Back in the heyday before the Internet, and even before the telephone, there was one somewhat-reliable way of spreading information far and fast: the carrier pigeon. These modern-day sky-rats were capable of delivering messages up to 100 miles away and returning to their roost in a single day. Yet they weren’t a secure method of communication: they could get lost, captured or snacked upon by a hungry falcon. But that type of data leakage went with the territory.
While we no longer have to worry about a group of carrier pigeons leaking important information, we do have to worry about another group of birds that are taking their place: Angry Birds. Yes, the massively popular mobile game where you slingshot a group of birds into wooden structures crafted by a group of devious pigs, is playing fast and loose with user data. The game, which has come under fire for leaking player data before, continues to send user information including age, gender, home address, and numbers identifying the user’s device to third parties with little to no encryption on either end. It’s like sending a flock of talkative parakeets to send a private message to one person.
How did this happen?
This data leak is the result of how Rovio, creator of the Angry Birds app, collects and uses player information. Rovio, like many free service providers, makes its money by selling ad space in its games. To do this, they collect as much information on players as possible—usually by introducing new deals and features in return for supplying them with your email address, age and other identifiers. The data is then passed to an advertising platform, in this case, Burstly, that specializes in helping marketers post ads on mobile devices. Burstly then turns around and sells this data to third-party advertising networks—such as Millennial Media—in order to display targeted ads. But Burstly also sends user data, including data that identifies the device a player is using the app on, and the Internet Protocol (IP) address (the Internet equivalent to your mailing address) to additional advertising networks.
This isn’t too troubling in and of itself. Rovio’s privacy policy clearly states they reserve the right to collect and upload such “entered” information to third-party marketers. What’s troubling is that Rovio, Burstly and Millennial Media send this personal information with little to no encryption and, in some cases, as plain text. That’s a big flock of parakeets. And in the security world, that’s a big no-no.
Proper encryption and proper notification to users of what an app will access, as I’ve discussed before, is a massive problem in the mobile space.
The amount of information being transmitted by mobile apps to advertisers is growing rapidly, and often without a concern to the security of everyday users. This is dangerous because it makes the job of acquiring information for financial fraud that much easier for hackers. Remember: if you’re not paying for an app or service, then your data is most likely being sold to third parties.
But there are things you can do to protect your information from being over-shared by mobile apps. Here are a few:
- Give out as little personal information as possible. Some apps do require personal information to work. For those apps, give as little data, from location to name and address, as possible. By minimizing the amount of information you give out about yourself, you limit who has access to your information at any given time.
- Protect your identity with comprehensive security software. True digital security requires a multifaceted approach. You can’t just protect yourself against viruses when an app is leaking your data. Keep your identity safe online and safeguard your personal information from risky apps by installing McAfee LiveSafe™ service on all of your home devices, from your computer to your smartphone.
- Manage app permissions. Some apps require access to certain features of your phone to truly work, others don’t. Don’t give mobile apps more permission than they need—like location information and access to your camera—just because they ask. A gaming app shouldn’t need your location data, nor access to your browsing history. McAfee Mobile Security for Android (which is included with McAfee LiveSafe ) will help categorize your apps by type, and alert you to apps that may be accessing more information than they may need to function. If your computers are already protected, download our free mobile security for both Android and iOS to protect your smartphone.
Stay Updated
Follow us to stay updated on all things McAfee and on top of the latest consumer and mobile security threats.
