NSA Spying on Apps Shows Perils of Google+, ‘Candy Crush’

The US and UK have infiltrated mobile software for details about users’ comings and goings and social affiliations. Among the so-called leaky apps with the greatest privacy perils are Google Plus, Pinterest’s online bulletin board and “Candy Crush Saga,” the most popular game on Facebook, according to an analysis by Zscaler Inc.

Zscaler’s analysis found that 96 percent of the top 25 social-networking apps request e-mail access, 92 percent ask for access to users’ address books and 84 percent inquire about their physical locations. Sutton said most people give the apps what they want. Applications for smartphones and tablets present a challenge when it comes to security because, unlike with computer software, most apps depend almost entirely on ads to make money. While technology companies often encrypt what they collect to shield it from prying eyes, the advertising services they work with frequently don’t, said Kevin Mahaffey, co-founder and chief technology officer of Lookout. Lookout studied 30,000 apps and found that 38 percent of those for Android systems could determine locations, that half could access the unique code assigned to a person’s device and that 15 percent could grab phone numbers. The reach of apps, and of the networks advertisers use to pass data around, make them natural eavesdropping targets and are aiding a shift in the focus of surveillance efforts away from personal computers, Mahaffey said.