Mobile applications collecting personal data of users in one form or the other is no more a stunning news. The Snowden documents only confirmed that smartphone applications such as Angry Birds had been colluding with the NSA in handing over the personal information about their users.
HackRead reported earlier how the leaky applications of mobile phones are being abused by the intelligence services to retrieve personal information of the users. The information collected included age, location, sex, email addresses and other such details that are made available on the applications.
While there were denials by these application providers about any breach of trust, a video at the CBS 60 Minutes, shows how Rovio Entertainment, the creator of Angry Birds, shares the user’s location.
FireEye, a security vendor, in its official blog provides a detailed explanation of how the smartphone application of Angry Bird shares the user’s information with third party networks. And in the process, it is making money by selling ad spaces in its games.
According to them, the latest update of the Angry Bird on 4th March 2014 works in association with ad-mediation platform and third-party networks which shares the user’s information across multiple parties.
Angry Birds players create a Rovio account to avail themselves of various benefits espoused by the developers, which includes saving scores and in-game weapons, preserving game progress across multiple devices, and so on.
The developer also gets rights to upload the user’s information shared during the registration process, to third party through the end-use license agreement.
The completion of the registration process uploads the user’s personal data to the Angry Birds Cloud so that the player profile can be created.
Angry Birds uses Burstly as an ad adapter, which in turn is integrated with numerous third party ad clouds.
- The researchers say, “Once a Rovio account is created and personal information uploaded, the user can do little to stop this personal information sharing. Their data might be in multiple locations: Angry Birds Cloud, Burstly and third-party ad networks such as Jumptap and Millennial Media.”
A more detailed explanation of how the entire information is passed on is well explained at the Fire Eye blog.
Rovio, on the other hand, reiterated once again that it is not sharing any information with the NSA or any third party.
- Rovio does not allow any third party network to use or hand over personal end-user data from Rovio’s apps,” it had said in a statement released in January.
This news definitely proves a point: either the company is lying or the security vendor.
In all probability, it is the developer who has taken users for a ride and made mockery of its sentimental appeal issued earlier in January:
- Our fans’ trust is the most important thing for us and we take privacy extremely seriously. We do not collaborate, collude, or share data with spy agencies anywhere in the world.”