Spying on Angry Birds Gamers

[birdMeister]

It appears the government is interested in Angry Birds players activities. Both the USA and UK spy agencies track smart phone users via Angry Birds apps, collecting personal info and location data. Presumably they are not tracking our times spent on gaming, but who knows?

Kind of weird – play safe out there.

Topic

[MVNLA2]

Yeah, I heard this on the news today, but only about the NSA (in US). It is games played on mobile phones in general, but AB did get signaled out, to the extent that they played the AB theme at the start of the news article.
I can’t imagine what kind of information they get from people playing the single player games. If you are playing with friends, I guess they could keep track of whom you’re playing with, but what else?
This whole idea that they can collect useful personal info from people playing AB in particular has me totally mystified.

[Les Toreadors]

I am not too concerned about this as I typically keep my data connection OFF unless I am browsing or checking emails.

I also think that a lot of these ‘spying’ hoaxes are to the fashion of making a mountain out of a molehill. I have talked about these NSA “spying operations” and some of them feature ridiculous technology.

If anything the ‘national security organizations in question’ would not mind the widespread hoaxing and scares associated with privacy breaches, because it would automatically improve national security awareness by fear and word of mouth. Who spreads fear about ‘Big Brother’? Not the NSA, not the US Government, but people who believe that they should don tinfoil hats and look out for mysterious ‘black’ aircraft.

Regardless of the fact that said ‘black’ vehicles indeed are experimental or special purpose aircraft (that at times do great deeds), people will find new things to loathe and spread fear of just to make themselves feel secure.

Truth is, you’re not living in a tightly controlled police state so if you’re not out to do nefarious deeds, what is there to fear from ‘Big Brother’? Privacy is overrated in today’s highly networked society anyway, and deliberately introducing a certain element of ‘infamy’ into public opinion goes a long way in pushing indirect authority. That is why said ‘national security organizations in question’ will never, ever shed light as to the actual scope and capabilities involved in their cyber-monitoring operations. Let the hoaxes spread and the organization’s ability to perform its mission, in the public eye, is automatically inflated to enormous proportions without the need to spend anything on marketing or actual systems deployment.

As for purported ‘privacy breaches’, you can’t imagine the NSA employing people to sift through billions of copies of high scores to single you out on purpose, can you? And such so called ‘spying’ is easy to foil – just TURN OFF THE DATA. Simple as that.

[AMslimfordy]

I just want to chime in very quickly on this.

Foremost, the article posted by Fox News: http://www.foxnews.com/tech/2014/01/27/nsa-spying-through-angry-birds-google-maps/

Second, let’s stress Rovio’s response to the matter:

“Rovio doesn’t have any previous knowledge of this matter, and have not been aware of such activity in 3rd party advertising networks. Nor do we have any involvement with the organizations you mentioned [NSA and GCHQ].”

Finally, these are allegations only and have not yet been proven. I also doubt that either agency is interested in the age, gender, etc. of the average law-abiding flinger. But just as a word of caution to all people, both spied-upon and otherwise, be careful where how and with whom you share confidential information. Even https sites aren’t necessarily completely secure (e.g., https version of GMail reads email, which is why all the ads on the side of my GMail is for mathematics tutoring).

[Les Toreadors]

And there we are, Rovio’s official press release on the subject. Let’s not get carried away with rumors – Rovio really is the most trustworthy and community-friendly game developer I have ever worked with / ran small communities for :)

http://www.rovio.com/en/news/press-releases/450/rovio-does-not-provide-end-user-data-to-government-surveillance-agencies

[birdMeister]

Rovio may not know what is going on and not condone it, but once the spy agencies found the holes in their apps (“leaky” is the term used), I’m sure they couldn’t resist tapping into such a popular app. Plus the advertisers who buy placements from Rovio know how to target certain age and demographic groups from user profiles. Apparently the NSA has used this means to gather info on us.

In another example, a secret 20-page British report dated 2012 includes the computer code needed for plucking the profiles generated when Android users play Angry Birds. The app was created by Rovio Entertainment, of Finland, and has been downloaded more than a billion times, the company has said.

Rovio drew public criticism in 2012 when researchers claimed that the app was tracking users’ locations and gathering other data and passing it to mobile ad companies. In a statement on its website, Rovio says that it may collect its users’ personal data, but that it abides by some restrictions. For example, the statement says, “Rovio does not knowingly collect personal information from children under 13 years of age.”

[birdMeister]

I meant to include this link for the quoted section in my previous post, but it didn’t appear. Will try a different means.

[LaurenM]

I cannot express the words I feel right now…mainly because this is a family site and I would get banned in a heartbeat. But I stand by Rovio.

[MVNLA2]

True or not, this “news” item is blowing up big time in the media.
I read the press release from Rovio that @Les-Toreadors mentioned above. In fact, I read the second, more detailed press release, and looked at Flurry.com as well.
Sad to say, but I think it is disingenuous for Rovio to say that they don’t collect data. They are using Flurry to collect data, apparently partly at Rovio’s direction. I think Rovio should tell us what data they get from Flurry, and what personal data Flurry has access to.

[MVNLA2]

I should say that I don’t blame Rovio for the spying, and think that they are telling the truth when they say they don’t knowingly or willingly give personal data to the NSA or any other spy agency. I do think we might get more insight into what is really going on from Rovio than from Google, for instance.
I am concerned, however, that the NSA may be violating our constitutional right to privacy by taking advantage of “leaky” apps and every click we make while on the internet.
If you are interested in this topic, take a look at Flurry.com, which collects tons of data on mobile app users. A lot of their services are free, which begs the question of how they make money.

[burpie]

Oh great, now the NSA can impersonate my highscores ;-)

There was no accusation against Rovio by the way. Not specifically.

Regarding Google, they don’t just target their advertising, they also tailor their search results based on their data on you.

[birdMeister]

We have to recognize that Rovio’s interests do not align with ours. That is true of most corporations who can’t resist cutting expenses and grabbing extra revenue. Not building extra security into their app was an easy (and probably necessary) choice during their formative years. But today there is no excuse other than senior management indifference and/or ignorance. It is not a technical failure; I am sure they have the necessary resources or can hire them.

Grabbing for the extra ad revenue available for targeted placements is going to be a harder situation to correct. After all, we agreed to accept free apps in exchange for ad placements, so we must share the blame. Rovio needs to stress that their ad free apps will also increase our online privacy. Do you think that would bump up their revenue enough compared to ad placements?

[Les Toreadors]

I think I agree with @birdmeister that I rather purchase ad free applications than to tolerate annoying popups with alarming frequency.

But, turning off the device’s data connection works wonders as no apps will show at all, nor would any spyware (if present in said ads) be able to call home.

[SweetP]

I suspect Flurry.com gets their money from government agencies to do the DATA MINING* for them, @mvnla2. The NSA, et.al does not have the time or resources to collect all of this data. There are certain elements of user data that will trigger red flags, which get reported to government security agencies. therefore giving them the ammo to investigate “persons of interest.”
How do they do it? For example, if I want to download an app from Google Play Store, either purchased or free, I must allow the app permission to access Network Communication, Internet History and Bookmarks, Phone Calls, System Tools, GPS locator, or a myriad of other data from our devices. Otherwise, I would not be able to install the app if I don’t click on the “Accept” button.
There have been many times I did not install an app because I did not want certain types of info being collected.
Of course, there are those apps/games that we must use/have (email/ABx) to function and go about our daily activites. So unless I need to have access to the internet, I place my device in Airplane Mode, to avoid those annoying in-app purchase ad pop-ups. As @Les-Toreadors says, TURN OFF THE DATA, and @AMSlimfordy’s advice to be very careful of what you share while online.

That’s my two cents!

*Data mining happens all the time. I used to be an admin for a website a few years ago, and one of my responsibilites was to collect members’ data from competitor websites.

[SweetP]

Speaking of Google, @burpie take a look at this: http://www.dailytech.com/Google+Yes+we+Read+Your+Gmail/article33184.htm

[tomason]

Rovio IS a gateway for other entities to … observe… and although their “official statement” of innocence in this matter is sort-of true, it’s technically a case of legal semantics. Also their no-spying disclaimer is as legally binding as a safety disclaimer in a playground (not very binding). Meanwhile, anyone with 10-20 minutes of spare time, some patience, and a modicum of ability to read and understand legalese can discover that the truth in this matter is rather the opposite. They are a pathway for one of the snoopiest snoopers on the net – Flurry -… and they are a gateway to GOD KNOWS WHO.

Stated in the most recent EULA: (copy/pasted relevant sections)

2 THIRD PARTY SERVICES

Rovio Services may include links to third party services and/or the third party services may be made available to you via Rovio Services. These services may include, but are not limited to gameplay recording and sharing, social medial connectivity and the like. These services are subject to respective third party terms and conditions. Please study these third party terms and conditions carefully as they constitute an agreement between you and the applicable third party service provider.

4 INFORMATION COLLECTION AND USE; PRIVACY POLICY

By installing, accessing or using the Rovio Services, you consent to these information collection and usage terms, including (where applicable) the transfer of data into a country outside of the European Union and/or the European Economic Area or the United States of America.

Rovio respects your privacy rights and recognizes the importance of protecting any information collected about you. Rovio’s privacy policy as amended from time to time is available at http://www.rovio.com/privacy (“Privacy Policy”) and applicable to this EULA. Rovio’s Privacy Policy defines how, why and to which extent Rovio collects and uses personal and non-personal information in relation to Rovio’s products and services. By installing, accessing or using the Rovio Services you explicitly agree with the terms and conditions of Rovio’s Privacy Policy and to any terms and conditions included therein by reference.

7 LIMITATION OF LIABILITY

IN NO EVENT WILL ROVIO, ROVIO’S AFFILIATES, ROVIO’S LICENSORS OR CHANNEL PARTNERS BE LIABLE FOR SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES RESULTING FROM POSSESSION, ACCESS, USE OR MALFUNCTION OF THE ROVIO SERVICES, INCLUDING BUT NOT LIMITED TO, DAMAGES TO PROPERTY, LOSS OF GOODWILL, COMPUTER FAILURE OR MALFUNCTION AND, TO THE EXTENT PERMITTED BY LAW, DAMAGES FOR PERSONAL INJURIES, PROPERTY DAMAGE, LOST PROFITS OR PUNITIVE DAMAGES FROM ANY CAUSES OF ACTION ARISING OUT OF OR RELATED TO THIS EULA OR THE SOFTWARE, WHETHER ARISING IN TORT (INCLUDING NEGLIGENCE), CONTRACT, STRICT LIABILITY OR OTHERWISE AND WHETHER OR NOT ROVIO, ROVIO’S LICENSORS OR CHANNEL PARTNERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. FOR PURPOSES OF THIS SECTION 7, ROVIO’S LICENSORS AND CHANNEL PARTNERS ARE THIRD PARTY BENEFICIARIES TO THE LIMITATIONS OF LIABILITY SPECIFIED HEREIN AND THEY MAY ENFORCE THIS EULA AGAINST YOU.

BECAUSE SOME STATES/COUNTRIES DO NOT ALLOW CERTAIN LIMITATIONS OF LIABILITY, THIS LIMITATION OF LIABILITY SHALL APPLY TO THE FULLEST EXTENT PERMITTED BY LAW IN THE APPLICABLE JURISDICTION. THIS LIMITATION OF LIABILITY SHALL NOT BE APPLICABLE SOLELY TO THE EXTENT THAT ANY SPECIFIC PROVISION OF THIS LIMITATION OF LIABILITY IS PROHIBITED BY ANY FEDERAL, STATE, OR MUNICIPAL LAW, WHICH CANNOT BE PRE-EMPTED. THIS EULA GIVES YOU SPECIFIC LEGAL RIGHTS, AND YOU MAY HAVE OTHER RIGHTS THAT VARY FROM JURISDICTION TO JURISDICTION.

IN NO EVENT SHALL ROVIO’S, ROVIO’S AFFILIATES’, ROVIO’S LICENSORS’ OR CHANNEL PARTNERS’ LIABILITY FOR ALL DAMAGES (EXCEPT AS REQUIRED BY APPLICABLE LAW) EXCEED THE ACTUAL PRICE PAID BY YOU FOR USE OF THE ROVIO SERVICES OR FIVE EUROS (EUR 5), WHICHEVER LESS.

That’s TECHNICALLY how they get around the semantics of data collection..,. a third party proxy

I use their proxy carrier (Flurry) myself and I recommend you read thjeir T&Cs fror yourself. I personally do not care if I am watched, I simply have no possibility of privacy, and if you use a computer in 2014 and forward, NO ONE DOES… Read Flurry’s policy about data mining. It will solve all that curiosity… Here’s a link

http://www.flurry.com/legal-privacy/privacy-policy

[Gelfling]

BBC News – Technology. 29 January 2014

Angry Birds website hacked after NSA-GCHQ leaks (“Wiki-leaks”)

The spoof image superimposed the NSA’s logo over one of the Angry Birds characters (see the article for the image that hackers posted on Angry Birds site) …

Video game developer Rovio has confirmed that hackers defaced its Angry Birds site with an image entitled Spying Birds, featuring an NSA logo.

The attack followed the publication of leaks that indicated the US spy agency and its British counterpart GCHQ had obtained data released by at least one of the Finnish firm’s games.

The company said it did not “collaborate or collude” with any government spy agency.

It added it had quickly fixed its site. …

On Monday, the New York Times, ProPublica and the Guardian all posted copies of documents obtained from whistle-blower Edward Snowden that suggested the NSA and Britain’s GCHQ had worked together since 2007 to develop ways to gain access to information from applications for mobile phones and tablets.

They said that a GCHQ report, dated 2012, had specifically referred to their ability to snatch details about a user if they had installed Angry Birds on to an Android device.

The report said that the data could include information about the owner’s age, sex, location and even if they were currently listening to music or making a call. It added that the range of information depended in part on which online advertising network Rovio sent the details to.

Following the news, Rovio posted a blog saying it would now reconsider how it shared data with its partners.