U.S. government contractor tracked hundreds of millions of users using SDK

A scathing WSJ report has the details…

What you need to know

• As U.S. government contractor embedded tracking software in numerous mobile apps.
• That’s according to a new WSJ report.
• It says that hundreds of millions of users were tracked worldwide as a result.

A damning new WSJ report says a small U.S. government contractor embedded software in over 500 apps, tracking millions of people worldwide.

According to the report:

A small U.S. company with ties to the U.S. defense and intelligence communities has embedded its software in numerous mobile apps, allowing it to track the movements of hundreds of millions of mobile phones world-wide, according to interviews and documents reviewed by The Wall Street Journal.

Anomaly Six LLC is the company in question, apparently boasting in marketing material that it was “able to draw location data from more than 500 mobile applications” from its own software development kit, embedded directly in some apps:

Anomaly Six says it embeds its own SDK in some apps, and in other cases gets location data from other partners.

The report says Anomaly Six is a federal contractor that provides global location data to “to branches of the U.S. government and private-sector clients”. It told WSJ that it restricts the sale of U.S. mobile phone movement data only to the private sector, however.

The report further claims “numerous” U.S. government agencies have deemed the scheme lawful. The report continues:

The firm’s capabilities were described in documents prepared for military officials that were reviewed by the Journal. The company also explained its business practices in a recent briefing to the office of Sen. Ron Wyden, whose staff then described it to the Journal. The Oregon Democrat has been conducting a probe into the sale of Americans’ location data.

The data extracted from apps is reportedly anonymized with alphanumeric identifiers not linked to user’s names, however over time anonymous data can very easily be linked to an individual (if you take the same commute to work from your house each day, for example). The report notes:

According to interviews with numerous people in the industry, there is little regulation in the U.S. about the buying and selling of location data, leading to what one industry veteran called “the Wild West.” Consumers have come to expect free apps, and app makers have turned to selling user data to pay for the costs of developing and running the software, people familiar with the industry.

You can read the full report here.