When you download and activate one of those free mobile applications, do you stop to consider if it uses any of your personal info that you don’t want them to have? Areport from Veracode, a security firm that did an analysis, that the Pandora Android application tracks and shares a user’s gender, GPS info and device’s unique ID with advertisers.
The application may actually collect much more personal data than customers even know and share it with third party businesses. The report comes after Pandora and some other mobile application vendors had been given federal grand jury subpoenas concerning the way they shared their data with other places.
New Jersey federal prosecutors were looking into whether or not mobile application sellers are holding on to and giving out user’s personal data illegally. When 101 mobile applications were tested, it was found that more than half of them sent the phone’s unique device identifier to other businesses without the phone owner even knowing it had happened. About half gave out the phone’s location and five of them gave out the owner’s age, sex, and additional personal data. It was noted that there were no privacy policies on 45 of the applications that were tested, so nothing illegal was done. It just proves that users should be reading the small print before they blindly use mobile applications.
Pandora, which is a free music service, was one of several companies subpoenaed by the federal grand jury to produce documents associated with how the company collected and shared user data on its iPhone and Android applications.
Veracode studied Pandora’s Android application and discovered five advertisement libraries built into the application, including AdMarvel, AdMob, comScore, Google.Ads and Medialets. They then looked closed at each one to see just what data was being gathered.
It was found that the AdMob library sent a phone owner’s birthday, gender, ZIP code and GPS location. In fact, it sent the GPS location on a continuous basis, which gave Pandora important info because it showed where a person lived, worked and the places they frequented.
The library also gathered the Android ID, which is the phone’s unique device ID. The other libraries gathered the same kinds of data.
ComScore’s SecureStudies library transmitted the Android ID to its ScoreCard Research Website. The Medialets library gathered the GPS data, bearing, altitude, Android ID, connection status, network information, device brand, model, release revision and current IP address.
Even though such user data is meant to aid Pandora in making the music streams more personal, it was shown that they were also giving this data to advertisers. The study added that was possible that Pandora and the other smartphone application makers didn’t know how much of the data was being gathered and put out. Developers could be installing prebuilt code snippets from the libraries without knowing it is occurring.
Pandora’s smart phone application lets customers enjoy streaming music from their phone. The application is estimated to have been accessed more than 10 million times, according to information on Google’s Android Market, and it is the 28th most downloaded application available in Apple’s App Store.
