
Pandora app found to be sending DOB, gender and location info to ad servers - lotusleaf1987
http://www.engadget.com/2011/04/07/pandora-mobile-app-found-to-be-sending-birth-date-gender-and-lo/
======
adorton
This isn't really a secret. Pandora outlines their information sharing policy
in their FAQ:

<http://blog.pandora.com/faq/contents/60.html>
<http://blog.pandora.com/faq/contents/392.html>

They also outlines their location sharing policy:

You may also get a request for location permissions. This data is used to
provide better geolocation for certain ad campaigns. Again, this function
would always be under your control. Each time an ad wants to use your location
to provide more personalized results, you will be asked for permission to use
your location, and you can decline this at any time.

------
orangecat
Pandora's Android app doesn't request either fine-grained (GPS) or coarse
(wifi) location permissions. So I don't believe it's actually sending location
data, but if it is then there's a larger problem.

~~~
trotsky
Veracode's research was a follow up to the piece that ran in the WSJ two days
ago:

Mobile-App Makers Face U.S. Privacy Investigation:
[http://online.wsj.com/article/SB1000142405274870380630457624...](http://online.wsj.com/article/SB10001424052748703806304576242923804770968.html)

In it, the journal reported:

 _The Journal tested 101 apps and found that [...] in Pandora's case, both the
Android and iPhone versions of its app transmitted information about a user's
age, gender, and location, as well as unique identifiers for the phone, to
various advertising networks. Pandora gathers the age and gender information
when a user registers for the service._

As far as I know, the journal stands by their story. The location pushing
Tyler details was found in the bundled AdMob code, which does check for
ACCESS_COARSE_LOCATION and ACCESS_FINE_LOCATION. While it would seem to be
relying on the bundler to request those, I wonder if there isn't something
going on that allows AdMob to grab location information if another application
that uses the AdMob code has requested it. Android applications can expose
public or private (same signer) APIs to other applications on the same device,
and send whatever data out of them they have access to.

~~~
ryanhuff
Good point! Does the intent system allow for a cross-intent permission
misappropriation? With the proliferation of ad-supported apps on Android, this
would be quite troubling.

~~~
tomjen3
It does, in that you can send any information you want from one app to
another.

But there are two reasons it doesn't make sense to me:

1) This is a huge violation of trust - Google specifically says that you
shouldn't collect information just to add it to the ad request.

2) It is not enough that the app where the information comes from also uses
adMob, it has to be signed by the same key as the app that is reading the
information. That is only possible if both apps where developed by the same
developer.

------
kylemaxwell
I'm mostly disappointed Pandora chose not to respond. Given the image they've
cultivated, I'd figure they'd get out in front of it.

Then again, they could be doing the right thing and getting with their
engineers to make sure they give accurate answers. The whole thing sounds
preliminary: what the code COULD do, versus what it actually sends over the
air.

------
geoffw8
I'm absolutely not surprised. The additional data undoubtedly nets them a
significantly higher return than if they sent nothing.

Doesn't bother me so much either.

~~~
crm114
I'm not surprised either. When a free service asks you to fill out a profile,
what do you think they're doing with that info? Not making Christmas card
lists.

------
ph0rque
I, for one, am glad that Pandora sends at least the gender to the ad
servers... it's a little disconcerting to get on Pandora with my wife signed
in and see tampon ads.

~~~
nickbp
Whenever I get one of those discount cards from a pharmacy/grocery store (CVS,
Price Chopper, Safeway, etc), I hand out the duplicates to random people just
to stick it to the man.

I do end up with 'interesting' coupons every so often. It's a little like
hearing back from an estranged friend.

~~~
zdw
I'd love a website to swap these cards around...

Or, alternatively, some other social signal that people wanted to trade,
similar to Button Men at conventions:
<http://en.wikipedia.org/wiki/Button_Men>

~~~
ambiguity
That reminds me of the guy who tried to become the ultimate shopper by mailing
people a copy of the UPC from his Safeway discount card with the intention
that they would stick it over their UPC code.
<http://www.cockeyed.com/pranks/safeway/ultimate_shopper.html>

------
jdp23
The Veracode report at [http://www.veracode.com/blog/2011/04/mobile-apps-
invading-yo...](http://www.veracode.com/blog/2011/04/mobile-apps-invading-
your-privacy/) has some more detailed analysis and decompiled code.

------
ajg1977
I don't know about Android, but Engadget could have answered the iPhone
question in 10 seconds flat.

Settings -> Location Services.

No entry for Pandora, so unless it's hacking away through private APIs then
it's not sending location info.

~~~
j79
Could it be possible that Pandora has access to the IP address for the device
when you initially connect to the service? It wouldn't be a specific geo
location, but even "Northern California" would be beneficial for advertisers I
would think?

~~~
conradev
I just checked and the iOS app does indeed send an approximated zip code to Ad
companies.

[http://ad.doubleclick.net/pfadx/pand.iphone/prod.nowplaying;...](http://ad.doubleclick.net/pfadx/pand.iphone/prod.nowplaying;ag=31;gnd=1;zip=XXXXX;dma=504;clean=0;hours=0;app=3.1.8;u=ag*31)

~~~
chrisbolt
FYI, you X'd out your zip code but not your Designated Market Area.

~~~
conradev
Oh, whoops!

------
fmkamchatka
Looking at the original article from Veracode, nothing proves that they are
sending the detailed GPS location. It's just saying the code to do so is
present in the Admob library...

------
bricestacey
I have an iPhone. I registered for Pandora in Boston, yet when I visit New
York City Pandora continues to send me Boston ads. It seems likely they send
an approximate zipcode you register with - not your actual location.

~~~
chancho
Likewise. I used the flash player in state A, then moved to state B and bought
an iPhone, but I continually get adds related to state A on my phone. Never
got a single add when I actually lived in state A, though.

------
hugh3
I'm confused. When did I ever tell Pandora my gender and date of birth?

~~~
fogus
You listen to Journey on a loop all day... it's not that hard to figure out.

------
bcrawford
"If You’re Not Paying for It; You’re the Product" source:
[http://lifehacker.com/#!5697167/if-youre-not-paying-for-
it-y...](http://lifehacker.com/#!5697167/if-youre-not-paying-for-it-youre-the-
product) (ok, actually from MetaFilter user blue_beetle)

------
gyardley
I'm always mystified by the fuss around these issues - after all, Pandora's
not a charity.

Can anyone show me a concrete example of actual harm resulting from ad
targeting? I get that you don't like it, but how are you hurt by it?

~~~
bxr
>Pandora's not a charity.

No, they're not. They provide a service for a price. In this case that price
includes personal data. I don't want to pay that price. I would like to know
that I'm paying that price so I can make an informed decision on if I want to
continue using paying for the service.

>actual harm

It depends of in you count an unknown intrusion of your privacy to harm your
privacy.

------
rorrr
Does this really bother anybody? I'd rather see relevant ads, not some vagina
spray for grandmothers in Texas.

