US Government Contractor Embedded Software in Apps To Track Phones

A small U.S. company with ties to the U.S. defense and intelligence communities has embedded its software in numerous mobile apps, allowing it to track the movements of hundreds of millions of mobile phones world-wide, The Wall Street Journal reported Friday, citing people familiar with the matter and documents it reviewed. From the report: Anomaly Six, a Virginia-based company founded by two U.S. military veterans with a background in intelligence, said in marketing material it is able to draw location data from more than 500 mobile applications, in part through its own software development kit, or SDK, that is embedded directly in some of the apps. An SDK allows the company to obtain the phone's location if consumers have allowed the app containing the software to access the phone's GPS coordinates. App publishers often allow third-party companies, for a fee, to insert SDKs into their apps. The SDK maker then sells the consumer data harvested from the app, and the app publisher gets a chunk of revenue. But consumers have no way to know whether SDKs are embedded in apps; most privacy policies don't disclose that information.

Anomaly Six says it embeds its own SDK in some apps, and in other cases gets location data from other partners. Anomaly Six is a federal contractor that provides global-location-data products to branches of the U.S. government and private-sector clients. The company told The Wall Street Journal it restricts the sale of U.S. mobile phone movement data only to nongovernmental, private-sector clients. Numerous agencies of the U.S. government have concluded that mobile data acquired by federal agencies from advertising is lawful. Several law-enforcement agencies are using such data for criminal-law enforcement, the Journal has reported, while numerous U.S. military and intelligence agencies also acquire this kind of data.

Bad article is Bad

[bobstreo]

Shouldn't there be a nice text list of Apps that are affected somewhere either in the summary, the article or wherever?

Re:

[omnichad]

Don't blame the article. The company is holding that info as proprietary and only using the 500 number in their marketing. Unless you're taking apart apps and looking for library files, you won't know. Google could probably figure it out easily enough - if they wanted to draw attention to it.

Re:

[_Sharp'r_]

Does the author of the article even know what an SDK is? It doesn't sound like it...

Re:

[Bloke down the pub]

That would be a violation of privacy! Corporations are people too.

Re:

[AmiMoJo]

Only solution is to ban all American apps. The GOP has its fingers in everything, companies aren't allowed to refuse to cooperate, if they do they just get hacked and "investigated" for "bias".

Re:

[Train0987]

The GOP huh? This just started in the past 3 years and never, ever happened during Obama's 8 years in office, right?

Re:

[DontBeAMoran]

"The Republican Party, also referred to as the GOP..."

How does "RP" turns into "GOP"? Fucking magic?

Re:

[TigerPlish]

Only solution is to ban all American apps. The GOP has its fingers in everything, companies aren't allowed to refuse to cooperate, if they do they just get hacked and "investigated" for "bias".

WTF... no where in TFA or TFS were any political parties mentioned.

If anything, the Democrats are the one that has their filthy Marxist tentacles in everything, especially Big Tech And if you *dare* speak against them, you get fact-checked, silenced, banned, doxed, called a Nazi and a "white supremacist"

Somehow you're seeing everything inverted, like in some Orwellian nightmare. You seem to think right is wrong, up is down, good is bad or something.

*and* your screed got a +5 insightful, on top of it being

Re:

[HiThere]

The Republicans have been in power for 4 years, and in total control for 2 of them. So they get blamed for whatever's going on. It's also true that when the Democrats are in power, they get blamed. And when the power is split between the parties, they both get blamed. There's plenty of blame to go around.

FWIW, any group that supports the CIA, and, to a large extent, the FBI, deserves a lot of the blame. There is no *effective* oversight. Most of the oversight is rubber stamp, and most of the rest is i

Re:

[AmiMoJo]

Fact checking, how awful.

Re:

[gweihir]

Indeed. Looks like this "China bad!" stuff is just an act of misdirection. Or rather "US worse!" needs to be added. That said, I have no apps on my phone. I have a 2nd, usually off phone for some apps I need to log-in to work. I trust this "app" thing even less than I trust Win10, and that is saying something.

Assuming this includes Android.

[msauve]

Then, it just point once more to Google's idiocy. In order to connect via Bluetooth or WiFi, you have to grant an app location permissions, which means GNSS comes along for the ride.

Re:

[timeOday]

I think very little has been accomplished the permissions mechanism. Most apps require lots of permissions, and there are so many ways to infer the phone's approximate location, and the whole idea of granting permission to one app but not others is belied by the healthy unseen marketplace of reselling the information anyways.

Re:Assuming this includes Android.

[Solandri]

??? I have lots of apps on my Android phone which can access the Internet over WiFi just fine even though their per-app location permission is set to denied. There's also a global setting where I can have the phone determine location via:

• GPS, WiFi, and Bluetooth
• just WiFi and Bluetooth
• just GPS
• or turn off location entirely (I believe 911 service can still get your GPS location)

I just tried turning off location entirely, and Firefox still works and can browse the web. Location-dependent apps like Maps of course stop working when you do this. Along with a few apps which you wouldn't expect to need location (like Netflix which needs it to comply with licensing conditions - Netflix is only allowed to stream certain movies to you in certain countries). But aside from those, I've never had a problem denying location permission to the vast majority of my apps.

Re:

[HiThere]

Is there any reason to believe that you've actually turned off location rather than just hid it? IIUC, the most accurate location is done usually via triangulation based on cell tower signal, not GPS. And you CAN'T turn off cell tower signal monitoring and still have a working phone.

Re:

[msauve]

"I have lots of apps on my Android phone which can access the Internet over WiFi just fine even though their per-app location permission is set to denied."

Welcome to two years ago, and Android 8!

Re: Assuming this includes Android.

[NateFromMich]

Why would anyone expect that disabling location on Android would break their WiFi connection? Obviously you can still get a rough estimate of location just from the IP address, and if you're someone like Google, you probably already know where the access point is located. The paranoid would be wise to being using a proxy of some sort.

When did this happen?

[Bloke down the pub]

When did this happen? I need to know so I can respond "This is outrageous and unconstitutional" or "If you have nothing to hide you have nothing to fear".

This needs to be illegal

[lessSockMorePuppet]

Claiming ownership of someone else's personally identifiable information should be illegal.

Any license or transferral of ownership of content created by another person, to a business, should require that that business enter into a contract, complete with consideration starting at the prevailing rates paid to the largest media producers.

Some lawyer can work out how to refine that idea to carve out an exemption for public domain and open source. It's just the basic idea.

Great

[pele]

So anomaly six is ok but tiktok isn't? Nice.

Re:

[hackingbear]

Are you new to this country [bbc.com]?

Wait...

[Waffle Iron]

I thought we were banning Chinese-owned apps because of this exact kind of chicanery.

Re:

[HiThere]

The difference is that this is known to happen, but with, e.g., Tiktok it hasn't been demonstrated.

Re:

[gweihir]

It is only a problem is _they_ do it. As long as it is your own government spying on you, that must be ok, right? Even says there this is "lawful", in the article.

Anomaly Six

[fahrbot-bot]

Anomaly Six makes me think of SD-6 [wikipedia.org] and it doesn't make me feel good.

Also, what the hell?

App publishers often allow third-party companies, for a fee, to insert SDKs into their apps.

You use someone else's code because you need to, not because they want you to. Sounds like money before principles... or

"‘Money before people.' That’s the company motto - engraved right there on the lobby floor. It just looks more heroic in Latin."
-- Veronica Palmer (Portia de Rossi), “Racial Sensitivity,” Better Off Ted: S1, Ep4

Re:

[DontBeAMoran]

I wish Netflix would buy the rights of Better Off Ted and start making new episodes, even as a reboot if needed. Remember the Veridian Dynamics ad "Friendship [youtube.com]"?

Re:

[fahrbot-bot]

I wish Netflix would buy the rights of Better Off Ted and start making new episodes, even as a reboot if needed. Remember the Veridian Dynamics ad "Friendship [youtube.com]"?

All those Veridian Dynamics ads were hilarious. You know "they" have a website: http://www.veridian-dynamics.o... [veridian-dynamics.org]

Re:

[DontBeAMoran]

JABBERWOCKY
The game is changing. Right now. Coming 2021-08-08.

Wait, so not only is that website still online, they have something coming up next year? Or is that a fake "Coming YYYY-MM-DD" that always displays a date Z days in the future?

And Chinese apps are the threat?

[Chadster]

Why no ban on these apps?

"Lawful" != right, decent, proper, acceptable

[gweihir]

Immoral scum in power will find a way to make anything they want to do "lawful". Same old crap, again and again. Anybody competent needs to regard these people and their sponsors as the enemy. More specifically, the US is an ATP to the rest of the world and probably has been one for quite a while.