Recently uncovered PowerPoint slides used by the National Security Agency and its British equivalent indicate that the spy agencies have been intercepting personal data sent by "leaky" smartphone apps.
The New York Times, the Guardian and ProPublica all reported that documents provided by former NSA contractor Edward Snowden showed that the agency and Britain's GCHQ collected data transmitted "in the clear" by "Angry Birds," Facebook, Flickr, Flixster, Google Maps, LinkedIn, Photobucket and Twitter.
In addition to the vast amount of personal data being transmitted unencrypted across open cellular networks by the apps themselves, the agencies were reportedly able to get even more intrusive information — including a person's religion, sexual orientation and marital status — from third-party advertising networks that placed ads in smartphone apps.
None of this spying is difficult, or surprising. Security experts have warned for years that smartphone apps have been playing fast and loose with user personal data, a practice all the more disturbing because that data is flowing back and forth on open radio channels. All the NSA and GCHQ had to do was switch on the receivers.
It's also worth mentioning that the NSA and GCHQ are interested in the personal data of very few people. And if you're a resident of the United States, the NSA needs a court order to look at your data after it's been collected.
If all that makes you uncomfortable, here are seven steps you can take to make it harder for the agencies to gather information on you while you play "Angry Birds" or check your Facebook account from your phone.
1. Put your phone into airplane mode while playing games.
Most games don't need an Internet connection to run, but their ad networks do. Killing the connection will block ads from displaying and stop the transmission of your personal data, both by the game and by third-party ads. Airplane mode may also help your game run a little more smoothly as the processor stops trying to load ads.
2. Use a virtual private network (VPN) while connecting to the Internet.
A VPN encrypts all data traffic to and from your phone, tablet or computer by routing it through a VPN provider's server. Using a VPN won't stop apps and ads from collecting and transmitting your personal data, but it will make it much more difficult for spies or hackers to eavesdrop on those transmissions. VPN apps such as Hotspot Shield or VPN Express can be downloaded from the Apple App Store and Google Play store.
3. Don't post on social media accounts while connected to cellular data networks.
Instead, wait until you're connected to your secure, password-protected home or workplace Wi-Fi network. Better yet, don't post to social media accounts from your smartphone at all. Wait until you're seated at a desktop or laptop PC and connected to the social-media service via a secure HTTPS connection (see next item).
4. Install HTTPS Everywhere.
HTTPS Everywhere is a browser plugin for Firefox, Chrome and Opera desktop browsers provided free by the Electronic Frontier Foundation. There's no smartphone equivalent yet, but if a website, such as Facebook or Twitter, is capable of securely connecting to your computer, HTTPS Everywhere will make sure it does.
5. Turn off Wi-Fi, GPS and geolocation on your phone.
Wi-Fi, GPS and geolocation can all be used to quickly pinpoint your location. Don't use them until you absolutely need them. You may have to go into each app's settings to turn off geolocation, but start with apps capable of taking photos. If you do all that, spies and hackers won't be able to use app data to tell where you are, or where you've been.
6. Turn off cellular data connections.
If you don't need to receive constant email updates when on the go, turn off cellular data and go online only when connected to a secure, password-protected Wi-Fi network. You'll still be able to get text messages and voice calls, and your battery life will probably improve.
7. Get rid of the smartphone.
If you want to go to extremes, downgrade to a 2007-era "dumb" phone. All cellphones are tracking devices, but it's a lot more work for spies to get location data and personal information out of something that can't run Facebook or play "Angry Birds."