You may also get a request for location permissions. This data is used to provide better geolocation for certain ad campaigns. Again, this function would always be under your control. Each time an ad wants to use your location to provide more personalized results, you will be asked for permission to use your location, and you can decline this at any time.
Pandora's Android app doesn't request either fine-grained (GPS) or coarse (wifi) location permissions. So I don't believe it's actually sending location data, but if it is then there's a larger problem.
The Journal tested 101 apps and found that [...] in Pandora's case, both the Android and iPhone versions of its app transmitted information about a user's age, gender, and location, as well as unique identifiers for the phone, to various advertising networks. Pandora gathers the age and gender information when a user registers for the service.
As far as I know, the journal stands by their story. The location pushing Tyler details was found in the bundled AdMob code, which does check for ACCESS_COARSE_LOCATION and ACCESS_FINE_LOCATION. While it would seem to be relying on the bundler to request those, I wonder if there isn't something going on that allows AdMob to grab location information if another application that uses the AdMob code has requested it. Android applications can expose public or private (same signer) APIs to other applications on the same device, and send whatever data out of them they have access to.
Good point! Does the intent system allow for a cross-intent permission misappropriation? With the proliferation of ad-supported apps on Android, this would be quite troubling.
It does, in that you can send any information you want from one app to another.
But there are two reasons it doesn't make sense to me:
1) This is a huge violation of trust - Google specifically says that you shouldn't collect information just to add it to the ad request.
2) It is not enough that the app where the information comes from also uses adMob, it has to be signed by the same key as the app that is reading the information. That is only possible if both apps where developed by the same developer.
I'm mostly disappointed Pandora chose not to respond. Given the image they've cultivated, I'd figure they'd get out in front of it.
Then again, they could be doing the right thing and getting with their engineers to make sure they give accurate answers. The whole thing sounds preliminary: what the code COULD do, versus what it actually sends over the air.
I'm not surprised either. When a free service asks you to fill out a profile, what do you think they're doing with that info? Not making Christmas card lists.
I, for one, am glad that Pandora sends at least the gender to the ad servers... it's a little disconcerting to get on Pandora with my wife signed in and see tampon ads.
Whenever I get one of those discount cards from a pharmacy/grocery store (CVS, Price Chopper, Safeway, etc), I hand out the duplicates to random people just to stick it to the man.
I do end up with 'interesting' coupons every so often. It's a little like hearing back from an estranged friend.
That reminds me of the guy who tried to become the ultimate shopper by mailing people a copy of the UPC from his Safeway discount card with the intention that they would stick it over their UPC code. http://www.cockeyed.com/pranks/safeway/ultimate_shopper.html
Could it be possible that Pandora has access to the IP address for the device when you initially connect to the service? It wouldn't be a specific geo location, but even "Northern California" would be beneficial for advertisers I would think?
Android is Settings->Applications->Manage Applications. Clicking an app icon reveals permissions. Pandora has no entry for 'Your location', fine or coarse.
Looking at the original article from Veracode, nothing proves that they are sending the detailed GPS location. It's just saying the code to do so is present in the Admob library...
I have an iPhone. I registered for Pandora in Boston, yet when I visit New York City Pandora continues to send me Boston ads. It seems likely they send an approximate zipcode you register with - not your actual location.
Likewise. I used the flash player in state A, then moved to state B and bought an iPhone, but I continually get adds related to state A on my phone. Never got a single add when I actually lived in state A, though.
No, they're not. They provide a service for a price. In this case that price includes personal data. I don't want to pay that price. I would like to know that I'm paying that price so I can make an informed decision on if I want to continue using paying for the service.
>actual harm
It depends of in you count an unknown intrusion of your privacy to harm your privacy.
http://blog.pandora.com/faq/contents/60.html http://blog.pandora.com/faq/contents/392.html
They also outlines their location sharing policy:
You may also get a request for location permissions. This data is used to provide better geolocation for certain ad campaigns. Again, this function would always be under your control. Each time an ad wants to use your location to provide more personalized results, you will be asked for permission to use your location, and you can decline this at any time.