Slashdot Mirror

← Back to Stories (view on slashdot.org)

Pandora App Sends Private Data To Advertisers

Posted by CmdrTaco on from the of-course-it-does dept.

Trailrunner7 writes "An analysis of the popular free mobile application from online music service Pandora.com that is the subject of a grand jury investigation into loose data privacy practices in the mobile application market confirms that the application silently sends reams of sensitive data to advertisers. The analysis was conducted by application security firm Veracode and found that Pandora's free mobile application for Android phones tracked and submitted a range of data, including the user's gender, geographic location and the unique ID of their phone, according to an entry on Veracode's blog."

5 of 198 comments (clear)

  1. As I said last time by Anonymous Coward · · Score: 5, Informative

    As I said last time, "I stopped using their app when it wanted access to the system logs. This includes all notifications of pretty much everything going on on your phone. It might help them debug the app, it might help them with advertisers. Who knows. I just knew their app wasn't worth it."

    This is potentially a much more massive problem than we have been told.

    1. Re:As I said last time by Gutboy · · Score: 5, Insightful

      Google needs to allow you to authorize specific permissions for apps, not their current 'all or nothing' system. This way you could say "Yes, you can have my position because I believe a GPS mapping system needs that, but no you can't have my address book, since a GPS system doesn't need that". Sure it would screw advertisers over, but I don't care about them. Not everything in the world needs to have advertising on it.

  2. Wait a minute... by Nidi62 · · Score: 5, Insightful

    So, you mean all those ads at the bottom of the Pandora app that were specific to my home town wasn't just a random coincidence? How is it taking these things "silently" when it tells you exactly what you are giving it access too? Obviously, knowing where you live has no bearing on the type of music it's going to play. What else did people think this was going to be used for?

    --
    The only thing necessary for evil to triumph is for it to be pitted against a slightly greater evil
  3. SELinux type security for Android by Bocaj · · Score: 5, Informative

    Google needs to change the security model to allow finer grained access and more information to users about how much information that access allows. I should be able to install an application that wants access to my contacts but choose to deny that access with a warning that it may affect the functionality of the app. There should be more detail information on just what information an application can get hold of with that access. I think using the SELinux model of security in the kernel would be a good idea. If I don't grant an application process rights to certain files, it can't get access no matter what.

  4. Not just android by ender- · · Score: 5, Interesting

    The actual Vericode post says it's both the iPhone and Android versions. I'm not sure why the article linked in the summary [and thus the summary] only mentions the Android version.

    I wonder then, does the web browser interface do something similar, minus the GPS info of course? What about the Pandora One desktop app?

    --
    Nothing to see here