Slashdot Mirror

← Back to Stories (view on slashdot.org)

Pandora Subpoenaed In Probe of Mobile-App Privacy

Posted by Soulskill on from the investigating-at-the-speed-of-government dept.

ideaz writes "Pandora Media Inc., the largest Internet radio company, said it's been asked for information as part of a federal grand-jury probe into the way smartphone software developers handle personal data. Pandora isn't a specific target of the investigation and similar subpoenas have been issued to other publishers of apps that run on Apple's iPhone and Google's Android operating system, the company said in a securities filing today."

50 comments

  1. Not news. by Anonymous Coward · · Score: 0, Insightful

    This shouldn't even be on here.

    1. Re:Not news. by WrongSizeGlass · · Score: 1

      This shouldn't even be on here.

      I disagree. I think it's:
      * good news that the government may finally be taking a serious interest in protecting user data.
      * bad news that the government may try to start regulating personal data or application developers because let's face it, they rarely get it right (if ever).

    2. Re:Not news. by Anonymous Coward · · Score: 0

      From what I've seen most of the so-called tea party doesn't know shit about Ayn Rand nor her ideology.

    3. Re:Not news. by Anonymous Coward · · Score: 0

      Or anything else written in books.

    4. Re:Not news. by Anonymous Coward · · Score: 0

      that's right we use google books.

  2. Busted by Anonymous Coward · · Score: 0

    I can't wait to see exactly how much personal data these applications are squeezing out of my phone.

    Don't save anything that you wouldn't want to explain in a deposition...

  3. Why I stopped using their app by Anonymous Coward · · Score: 1

    I stopped using their app when it wanted access to the system logs. This includes all notifications of pretty much everything going on on your phone. It might help them debug the app, it might help them with advertisers. Who knows. I just knew their app wasn't worth it.

    1. Re:Why I stopped using their app by Anonymous Coward · · Score: 0

      I remember uninstalling after discovering the Pandora widget idled at ~10% CPU usage while doing nothing at all.

  4. Byut by Anonymous Coward · · Score: 0

    Who wil tink of the chidrne?

  5. Probably their login method by Culture20 · · Score: 3, Informative

    Their login method is "what's the iPhone's UUID?" Found that one out the hard way when I purchased a friends' (wiped by me) old iPhone. They're probably an example of doing it wrong.

    1. Re:Probably their login method by Anonymous Coward · · Score: 0

      I agree.
      Let's burn the flag of Pandora in protest.

    2. Re:Probably their login method by Beat+The+Odds · · Score: 1

      What, exactly, is wrong with them connecting your Pandora account to the UNIVERSALLY UNIQUE ID for YOUR phone?

    3. Re:Probably their login method by Anonymous Coward · · Score: 0

      Some people are paranoid when it comes down to being tracked.

    4. Re:Probably their login method by pclminion · · Score: 1

      Because there is no one-to-one relationship between phones and users. As pointed out in the second freakin' sentence of the post you replied to.

    5. Re:Probably their login method by ThunderBird89 · · Score: 1

      Then they shouldn't install ANY apps whatsoever, and wrap their phones in a layer of tinfoil, move out into a cave and never leave it!

      Seriously though, I don't see problems with being tracked by Google through Latitude (which I use, keep my GPS online, and share my location with my friends), or Pandora (which, I don't use). It's not like their going to stalk you and peer in your windows while you sleep...

      --
      Hyperbole: I use it liberally!
    6. Re:Probably their login method by Anonymous Coward · · Score: 0

      What, exactly, is wrong with them connecting your Pandora account to the UNIVERSALLY UNIQUE ID for YOUR phone?

      Maybe because he WIPED it?

      I love Pandora. Actually I am a subscriber for their yearly service. But if he wiped his phone and Pandora somehow kept his credentials that's silly.

    7. Re:Probably their login method by ArcCoyote · · Score: 3, Informative

      Yep, and that's how I found iPhones that are returned as defective to the Apple Store make it back to the public.

      I exchanged a 3GS that was spontaneously rebooting and syncing slowly or not at all, even after a DFU Restore (which is why I honestly believe jailbreaking can damage your flash, especially after I had it happen to TWO jailbroken 3GS's... but that's another story.)

      Anyway, I had Pandora on it. I didn't reinstall Pandora right away on my replacement phone, but when I finally did (months later) and logged into my Pandora account, my stations had been replaced with a bunch of stuff I would never listen to. So explain to me how that happened, other than someone using the phone that was supposedly returned to Apple?

    8. Re:Probably their login method by Nyder · · Score: 1

      Some people are paranoid when it comes down to being tracked.

      Then i guess they should go live in a cave in the wilderness or something. The track cat is out of the bag and has been for the last 5 years or so.

      You don't want to be tracked?

      Don't get an ID, don't get an cell phones, don't use internet, don't use credit cards.

      Do you understand? You are already being tracked and it is NOT going to stop.

      --
      Be seeing you...
    9. Re:Probably their login method by Tim+C · · Score: 1

      I'd imagine the phone was refurbished and either sold again as such (hardly an uncommon practice) or passed off as new (again hardly uncommon, but definitely naughty). Neither of these things preclude it being returned to Apple and the refurbishment performed by them.

      --
      It's official. Most of you are morons.
    10. Re:Probably their login method by Anonymous Coward · · Score: 0

      I'm suspecting the latter, mainly because I believe Apple is smart enough to change the UUID when refurbishing a phone to prevent this kind of thing.

    11. Re:Probably their login method by Anonymous Coward · · Score: 0

      Yep, I agree. Although there is cause for concern, and I do spend a moderate amount of energies not being tracked (easier when you work in IT), I accepted a long time about that some irrelevant information is going to be leaked about me.

    12. Re:Probably their login method by h4rr4r · · Score: 1

      Because that is a unique ID per Phone not per User. Pandora accounts are unique to users, not phones.

      Please tell me you are not involved in any sort of development.

    13. Re:Probably their login method by tlhIngan · · Score: 1

      Anyway, I had Pandora on it. I didn't reinstall Pandora right away on my replacement phone, but when I finally did (months later) and logged into my Pandora account, my stations had been replaced with a bunch of stuff I would never listen to. So explain to me how that happened, other than someone using the phone that was supposedly returned to Apple?

      UUIDs are unique per phone hardware (I think they're derived from an internal serial number embedded either in flash, the CPU, or a mixture of all sorts of entropy (dual MACs from WiFi+BT, serial number, flash serial number, IMEI, etc).

      When you exchanged your 3GS, Apple puts it in a pile to be refurbed and gives you one from the freshly refurbed (or brand new - they need seed stock and it's brand new, except sans accessories, etc). What that refurb pile gets big enough, they ship it back to Apple who then accumulates a big pile of those and they go and repair them all in one go. Those then get distributed back as units to replace other failed ones, and the cycle continues. Your broken unit ended up fixed and was used to replace another broken unit.

      And Apple does have refurb sales too to sell the repaired units.

      Of course, the developer is an idiot for using UUIDs to identify people, since there's no 1:1 relationship between phones and people. Some people own more than one phone. Some phones are owned by more than one person.

  6. Not Surprised Pandora Got Called Out on This by Maltheus · · Score: 2

    I uninstalled Pandora from my phone the second they wanted permissions to access my calendar. I don't care so much that they know who my contacts are, but the details of my personal appointments are much more sensitive. Still, I knew the price and was free not to pay it. It's not like Android doesn't warn you when the permissions change.

    1. Re:Not Surprised Pandora Got Called Out on This by Anonymous Coward · · Score: 0

      I uninstalled Pandora from my phone the second they wanted permissions to access my calendar. I don't care so much that they know who my contacts are, but the details of my personal appointments are much more sensitive.

      Which is why I still prefer BlackBerry -- I'm given the option to reject the App's requested permissions and substitute my own.

      Who the fuck said app developers should be able to dictate the permissions their apps get?
      Any app running on my phone has a choice: "Personal Data" or "Internet Access" never shall the two meet.

      PLEASE Google, add the ability to override app permissions and I'll gladly switch!

    2. Re:Not Surprised Pandora Got Called Out on This by Culture20 · · Score: 1

      I have no idea what it has access to on my iPhone.

    3. Re:Not Surprised Pandora Got Called Out on This by node+3 · · Score: 0

      You don't, but Apple does. I'm sure it's their policy to reject an app that accesses a user's contact list or calendar (for example) which doesn't reasonably make use of.

      Personally, I'd rather have a procedure like happens when an app requests access to the location data, but this is yet another situation where Apple's "walled garden" provides value to the average user.

    4. Re:Not Surprised Pandora Got Called Out on This by Thing+1 · · Score: 1

      Personally, I'd rather have a procedure like happens when an app requests access to the location data, but this is yet another situation where Apple's "walled garden" provides value to the average user.

      I disagree, and I live in that walled garden. I would much prefer each app ask me for the permissions it needs, every single one of them, before it has access to my data.

      --
      I feel fantastic, and I'm still alive.
    5. Re:Not Surprised Pandora Got Called Out on This by node+3 · · Score: 1

      Personally, I'd rather have a procedure like happens when an app requests access to the location data, but this is yet another situation where Apple's "walled garden" provides value to the average user.

      I disagree, and I live in that walled garden. I would much prefer each app ask me for the permissions it needs, every single one of them, before it has access to my data.

      If you were to re-read what I wrote, I think you'd find you don't disagree with me.

    6. Re:Not Surprised Pandora Got Called Out on This by Belial6 · · Score: 1

      I just wish they would add a new "access to data" level that gives access to the application's private directory, and nothing else. It seems kind of silly that you have to give access to everything on the SD, or nothing.

    7. Re:Not Surprised Pandora Got Called Out on This by Tim+C · · Score: 1

      I'm not really sure how that would help - surely untrustworthy apps (or those that legitimately need the refused permission) will simply fail, thus gaining you nothing? Either way you're not going to be using the app.

      --
      It's official. Most of you are morons.
    8. Re:Not Surprised Pandora Got Called Out on This by Anonymous Coward · · Score: 0

      It depends on what you mean by "untrustworthy".
      The intentionally malicious apps will fail.
      But it's more about keeping "honest" apps honest - only the parts of the app requiring personal info fail to operate.

      It's something I've done for a few years, and it's worked well enough so far.

    9. Re:Not Surprised Pandora Got Called Out on This by Coren22 · · Score: 1

      http://blog.pandora.com/faq/contents/1643.html

      The reasons they give are actually pretty good. IF you want to send your stations to a friend, it needs email and contacts. IF you want to add a concert, etc to your calendar, it needs calendar access. It uses GPS to give better targeted advertising (Metallica at the MCI center on )

      --
      APK likes to ask for responses to the same things over and over. Maybe he just likes the responses?
    10. Re:Not Surprised Pandora Got Called Out on This by Thing+1 · · Score: 1

      I'm mostly agreeing with you; the disagreement was with the extension of the thought (and not what you wrote directly), that being "what Apple provides is sufficient." So when I said I disagree, I actually disagreed with that, not with what you wrote. Seriously, thanks for bringing that to my attention. What I really meant, was that I would prefer more granularity than Apple currently provides in terms of giving applications access to my data.

      --
      I feel fantastic, and I'm still alive.
    11. Re:Not Surprised Pandora Got Called Out on This by node+3 · · Score: 1

      Well, now I'm more confused. I don't know if you're still disagreeing with me or not. I did state I wanted more detailed security options, like what you said you wanted. I'm pretty sure I didn't imply I was alone in this.

      We may just have to agree to agree on this...?

    12. Re:Not Surprised Pandora Got Called Out on This by Thing+1 · · Score: 1

      Yeah I was a bit confused when I wrote it. :) I agree, that we're just going to have to agree to agree. :)

      --
      I feel fantastic, and I'm still alive.
  7. non-virgins birthing hymenless babys? by Anonymous Coward · · Score: 0

    queer enough? stop it. go away. this can't be real? everybody knows god made us to suffer & die for our rulers, so all this 'where did we come from, where are we not going' drivel has no meaning to those of us who had hymens, & disposed of them appropriately, with help, from our religious & non-religious trainings. so there? monkeys? sex? what?

  8. Incorrect use of a smart phone by shuz · · Score: 2

    Listen here the parent obviously did not correctly follow the intentions of both the phone manufacturer as well as the assumption of the software designer. You are supposed to throw the phone into the closest trash receptical after 3-6 months of use and purchase a new $500 phone. By ensuring that your phone is securely in a landfill you can then feel confident that you will be supported to the fullest extent by your software vendor as well as your hardware vendor. Of course both data security and software backups and data transfers are out of scope of both the software vendor as well as the hardware manufacturer. I personally suggest an 8 lb maul against an uneven and sharp surface. Ensure that particles of your previous device are smaller than a dime. As for software backups and transfers I suggest a professional paid service that will steal, ahem, manage that data for you.

    --
    There is or can be built a machine that can simulate any physical object. -Church-Turing principle
  9. I installed Pandora... by Anonymous Coward · · Score: 2, Interesting

    And didn't uninstall it, especially when I realized I could get free, high quality music I actually enjoyed..
    Anywhere. Music statistically optimized by my taste by doing little more than suggesting a few bands, then saying "Sucks, skip it" or "This rocks" a few times.
    In the car? Internet>3G>Iphone>bluetooth>aftermarket bluetooth car deck.
    No wires. Touch the screen of my phone and stuff it back in my pocket and forget it while driving. Got a phone call? Music pauses, in-car stero becomes speakerphone. Music resumes and fades in when call ends. This, in a vehicle that was made when "push technology" was the buzzword of the day. When did the future get here?

    1. Re:I installed Pandora... by Anonymous Coward · · Score: 0

      The functionality is great, what's not great is that you have to give it access to your soul-binding true name. Most people don't care, but it is exactly for the people who don't care that we should task developers to lock down their security.

      I don't see why it's so hard for apple/google etc to pop up a dialog the first time a specific app requests a specific permission. "Pandora wants to use the calendar (why does it need to do this again?)" Yes/no. Should have been built into the software day one.

      Google has the problem of telling you all of the things an app will access, but not telling you why. Some apps request permission for features that are rarely used, or used for a specific feature. Apple has the problem that apple is your only line of defense. You still don't know if an app is safe, you only know that Apple thinks it is. More often than not they are probably right, but...

    2. Re:I installed Pandora... by Anonymous Coward · · Score: 0

      Stop talking rubbish:
      http://www.pandora.com/restricted

    3. Re:I installed Pandora... by Tim+C · · Score: 1

      And didn't uninstall it, especially when I realized I could get free, high quality music I actually enjoyed..
      Anywhere.

      Anywhere in the US. That's great for you, but sucks for the rest of us.

      --
      It's official. Most of you are morons.
    4. Re:I installed Pandora... by Tim+C · · Score: 1

      Google has the problem of telling you all of the things an app will access, but not telling you why.

      I also find that annoying at times, but realistically what can Google do? Demand to see the source code and implement a scheme to ensure that what they see is what is actually compiled in to the app? Or change the API to require a message that is displayed at permission request time, and trust the developers not to lie?

      --
      It's official. Most of you are morons.
    5. Re:I installed Pandora... by Anonymous Coward · · Score: 0

      And didn't uninstall it, especially when I realized I could get free, high quality music I actually enjoyed..
      Anywhere.

      Anywhere in the US. That's great for you, but sucks for the rest of us.

      Maybe I'm missing something here... why would you have their App installed then if you can't use it? Or are you saying that only the free listening is available in the US, and paid listening is available outside? Please clarify.

  10. anybody know what these posts are? by Anonymous Coward · · Score: 0

    Has anyone figured out what these posts are all about? What is somebody getting from doing this? It doesn't appear to be advertising for something, so what is its point?

    Seems it's always one AC, and another one follows up, but just once per thread.

    1. Re:anybody know what these posts are? by Ungrounded+Lightning · · Score: 1

      Has anyone figured out what these posts are all about?

      Don't know this is what it is. But it would be an interesting way to use Steganography to broadcast or exchange a small amount of information.

      --
      Bantam Dominique roosters crow a four-note song. Once you've heard it as "Happy BIRTHday" you can't NOT hear it that way
    2. Re:anybody know what these posts are? by Thing+1 · · Score: 1

      I think we should get the FBI to ask the Internet to give them too many answers that they can't cope with real threats?

      --
      I feel fantastic, and I'm still alive.
  11. avoid dictionary.com app! by 1800maxim · · Score: 1

    If you value privacy, YOUR privacy, avoid dictionary.com app at all costs. First, their website was riddled with over 200 pieces of cookies and tracking info (read a piece either here http://online.wsj.com/public/page/what-they-know-digital-privacy.html or somewhere else, can't recall).

    Second, their app for the blackberry wants access to ALL of your information, including calendar, contacts, files, email, SMS, etc... If you deny any of those permissions, the app won't work.

    Moreover, I sent 2 emails to them asking what kind of information their app collects, and received no response.

    Beware!