Notices

Originally Posted by kingoddball

It's a conspiracy...

Originally Posted by festivalnut

what about the anti-theft app that was sending data to a russian email address? and the maintainer was nowhere to be seen when people found out and wanted to ask a few questions about that...

Originally Posted by danramos

That was for the N900?

To expose the information being shared by smartphone apps, the Journal designed a system to intercept and record the data they transmit, then decoded the data stream.
...
Many apps tested by the Journal appeared to violate that rule, by sending a user's location to ad networks, without informing users.
...
For example, Apple says that, internally, it treats the iPhone's UDID as "personally identifiable information." That's because, Apple says, it can be combined with other personal details about people—such as names or email addresses—that Apple has via the App Store or its iTunes music services. By contrast, Google and most app makers don't consider device IDs to be identifying information.
...
A growing industry is assembling this data into profiles of cellphone users. Mobclix, the ad exchange, matches more than 25 ad networks with some 15,000 apps seeking advertisers. The Palo Alto, Calif., company collects phone IDs, encodes them (to obscure the number), and assigns them to interest categories based on what apps people download and how much time they spend using an app, among other factors.

By tracking a phone's location, Mobclix also makes a "best guess" of where a person lives, says Mr. Gurbuxani, the Mobclix executive. Mobclix then matches that location with spending and demographic data from Nielsen Co.
...
Other apps transmitted more data. The Android app for social-network site MySpace sent age and gender, along with a device ID, to Millennial Media, a big ad network.

In its software-kit instructions, Millennial Media lists 11 types of information about people that developers may transmit to "help Millennial provide more relevant ads." They include age, gender, income, ethnicity, sexual orientation and political views. In a re-test with a more complete profile, MySpace also sent a user's income, ethnicity and parental status.
...
A spokesman says MySpace discloses in its privacy policy that it will share details from user profiles to help advertisers provide "more relevant ads." My Space is a unit of News Corp., which publishes the Journal. Millennial did not respond to requests for comment on its software kit.
...
Google was the biggest data recipient in the tests. Its AdMob, AdSense, Analytics and DoubleClick units collectively heard from 38 of the 101 apps. Google, whose ad units operate on both iPhones and Android phones, says it doesn't mix data received by these units.

Google's main mobile-ad network is AdMob, which it bought this year for $750 million. AdMob lets advertisers target phone users by location, type of device and "demographic data," including gender or age group.

Originally Posted by rotoflex

Practical use of this would be to conceptualize a framework for detecting eavesdropping/spying by applications and incorporating it into an application to run on the N900 to monitor for the behavior.

The story states:


I suppose something could monitor for outgoing identifiable data, & blacklist ad sites. Choking Google off is more problematic, as exceptions would have to be made for apps which send location data to Google maps, etc.