Widely used apps, like Angry Birds, were a target for the NSA, leaks reveal.
Widely used apps, like Angry Birds, were a target for the NSA, leaks reveal.

Recent Snowden leaks have shed light on plans by the National Security Agency (NSA), and its British equivalent, to snatch up mobile data exposed by popular gaming and social media applications.

On Monday, The New York Times, The Guardian and ProPublica teamed up to disclose classified government documents from 2010.

According to the leaks, NSA and Britain's GCHQ worked together to determine how the intelligence agencies could intercept user information sent over mobile versions of Facebook, Twitter, LinkedIn and other social networking services.

In addition, it was revealed that the popular gaming app, Angry Birds, was also of interest to the spy networks, which planned to target “dozens of smartphone apps” by 2007, including Google Maps.

“Since then, the agencies have traded recipes for grabbing location and planning data when a target uses Google Maps, and for vacuuming up address books, buddy lists, telephone logs and the geographic data embedded in photographs when someone sends a post to the mobile versions of Facebook, Flickr, LinkedIn, Twitter and other Internet services,” the article revealed.

A 14-page document (PDF) from the NSA, called “Converged Analysis of Smartphone Devices,” along with a documents from a GCHQ briefing on mobile surveillance (PDF) were published by the outlets.

On Tuesday, Scott Matsumoto, who manages the mobile security practice at Cigital as a principal consultant, told SCMagazine.com that the insight on NSA's spying tactics reaffirms app developers growing responsibility to protect user data.

“Back in 2010, developers didn't really know they were supposed to protect themselves from the NSA as well,” Matsumoto said. “In 2014, any company that is building applications really needs to think about [data security]. It's going to get exposed, so we need to take care and make sure we are protecting customers' privacy.”

This month, San Francisco-based mobile security firm Lookout analyzed over 30,000 applications to determine what percentage of them are capable of reading users' sensitive content.

The firm found that around 38 percent of Android apps have the ability to read location data, and about 50 percent of apps on the mobile platform had the ability to access a phone's international mobile station equipment identity [IMEI], a unique identifier assigned to devices.

Furthermore, approximately 15 percent of Android apps analyzed in the data set were discovered to access users' phone numbers.

On Tuesday, Marc Rogers, principal security researcher at Lookout, told SCMagazine.com that, over the years, the mobile space has gone from encrypting virtually no data, to sensitive data like banking details.

Despite these developments, the industry needs to “redefine what we call personal information,” Rogers said.        

“Unfortunately, there's all this other metadata that [app developers] aren't encrypting because they assume it has no value,” – such as location data, or even personal information like your race or gender, Rogers explained. “All of these things allow them to build a picture of you.”