paying were those "cheap vacations for students" ads over and over and over again. Nothing localized/individualized at all.

      • by Creepy (93888)

        On android I believe it asked for GPS access, which is another reason I didn't install it (and I only made it through the top maybe 10 entries of access rights it wanted before I said no-way, no-how is this going on my phone). Since mobile phones aren't tied to location like land lines, it is more reliable to use GPS location than area code. Anyhow, if you didn't have a GPS or if your GPS was turned off it may have defaulted back to generic ads.

        • Anyhow, if you didn't have a GPS or if your GPS was turned off it may have defaulted back to generic ads.

          Yes.

          When I have GPS off I get generic ads. When I have it on I get location specific ads. This is really amusing for me because the only time I let GPS run is when I'm driving and need Navigation, so while the ads might be localized they are most definitely not relevant.

        • by MrHanky (141717)

          Anyhow, if you didn't have a GPS or if your GPS was turned off it may have defaulted back to generic ads.

          No. The phone can get coarser location data from wireless and mobile networks. But you can turn off that kind of location data as well. With both of them off, I always wondered why Angry Birds used to advertise for bicycles in Atlanta, Georgia, considering I really need a bicycle somewhere in Norway, but apparently some ad servers can guess your location from which DNS server you use, and I used Google's DNS on my local network at the time.

    • by Simulant (528590)

      So, you mean all those ads at the bottom of the Pandora app that were specific to my home town wasn't just a random coincidence? How is it taking these things "silently" when it tells you exactly what you are giving it access too? Obviously, knowing where you live has no bearing on the type of music it's going to play. What else did people think this was going to be used for?

      Until I changed my zip code on my Pandora account the day, I was getting Silicon Valley ads despite having moved to the east coast two years ago. So... actual phone location IS NOT being used for the ads, on my phone at least. Which begs the question... What are they using it for?

  • by alen (225700) on Thursday April 07, 2011 @09:02AM (#35743596)

    seriously, what do you expect from a free app that streams licensed music that they had to pay for? a bunch of ads no one clicks on?

    this is how google makes money, metrics. everyone is doing it as well.

    • by Machtyn (759119)
      Even though those ads might be targeted towards my general location, it is still a bunch of ads I don't click on. Seriously, the phone turns off its display, I listen to the music, I don't watch the phone. I don't even mind the advertising that comes on between music, because it's not that often and I realize they have to pay for their service somehow.

      It is getting a little annoying though. I thought I would be safe from those highly annoying Kia radio spots while listening to streaming music. I found o
    • by Snaller (147050)

      That there are a lot of amoral criminals doesn't mean it isn't wrong.

    • seriously, what do you expect from a free app that streams licensed music that they had to pay for? a bunch of ads no one clicks on?

      this is how google makes money, metrics. everyone is doing it as well.

      I expect it to act the same as the Free PC version on the Web. Advertising is fine. you DO NOT need access to my system logs, contact list, GPS position. Your website got along just fine without that data, so can your android app. I also expect that since I paid for a Pandora subscription on the PC that I should have access to an android version without advertising.

  • Wondering if I should uninstall their app from my iPhone.

    • Re: (Score:2, Insightful)

      by Anonymous Coward

      You should also uninstall the internet, because almost all ads use targeting. This story is pointless.

      • You should also uninstall the internet, because almost all ads use targeting. This story is pointless.

        Yes, but Google does not know my gender, or everyplace I go all day. Smart phones are nice, but things like this could actually kill the market. For the most part, they are still an emotional impulse buy. If that emotion becomes fear and disgust for too many people...

    • by DanTheManMS (1039636) on Thursday April 07, 2011 @10:12AM (#35744308)
      The iOS version of Pandora uses an ad framework called "Medialets" or at least it did as of an update in January 2010. Medialets is known to track exactly this kind of data (phone ID, physical location, etc). When I made a comment on their blog at the time, their response was essentially "Everyone else is doing it so it's okay."

      Personally I'm jailbroken and installed the PrivaCy addon, so I *think* I'm being at least somewhat less tracked. Who knows for sure, though?
  • Now he's listening to Nirvana...now he's listenning to David Bowie...now he's listening to Twisted Sist- oh wait he skipped that one.
    • I think I finally beat the Pandora algorithms when I started getting Elton John and Kid Rock on the same station.
  • The big problem here is that whenever you install any application, you're technically giving the designers virtually free reign to do whatever they like with your system/PC/phone/whatever.

    Once permitted in, most commercial applications barge into your PC, rewrite whatever files they please, alter configuration settings, gobble up memory, install themselves as startup applications and often install an entire suite of unwanted applications and advertisements you didn't even ask for. Then they plonk themselves down in your living room, feet on the sofa, and begin to shout at you, along with all the dozens of other loudmouth applications you've invited in.

    • by Haedrian (1676506)

      Android has a list of 'permissions' which you must give an application access to before it can use them. Unfortuantly its an 'all or nothing', sort of thing, so you either accept them all and install it, or deny them all and don't install it.

      It does not give the designers 'free reign' to whatever they want. So if you accepted that an app gets access to logs, to your location, to your phone ID, then its your fault and you only have yourself to blame. Granted, its a legit app, if it was a virus that's differe

      • by Sloppy (14984)

        It sounds like what Android needs, is an Android emulator. Let apps access everything they want to, but how reliable is the information that it'll get them?

        If Pandora really wants to know that I happen to spend 183 days a year at the south pole and then sudden travel north at 18000MPH on the first day of autumn, and that my best friend's email address is abuse@spamhouse.org, I say let them know these things.

    • And people ask why I still have a dumb phone...
    • by tukang (1209392)
      Exactly, security is one of the key reasons why web applications have become so popular on the desktop and I think we'll see a similar movement away from live in apps to web apps on smartphones. I never understood why people would install a live in app for Amazon or the NYTimes on their phone when they could just visit the website versions (which work much better by the way). Imagine installing binaries on your desktop for every e-commerce or news site you used - you're bound to get screwed.
    • by npsimons (32752) *

      Once permitted in, most commercial applications barge into your PC, rewrite whatever files they please, alter configuration settings, gobble up memory, install themselves as startup applications and often install an entire suite of unwanted applications and advertisements you didn't even ask for. Then they plonk themselves down in your living room, feet on the sofa, and begin to shout at you, along with all the dozens of other loudmouth applications you've invited in.

      Two things:

      1. This is *precisely* why open
  • by Bocaj (84920) on Thursday April 07, 2011 @09:09AM (#35743672) Homepage
    Google needs to change the security model to allow finer grained access and more information to users about how much information that access allows. I should be able to install an application that wants access to my contacts but choose to deny that access with a warning that it may affect the functionality of the app. There should be more detail information on just what information an application can get hold of with that access. I think using the SELinux model of security in the kernel would be a good idea. If I don't grant an application process rights to certain files, it can't get access no matter what.
    • This is too complex. Here is an alternative solution:Don't install apps which require permissions you don't agree with.

      If I see an app which is nothing to do with my phone book, or messaging, or system settings, and it requests those permissions, the app is not installed.
      • They seem to all add this stuff in lockstep though, so there doesn't seem to be a way to vote with your feet on some things short of the nuclear option. If the advertising networks demand it, you're not really going to get some app deciding to buck the trend to get more downloads if it means they lose all their ads. There are so many monopolies, duopolies, and cartels (RIAA/MPAA) upstream of the consumer these days that competitive pressures aren't doing what they should.
        • by Sloppy (14984)

          The way to win is to give them all the permissions that they demand, but have the things they access which you don't want them to, be unreal. Don't say no to them; jam them.

        • There's a reason for me not having Angry Birds on my Android phone. Not the same reason being discussed here, but it does involve advertising. I did enjoy the game, but I can do without very easily.

          It's down to the user taking a stand, but they're all too self absorbed in eating that damn marsh mallow that the rest of us get it shoved down our necks, and no option to wait for two later on.
          • I would consider "I won't use an app with ads" an unreasonable requirement, but it's obviously something that you're passionate about so I'll say to each his own. The problem is that if 99% of the market doesn't feel the same way that you do, then it's likely that you might not be able to find a single app in a category that fits your needs. Angry Birds has about a billion competitors though, so I think that's something different than what I'm talking about.

            My problem is when I see apps like this [android.com] or this [android.com]

    • by Digicrat (973598)

      That was my thought the first time I downloaded an app from the android marketplace to. It lists all of the permissions an application is requesting, but your only option is allow-all or don't install. I should be able to install a given app but tell it, no I don't want it to use the internet (if it's ad-supported, the app can then choose not to work), or deny the ability for an app to get anything but the coarsest location data (a weather applet doesn't need to know that I'm at the intersection of Fake S

    • by Snaller (147050)

      Yes, THIS is a real problem with android, not all that faux "fragmentation" rubbish the supposed journalists go on about.

    • by Lehk228 (705449)
      Blackberry OS already does this with an option for approve/deny/prompt so you can allow, for example, gps when you want location based functions but not give the app the ability to track you at all times
  • Not just android (Score:5, Interesting)

    by ender- (42944) <doubletwist@fear ... in.net minus cat> on Thursday April 07, 2011 @09:09AM (#35743676) Homepage Journal

    The actual Vericode post [veracode.com] says it's both the iPhone and Android versions. I'm not sure why the article linked in the summary [and thus the summary] only mentions the Android version.

    I wonder then, does the web browser interface do something similar, minus the GPS info of course? What about the Pandora One desktop app?

    • The actual Vericode post [veracode.com] says it's both the iPhone and Android versions. I'm not sure why the article linked in the summary [and thus the summary] only mentions the Android version.

      I wonder then, does the web browser interface do something similar, minus the GPS info of course? What about the Pandora One desktop app?

      There are specs for getting geolocation information [w3.org] via JavaScript, so possibly. However, your browseri s supposed to ask your permission prior. This also doesn't preclude other Pandora components, such as Flash, which may have their own API [adobe.com].

      That said, am I the only one who just doesn't care? This company is providing bandwidth and fronting music industry negotiations in order to deliver a useful and valuable service to me for free. As per the implicit (and explicit) contract with almost every modern free s

      • by k_187 (61692)

        That said, am I the only one who just doesn't care? This company is providing bandwidth and fronting music industry negotiations in order to deliver a useful and valuable service to me for free. As per the implicit (and explicit) contract with almost every modern free service, it's a willing exchange of information, and I'm perfectly willing to trade my phone ID and location for this service (for now).

        It would be nice, though, if there was an Android requirement that each application disclosed exactly what data it was collecting, and for what purpose, in order to be included in the Marketplace.

        Personally, I don't think its the end of the world. its a free app and you should expect to be giving away at least some of your information in exchange. However, they should be up front about what they're taking, which if I've read the article correctly, they aren't.

    • I was about to reply that I found it "very suspicious that the article omits ios... " then I reliezed your article doesn't either. It just includes a quote from another article; http://online.wsj.com/article/SB10001424052748703806304576242923804770968.html [wsj.com] which explains why there were looking, not what they looked at. The iOS version simply was not examined for this test. Most likly because an iOS app is not privileged to the pivata data in question. That whole walled garden thing.
    • Was someone under the impression that any of this was a secret?

      One need only look at the privacy policy to figure this out: http://www.pandora.com/privacy/ [pandora.com]

      Information about your computer or device: We may also collect information about the computer, mobile or other devices you use to access and listen to the Service. For example, our servers receive and record information about your computer and browser, including potentially your IP address, browser type, and other software or hardware information. If

  • Pandora got caught. Getting caught is the anomaly. And people will never learn that there is no privacy on a networked computer

    • Just because everyone is doing it doesn't make it right - or legal.
    • ...people will never learn that there is no privacy on a networked computer running proprietary software or on proprietary networks.

      FTFY. Those of us who use FOSS are the only people who have a shot at actual privacy. Note, I say "we have a shot". You can still make thousands of tiny mistakes that will screw it up. The cell providers are another story, there's no privacy for anyone on the proprietary networks available.

      • ...people will never learn that there is no privacy on a networked computer running proprietary software or on proprietary networks.

        FTFY. Those of us who use FOSS are the only people who have a shot at actual privacy. Note, I say "we have a shot". You can still make thousands of tiny mistakes that will screw it up. The cell providers are another story, there's no privacy for anyone on the proprietary networks available.

        I was gonna say... There is privacy on mine. But it takes a lot of work.

    • there's no privacy with an open window either. that still doesn't mean i'm not going after the guy standing outside writing things down in a notebook. just because you can't lock things down technologically doesn't mean you have no basis for going after bad behavior. bad behavior is bad behavior is bad behavior. "because i can" is not a justification or excuse in any morality i know of, nor is it a reason to tell someone who has been violated that it is their fault

      if i put a $20 bill on my front porch, yes,

  • by ub3r n3u7r4l1st (1388939) on Thursday April 07, 2011 @09:21AM (#35743792)

    Despite the suit, recent SEC filing [sec.gov] suggest eveything pointing up:

            * Revenue skyrocketed from $55,189,000 in FY2010 to $137,764,000 in FY2011.
            * Advertising revenue rose from $50,147,000 in FY2010 to $119,333,000 in FY2011.
            * Subscription and "other" revenue increased from $5,042,000 in FY2010 to $18,431,000 in FY2011.
            * Despite rising content acquisition costs (up from $32,946,000 to $69,357,000 between FY2010 and 2011), Pandora's loss narrowed from $15,549,000 in FY2010 to $321,000 in FY2011.

    Despite strong competition such as Sirius XM radio and even Apple to that regard, I wouldn't worry much.

    • The other interesting thing about those figures is that it shows how much advertising revenue is compared to subscription and "other". It does rather show who Pandora is likely to favor in an argument.

  • by Hoi Polloi (522990) on Thursday April 07, 2011 @09:27AM (#35743860) Journal

    Gender, location, phone? It is clear what the people at Pandora are doing, trying to get dates.

  • by DigiShaman (671371) on Thursday April 07, 2011 @09:28AM (#35743870) Homepage

    Honestly, I wouldn't mind them doing this if they had been clear and upfront with their intentions. Something along the lines of...

    "We will provide you a free service in exchange for client usage statistics. This information will be shared with 3rd party marketing firms"

    It's not so much what they do with this information in so much that I no longer feel safe reading this first time on Slashdot. How can I trust them now? I can never trust a sneaky bastard. Because of their lack of disclosure, Pandora just got uninstalled from my Droid.

    • by andrewd18 (989408)
      If you're willing to assume that all companies are going to keep your data safe, you're awfully naive. Whether or not they should is one thing... whether or not they will is another.

      Besides, it's not like you couldn't have seen this coming. When you install the app to your Android phone, you get the following screen:

      This application has access to the following:
      * Network communication (create Bluetooth connections, full Internet access, view network state, view Wi-Fi state)
      * Your personal information (add or modify calendar events and send email to guests, read contact data)
      * Phone calls (read phone state and identity)
      * System tools (Bluetooth administration, change network connectivity, change Wi-Fi state, modify global system settings, prevent phone from sleeping, automatically start at boot)

      If that doesn't scream "We are going to take data about you and sell it", I don't know what does.

    • If it bothers you that much, fork out the 36$/year for Pandora One and avoid advertising altogether. I mean, 36$/year is pretty cheap for unlimited music streaming to our phone in comparison to buying the songs individually.

      It's not like Pandora forced you into taking their free, ad-based service, since they offer a paid, ad-free version. Targeted ads are the new definition of ad-based nowadays anyways. Just look at Facebook.
      • And I should trust them now? How do I know they're not double dipping into my wallet AND selling my usage stats to a 3rd party?

        Trust. A concept that's very hard to earn, and easy to lose. They've lost mine.

        • "We use the information that we collect and you provide about yourself to personalize your PANDORA&#174; internet radio experience through ads and social networking features."

          Right there in the Privacy Policy that you didn't read. http://www.pandora.com/privacy

          They never lied to your or tried to hide anything. They tell you they collect information from you to customize ads and give that information to a third party. What more do you want to know?
    • Really? this [pandora.com] wasn't clear and upfront enough?
  • by fuzzyfuzzyfungus (1223518) on Thursday April 07, 2011 @09:44AM (#35744044) Journal
    Only the mobile phone carriers should be allowed to collect large, but unknown, piles of personal information silently and without oversight! It is an outrage that others would dare to step onto the rightful domain of these oh-so-helpful surveillance buddies.

    On a more serious note: What I would really like to see in Android(and other mobile operating systems; but a 3rd party build of Android is pretty much the only one where this would ever see the light of day on any hardware that isn't a laptop-size dev board...) is a supplement to the existing system of granular access-request application permissions:

    Spoofing.

    At present, you can see what permissions an application demands(perhaps not at quite the level of granularity that would be ideal; but the concept is good, and refinements aren't fundamentally challenging); but you have no way of pushing back against an application that seems a bit uppity, other than refusing it. What would be ideal would be a way of setting up multiple instances of the various Android content providers [android.com]. One set of instances would be the 'real' one, populated with actual system data(address book, location, etc, etc.) Other instances would be various flavors of 'fake', either generated by applying an overlay filter to the real ones(ie. I might want to give an application that uses location data access to 'location data, but truncated to ~city level accuracy', which would be a content provider generated by a simple mathematical operation against the genuine content provider for location data), or auto-generated to look plausible; but be completely unrelated to the truth(ie. an 'address book' consisting of a simple dump of 47 name/number pairs from a phone book). This would allow you to push back against applications that demand more than they need to know; by allowing you to fulfil their architectural 'requirements'; but choose for yourself which are actually necessary for what you want to do(if you want a navigation app to work, you do need to give it your real location. If you just want dining recommendations, you may only feel the need to give it city-level accuracy, and feel no need whatsoever to give over your real address book for 'social dining integration'...)

    Such a system would have additional benefits: it would make tasks like separating work/personal(or personal/er... 'extracurricular' if that is your style) architecturally clean and much lighter-weight than virtualization. You could have multiple true address books, say, one accurately reporting your personal contacts, and one accurately reporting your work contacts, and you could point twitfrienddroidfeed at the first and seriouscorporatemail at the second.
    • by wumpus188 (657540)

      You are asking an advertising company that developed Android to provide API to subvert advertising? Good luck with that...

      • "but a 3rd party build of Android is pretty much the only one where this would ever see the light of day"

        I don't think for a second that our Google overlords would touch this idea with a ten foot pole(unless they adopted some variant of the data URI namespacing to add features that corporate customers wanted, to compete with the full hardware-virtualization stuff that Vmware is proposing, and only for that purpose).

        Android, though, is the only current candidate where a reasonable percentage of mass-ma
    • Just for the sake of clarity, having thought about it a bit more(post in haste, repent at leisure...), what I'm proposing would, basically, be a sort of "data chroot".

      There would be the host android system, with one or more optional "data chroot" containers underneath. For the convenience of the host system, each would simply be a 'subdomain' of the primary URIs; but(as with a chroot for filesystems) programs within the chroot would see the data URIs exposed to it as originating from the root URI.

      All
  • the you, the user of that service, are the product.

  • a/s/l????

  • I've read the articles and seen what they are sending, and I don't care. With Pandora, I get all my music for free, and I'm willing to trade some info for that.

    I remain curious as to how Android knows my gender, however. Sure, you could guess from my name, but I'm pretty sure there isn't a checkbox for "sex" anywhere in my phone config. Regardless, it wasn't a secret anyway. :)

    Necron69

  • I'm curious if paying subscribers are also having their privacy raped by Pandora. Most likely, but it would be nice if they didn't.

  • OK, time to sue. We need to not just spank these guys with a nice hefty fine which will go towards keeping our incompetent government officials being paid for doing what they don't do, we need to sue these guys and actually put them out of biz. If I was to sneak into your house and copy information from papers on your desk, I'd be in jail. You know whats going to happen here? Nothing. Just like every other fkng internet crime by a company or corporation. They just offset the cost of the fine and roll it out
  • Weren't these the same plucky underdogs who begged right-thinking, savvy freedom lovers to come to their defense against the evil MAFIAA trying to shut them down though usurious fees? And this is their reward? Thanks for nothing (and all the ads).

I have not yet begun to byte!

Working...