According to a report by The Intercept (via iMore), a secret surveillance program called ‘BADASS’ was used by the British and Canadian governments to acquire sensitive smartphone user data from the servers of numerous advertising and analytics companies. BADASS gathered unencrypted data sent to the companies from iPhones and other devices, which can give whoever is looking at it confidential information about individual users.
“Programmers frequently embed code from a handful of such companies into their smartphone apps because it helps them answer a variety of questions: How often does a particular user open the app, and at what time of day? Where does the user live? Where does the user work? Where is the user right now? What’s the phone’s unique identifier? What version of Android or iOS is the device running? What’s the user’s IP address? Answers to those questions guide app upgrades and help target advertisements, benefits that help explain why tracking users is not only routine in the tech industry but also considered a best practice”.
The Intercept’s analysis has revealed that although the BADASS presentation appears to be 4 years old, at least one player in the mobile advertising and analytics space, Google, acknowledges that its servers still routinely receive unencrypted uploads from Google code embedded in apps.
You can read the whole story at the source here.