Recently leaked NSA documents have shed a new light on the agency's assault on the data leaked by smartphone apps. By targeting the app configuration data, the NSA and GCHQ are able to pull data ranging from general characteristics like age and ethnicity to specific location based on GPS. The documents outline multiple tactics for unearthing this data, including a direct tap on app configuration data and information sent to ad networks. Using app data permissions as a jumping off point, the NSA is able to obtain any data advertisers have access to, plotting data collected in this manner against the Marina database of web-based metadata. The documents point out Angry Birds as an example of an ad-supported app that sends potentially useful data to ad networks, allowing the NSA to grab the data in transit.
"intercepting Google Maps queries made on smartphones"
The documents also specifically instruct agency staffers in "intercepting Google Maps queries made on smartphones, and using them to collect large volumes of location information." A 2010 documents also highlights Android phones as sending GPS information "in the clear" (without encryption), giving the NSA the user's location every time he or she pulls up Google Maps.
More advanced capabilities were also on display from the agency's targeted malware program. One slide lists targeted plugins to enable "hot mic" recording, high precision geo-tracking, and file retrieval which would reach any content stored locally on the phone. That includes text messages, emails and calendar entries. As the slide notes in a parenthetical aside, "if its [sic] on the phone, we can get it."