Pandora App Sends Private Data To Advertisers 198
Trailrunner7 writes "An analysis of the popular free mobile application from online music service Pandora.com that is the subject of a grand jury investigation into loose data privacy practices in the mobile application market confirms that the application silently sends reams of sensitive data to advertisers. The analysis was conducted by application security firm Veracode and found that Pandora's free mobile application for Android phones tracked and submitted a range of data, including the user's gender, geographic location and the unique ID of their phone, according to an entry on Veracode's blog."
As I said last time (Score:5, Informative)
As I said last time [slashdot.org], "I stopped using their app when it wanted access to the system logs. This includes all notifications of pretty much everything going on on your phone. It might help them debug the app, it might help them with advertisers. Who knows. I just knew their app wasn't worth it."
This is potentially a much more massive problem than we have been told.
SELinux type security for Android (Score:5, Informative)
Re:What about iOS version? (Score:4, Informative)
Personally I'm jailbroken and installed the PrivaCy addon, so I *think* I'm being at least somewhat less tracked. Who knows for sure, though?
Re:What's needed (Score:2, Informative)
Is an app that sits between your personal and phone info and all your other apps and controls what data gets presented to each app
You mean, something that keeps each app in something akin to its own "play area". Kind of like a kid's sandbox...
Now only if there was a mobile OS that did that for you [apple.com]. And even better, one that automatically asked you for permission when certain "privacy-related" features, like location services, are accessed by an app for the first time, and gave you an easy-to use way to see if an app had tried to do that in the past 24 hours, and even better, let you change your mind about permissions after you had already installed the app, on a global, or app-by-app basis.
Oh, wait [apple.com]...
Re:As I said last time (Score:4, Informative)
No. Currently an app has a list of permissions it requires. If that list includes something you don't want that app to have access to, the only course of action is to not give the app access to anything (via not installing it). OP would like the ability to look at the list of permissions and, for example, remove Pandora's permission to view notifications and system logs without removing the rest of the permissions for the app.
I suspect that at least part of the reason this isn't easily done is for a few reasons. Obviously, the app makers aren't going to like it, since it will make advertising less effective and has the potential to generate lots of complaints when the apps don't work as advertised. Less obvious is the way apps are encrypted. I believe their permissions form part of the encryption key such that the app cannot run with more (or fewer) permissions than it was originally built for. This forms one of the central and most powerful anti-malware features of Android phones and I suspect they don't want to risk messing about with it more than they have to.
Re:As I said last time (Score:4, Informative)
According to WSJ, who had the an article the other day [wsj.com],
So I can't really see how Apple's system is all that much better. (And no, you don't need to use GPS to send location data, and neither is it used by advertisers.)