Andre Yoskowitz
8 Apr 2011 23:23
It's official: Pandora has been sending your personal information to third-party advertising clients.
The news comes via security firm Veracode, who performed an analysis after the streaming music company revealed it had been subpoenaed by a federal grand jury to show off documents relating to its data collection practices on mobile devices.
Veracode (via Ars) says Pandora does, in fact, send your Android ID, date of birth, gender and GPS location to a number of ad companies.
The app integrates with Google.ads, AdMarvel, AdMob, comScore and Medialets.
Writes Veracode:
The analysis into the remaining libraries resulted in even more of the same. The SecureStudies library accesses the android_id and directly sends a hash of the data to [ link ] while the Medialets library accesses the device’s GPS location, bearing, altitude, android_id, connection status, network information, device brand, model, release revision, and current IP address.
[Y]our personal information is being transmitted to advertising agencies in mass quantities. In isolation some of this data is uninteresting, but when compiled into a single unifying picture, it can provide significant insight into a person's life... When all that is placed into a single basket, it’s pretty easy to determine who someone is, what they do for a living, who they associate with, and any number of other traits about them. I don’t know about you, but that feels a little Orwellian to me.