Pandora on Android and iOS Leaks Out Personal Information Back to Ad Servers

Whenever you install an app on your Android or iOS device, you are entering into an agreement to allow a certain level of control on your phone and its data. However, people hardly care about the implications and seemingly, neither do app manufacturers anymore.
Veracode is an independent security firm investigating into privacy of Android apps and Pandora has emerged as the new culprit of data leakage. Pandora sends a massive amount of personal information including your GPS data, device ID, connection ID, Device brand, model, birth date and gender back to ad servers. That is some serious breach of privacy and Pandora has declined to comment on this at all.

The folks over at Veracode have expressed their concern by saying,

In isolation some of this data is uninteresting, but when compiled into a single unifying picture, it can provide significant insight into a person’s life. Consider for a moment that your current location is being tracked while you are at your home, office, or significant other’s house. Couple that with your gender and age and then with your geolocated IP address. When all that is placed into a single basket, it’s pretty easy to determine who someone is, what they do for a living, who they associate with, and any number of other traits about them. I don’t know about you, but that feels a little Orwellian to me.

Pandora might argue that the data collected through this process is used to serve personalized content but sending it to advertisement servers is not something the users opt-in for.

Published by

Chinmoy Kanjilal

Chinmoy Kanjilal is a FOSS enthusiast and evangelist. He is passionate about Android. Security exploits turn him on and he loves to tinker with computer networks. You can connect with him on Twitter @ckandroid.