Using Mobile phone apps to scoop user data by NSA and GCHQ

Washington, 27 Jan, 2014 (AFP): The US National Security Agency and its UK counterpart, GCHQ, have the ability to harvest sensitive personal data from phone apps that transmit users’ data across the web, such as the extremely popular Angry Birds game. The data that the spy agencies can acquire from iPhone and Android apps ranges from the screen size and model of the phone to personal details such as age, gender, and location. But it doesn’t stop there – the organizations can also determine a user’s sexual orientation and whether he or she is a swinger.

Using Mobile phone apps to scoop user data by NSA and GCHQ

Using Mobile phone apps to scoop user data by NSA and GCHQ
image credit: AFP
The information – which was revealed in dozens of top secret documents provided by whistleblower Edward Snowden – was reported by the Guardian, in partnership with The New York Times and ProPublica.  Even the most sophisticated of smartphone users are unlikely to realize the vast amount of material that is available for spy agencies to collect. Scooping up data from apps allows the agencies to gather large quantities of mobile phone data from their existing mass surveillance tools rather than hacking into individual mobile handsets.

Tapping into phone information is a high priority effort for the agencies, as terrorists and other intelligence targets often use mobile phones to plan illegal activities.  Many terrorists also use phones as triggering devices for improvised explosives in conflict zones. As a result, the NSA has spent more than $1 billion on phone targeting efforts. The agencies have also made use of their mobile interception capabilities, collecting location data from Google and other mapping apps.

One effort by GCHQ and the NSA consists of a database that geolocates every mobile phone mast in the world. This allows the agencies to gather the mast ID used with any handset, thus giving them a rough location for a particular phone.

Satellite dishes are seen at GCHQ's outpost at Bude, close to where trans-Atlantic fibre-optic cables come ashore in Cornwall, southwest England (Reuters / Kieran Doherty)

Satellite dishes are seen at GCHQ’s outpost at Bude, close to where trans-Atlantic fibre-optic cables come ashore in Cornwall, southwest England (Reuters / Kieran Doherty)

A more sophisticated effort collects location information by intercepting Google map queries from smartphones. It was deemed to be so successful that GCHQ noted in a 2008 document that it “effectively means that anyone using Google maps on a smartphone is working in support of a GCHQ system.” The latest disclosures add to the public’s concern about how spy agencies and the technology sector use information, particularly outside the US where people have fewer privacy protections than Americans. However, the NSA says it only deploys its capabilities against “valid foreign intelligence agencies” and does not target Americans.

The Washington Post reported in December that the NSA was making use of ‘cookies’ – an online tool which allows internet advertisers to track consumers. The report said that cookies, along with location data, were being used by the agency to “pinpoint targets for government hacking” and “bolster surveillance.” Although cookies provide much vaguer information than what is available through phone apps, a 2010 GCHQ document reveals that they have become extremely important to intelligence agencies. But it’s the actual phone handset that remains of paramount importance. GCHQ’s tools against smartphones are named after characters in ‘The Smurfs’ cartoon. The ability to make a phone’s microphone ‘hot’ – in order to listen to conversations – is known as “Nosey Smurf.” The sophisticated geolocation ability is called “Tracker Smurf.” Power management – the ability to activate a phone that is turned off – is known as “Dreamy Smurf.” The spyware’s self-hiding capabilities are called “Paranoid Smurf.”