Secret government tracking software hidden in apps - Android Authority
<https://www.androidauthority.com/government-tracking-apps-1145989/> A new report today from The Wall Street Journal exposes yet another concerning development when it comes to mobile phone tracking. According to the report, at least one federal contractor puts government tracking software in over 500 mobile applications. The contractor — a Virginia-based company called Anomaly Six LLC — pays mobile developers to include its in-house tracking code within their apps. The trackers then collect anonymized data from our phones and Anomaly Six aggregates that data and sells it to the US government. It sounds crazy, but it’s happening. What’s more, it appears it’s totally legal. See also: US-China trade war: Why every Chinese phone maker should prepare for the worst Government tracking: What you need to know The report from The Wall Street Journal makes it clear that the tracking software from Anomaly Six appears in over 500 mobile applications. However, Anomaly Six would not disclose the apps with which it has partnerships. The WSJ was unable to glean this information through other methods. One would assume you could dive into the terms of service agreements of popular apps and find references to Anomaly Six. That would be a waste of time, though, because app developers don’t need to disclose the Anomaly Six tracker to users. Therefore, you could have one or even dozens of apps with Anomaly Six’s government tracking code and you would have no idea. The tracking code used by this federal contractor does not need to be disclosed to the user by the app on which it's running. To be clear, the data Anomaly Six collects is anonymized. Each smartphone is attached to an alphanumeric identifier that isn’t linked to the name of the phone’s owner. Of course, there are plenty of ways one could use “anonymous” data such as these to figure out who owns the device. For example, the device will likely be idle at night while the owner sleeps, and the device’s location at that time is likely the owner’s home. Once you have that info, it isn’t hard to start concluding other user habits, such as where they work, what they use to commute, where they go out to eat, etc. Since Anomaly Six doesn’t disclose its government tracking software, there’s no way to opt-out. In brief: you are being tracked and your smartphone habits are being sold to the government and there’s nothing you can do about it. How is this legal? Since the idea of tracking location data via smartphones is still so new, laws and regulations related to the practice are behind the curve. Since the data Anomaly Six collects is technically anonymous and since it isn’t selling the data for commercial purposes — i.e. advertising or marketing — it’s fine to do this within the eyes of the law. Related: Is selling your privacy for a cheaper phone really a good idea? The big question, though, is what the government is doing with this data. Is it just keeping tabs on its citizens? Does it use it for law enforcement purposes? Is it using it as a counter-terrorism tactic? There are a lot of questions here, but Anomaly Six has no intention of answering them. According to the company, the business it conducts is considered confidential (although technically not classified), so it can’t elaborate on its business partners without their strict permission. Obviously, that permission isn’t likely to be easy to get.
Buongiorno, ah il meraviglioso mercato della sorveglianza globale targata USA (anzi Five Eyes... o è Fourteen?!?): la competizione con la Cina (gli altri sono praticamente inesistenti) in questo campo sta raggiungendo livelli sublimi, anche se i secondi devono così correre per raggiungere i primi! Alberto Cammozzo via nexa <nexa@server-nexa.polito.it> writes:
<https://www.androidauthority.com/government-tracking-apps-1145989/>
Molto, molto interessante: grazie! Piccola nota: l'articolo che riporti indica in "over 500 mobile applications" il numero delle app coinvolte, indicando il report del WSJ come fonte… ma l'articolo del WSJ non mi pare fornisca cifre: mi sono perso qualcosa? Wayback Machine ha in archivio l'intero articolo (normalmente dietro paywall): https://web.arcohive.org/web/20200810203631/https://www.wsj.com/articles/u-s... --8<---------------cut here---------------start------------->8--- WASHINGTON—A small U.S. company with ties to the U.S. defense and intelligence communities has embedded its software in numerous mobile apps, allowing it to track the movements of hundreds of millions of mobile phones world-wide, according to interviews and documents reviewed by The Wall Street Journal. Anomaly Six LLC a Virginia-based company founded by two U.S. military veterans with a background in intelligence, said in marketing material it is able to draw location data from more than 500 mobile applications, in part through its own software development kit, or SDK, that is embedded directly in some of the apps. An SDK allows the company to obtain the phone’s location if consumers have allowed the app containing the software to access the phone’s GPS coordinates. App publishers often allow third-party companies, for a fee, to insert SDKs into their apps. The SDK maker then sells the consumer data harvested from the app, and the app publisher gets a chunk of revenue. But consumers have no way to know whether SDKs are embedded in apps; most privacy policies don’t disclose that information. Anomaly Six says it embeds its own SDK in some apps, and in other cases gets location data from other partners. Anomaly Six is a federal contractor that provides global-location-data products to branches of the U.S. government and private-sector clients. The company told The Wall Street Journal it restricts the sale of U.S. mobile phone movement data only to nongovernmental, private-sector clients. [...] “Anomaly Six is a veteran-owned small business that processes and visualizes location data sourced from mobile devices for analytics and insights,” the company said in response to questions for this article. “We leverage detailed location data from numerous first-party sources to provide insights into groups, behaviors, and patterns.” The company said it acknowledged the “intense scrutiny” around the government use of such data, but said all the data it works with is commercially available and compliant with all laws. [...] In the data drawn from apps, each cellphone is typically represented by an alphanumeric identifier that isn’t linked to the name of the cellphone’s owner. But the movement patterns of a phone over time can allow analysts to deduce its ownership—for example, where the phone is located during the evenings and overnight is likely where the phone-owner lives. [n.d.r. 1] [...] A lawsuit filed by Babel Street two years ago against Anomaly Six and its founders offers a window into the competitive and largely secretive market of providing consumer location products to the U.S. government. [...] One of Babel Street’s products, called “Locate X,” includes the location records of millions of cellphones, drawn from consumer apps. The two former employees set out to build a product to compete with it, according to Babel’s lawsuit. Anomaly Six declined to comment on the lawsuit, which was settled out of court last year. [...] The information, gathered into what’s known as a “pattern of life” analysis, can provide a richer understanding of the habits and behaviors of potential intelligence targets, and to possibly predict their future behavior. [...] A group of academic researchers using Babel Street’s software were able to monitor the movement of devices at Russian military facilities as part of a project for the U.S. Army, the Journal also reported last month. Such revelations showcase the power of even commercial data to reveal sensitive information about some of the most secure facilities in the world—and raise privacy concerns about the blurring the lines between corporate marketing and government surveillance. “It’s really alarming to learn about companies like this that claim to have years’ worth of location data from all over the world. Revelations like this just keep coming,” said Laura Moy, a law professor at Georgetown University and director of the school’s Communications & Technology Law Clinic. “Users have no idea that when they install a weather app, a game, or any other innocuous-seeming app that their private location data is going to be harvested and sold. Apparently that’s what’s happening here, and we have no transparency into the practice,” said Ms. Moy. Anomaly Six isn’t listed in any public spending contracts, and many of Babel Street’s sales to government entities aren’t reflected in public documents either. Anomaly Six said its contracts with the U.S. government were unclassified but confidential, and that it couldn’t reveal which agencies it was working with without permission from those agencies. --8<---------------cut here---------------end--------------->8--- Siamo tutti potenziali target dei servizi segreti, è per questo che si danno così tanto da fare a raccogliere INDIZI "a strascico" su chiunque, si sa mai possano venir buone in futuro! Per l'intelligence le informazioni personali sono come il porcello per i contadini: non si butta via niente! (e infatti non sanno letteralmente più come fare a immagazzinarle, porelli) Saluti, Giovanni [n.d.r. 1] questa frase è addirittura offensiva nel sottostimare cosa si può ricavare dall'analisi dei metadati; inoltre io non ci credo che tra i metadati raccolti non ci sia anche qualcosa di più specifico in merito al device. -- Giovanni Biscuolo
participants (2)
-
Alberto Cammozzo -
Giovanni Biscuolo