×

Announcing: Slashdot Deals - Explore geek apps, games, gadgets and more. (what is this?)

Thank you!

We are sorry to see you leave - Beta is different and we value the time you took to try it out. Before you decide to go, please take a look at some value-adds for Beta and learn more about it. Thank you for reading Slashdot, and for making the site better!

Pandora Subpoenaed In Probe of Mobile-App Privacy

Soulskill posted more than 3 years ago | from the investigating-at-the-speed-of-government dept.

Privacy 50

ideaz writes "Pandora Media Inc., the largest Internet radio company, said it's been asked for information as part of a federal grand-jury probe into the way smartphone software developers handle personal data. Pandora isn't a specific target of the investigation and similar subpoenas have been issued to other publishers of apps that run on Apple's iPhone and Google's Android operating system, the company said in a securities filing today."

Sorry! There are no comments related to the filter you selected.

Not news. (0, Insightful)

Anonymous Coward | more than 3 years ago | (#35714580)

This shouldn't even be on here.

Re:Not news. (1)

WrongSizeGlass (838941) | more than 3 years ago | (#35714692)

This shouldn't even be on here.

I disagree. I think it's:
* good news that the government may finally be taking a serious interest in protecting user data.
* bad news that the government may try to start regulating personal data or application developers because let's face it, they rarely get it right (if ever).

Re:Not news. (-1)

Anonymous Coward | more than 3 years ago | (#35714754)

bad news that the government may try to start regulating personal data or application developers because let's face it, they rarely get it right (if ever).

You have insinuated that the government does things wrong more often than not. This obviously makes you a ayn-rand loving teabagger troglodyte.

At least this is a common response I've noticed here, so long as a Democrat is in the White House.

Re:Not news. (0)

Anonymous Coward | more than 3 years ago | (#35714916)

From what I've seen most of the so-called tea party doesn't know shit about Ayn Rand nor her ideology.

Re:Not news. (0)

Anonymous Coward | more than 3 years ago | (#35715146)

Or anything else written in books.

Re:Not news. (0)

Anonymous Coward | more than 3 years ago | (#35716266)

that's right we use google books.

Busted (0)

Anonymous Coward | more than 3 years ago | (#35714592)

I can't wait to see exactly how much personal data these applications are squeezing out of my phone.

Don't save anything that you wouldn't want to explain in a deposition...

Why I stopped using their app (1)

Anonymous Coward | more than 3 years ago | (#35714652)

I stopped using their app when it wanted access to the system logs. This includes all notifications of pretty much everything going on on your phone. It might help them debug the app, it might help them with advertisers. Who knows. I just knew their app wasn't worth it.

Re:Why I stopped using their app (0)

Anonymous Coward | more than 3 years ago | (#35715048)

I remember uninstalling after discovering the Pandora widget idled at ~10% CPU usage while doing nothing at all.

Byut (0)

Anonymous Coward | more than 3 years ago | (#35714716)

Who wil tink of the chidrne?

Probably their login method (3, Informative)

Culture20 (968837) | more than 3 years ago | (#35714736)

Their login method is "what's the iPhone's UUID?" Found that one out the hard way when I purchased a friends' (wiped by me) old iPhone. They're probably an example of doing it wrong.

Re:Probably their login method (0)

Anonymous Coward | more than 3 years ago | (#35714836)

I agree.
Let's burn the flag [flagburningworld.com] of Pandora in protest.

Re:Probably their login method (1)

Beat The Odds (1109173) | more than 3 years ago | (#35714914)

What, exactly, is wrong with them connecting your Pandora account to the UNIVERSALLY UNIQUE ID for YOUR phone?

Re:Probably their login method (0)

Anonymous Coward | more than 3 years ago | (#35714962)

Some people are paranoid when it comes down to being tracked.

Re:Probably their login method (1)

ThunderBird89 (1293256) | more than 3 years ago | (#35714998)

Then they shouldn't install ANY apps whatsoever, and wrap their phones in a layer of tinfoil, move out into a cave and never leave it!

Seriously though, I don't see problems with being tracked by Google through Latitude (which I use, keep my GPS online, and share my location with my friends), or Pandora (which, I don't use). It's not like their going to stalk you and peer in your windows while you sleep...

Re:Probably their login method (1)

Nyder (754090) | more than 3 years ago | (#35717648)

Some people are paranoid when it comes down to being tracked.

Then i guess they should go live in a cave in the wilderness or something. The track cat is out of the bag and has been for the last 5 years or so.

You don't want to be tracked?

Don't get an ID, don't get an cell phones, don't use internet, don't use credit cards.

Do you understand? You are already being tracked and it is NOT going to stop.

Re:Probably their login method (0)

Anonymous Coward | more than 3 years ago | (#35719914)

Yep, I agree. Although there is cause for concern, and I do spend a moderate amount of energies not being tracked (easier when you work in IT), I accepted a long time about that some irrelevant information is going to be leaked about me.

Re:Probably their login method (1)

pclminion (145572) | more than 3 years ago | (#35714984)

Because there is no one-to-one relationship between phones and users. As pointed out in the second freakin' sentence of the post you replied to.

Incorrect use of a smart phone (2)

shuz (706678) | more than 3 years ago | (#35715242)

Listen here the parent obviously did not correctly follow the intentions of both the phone manufacturer as well as the assumption of the software designer. You are supposed to throw the phone into the closest trash receptical after 3-6 months of use and purchase a new $500 phone. By ensuring that your phone is securely in a landfill you can then feel confident that you will be supported to the fullest extent by your software vendor as well as your hardware vendor. Of course both data security and software backups and data transfers are out of scope of both the software vendor as well as the hardware manufacturer. I personally suggest an 8 lb maul against an uneven and sharp surface. Ensure that particles of your previous device are smaller than a dime. As for software backups and transfers I suggest a professional paid service that will steal, ahem, manage that data for you.

Re:Probably their login method (0)

Anonymous Coward | more than 3 years ago | (#35715162)

What, exactly, is wrong with them connecting your Pandora account to the UNIVERSALLY UNIQUE ID for YOUR phone?

Maybe because he WIPED it?

I love Pandora. Actually I am a subscriber for their yearly service. But if he wiped his phone and Pandora somehow kept his credentials that's silly.

Re:Probably their login method (1)

h4rr4r (612664) | more than 3 years ago | (#35720556)

Because that is a unique ID per Phone not per User. Pandora accounts are unique to users, not phones.

Please tell me you are not involved in any sort of development.

Re:Probably their login method (3, Informative)

ArcCoyote (634356) | more than 3 years ago | (#35717230)

Yep, and that's how I found iPhones that are returned as defective to the Apple Store make it back to the public.

I exchanged a 3GS that was spontaneously rebooting and syncing slowly or not at all, even after a DFU Restore (which is why I honestly believe jailbreaking can damage your flash, especially after I had it happen to TWO jailbroken 3GS's... but that's another story.)

Anyway, I had Pandora on it. I didn't reinstall Pandora right away on my replacement phone, but when I finally did (months later) and logged into my Pandora account, my stations had been replaced with a bunch of stuff I would never listen to. So explain to me how that happened, other than someone using the phone that was supposedly returned to Apple?

Re:Probably their login method (1)

Tim C (15259) | more than 3 years ago | (#35718822)

I'd imagine the phone was refurbished and either sold again as such (hardly an uncommon practice) or passed off as new (again hardly uncommon, but definitely naughty). Neither of these things preclude it being returned to Apple and the refurbishment performed by them.

Re:Probably their login method (0)

Anonymous Coward | more than 3 years ago | (#35718934)

I'm suspecting the latter, mainly because I believe Apple is smart enough to change the UUID when refurbishing a phone to prevent this kind of thing.

Re:Probably their login method (1)

tlhIngan (30335) | more than 3 years ago | (#35720968)

Anyway, I had Pandora on it. I didn't reinstall Pandora right away on my replacement phone, but when I finally did (months later) and logged into my Pandora account, my stations had been replaced with a bunch of stuff I would never listen to. So explain to me how that happened, other than someone using the phone that was supposedly returned to Apple?

UUIDs are unique per phone hardware (I think they're derived from an internal serial number embedded either in flash, the CPU, or a mixture of all sorts of entropy (dual MACs from WiFi+BT, serial number, flash serial number, IMEI, etc).

When you exchanged your 3GS, Apple puts it in a pile to be refurbed and gives you one from the freshly refurbed (or brand new - they need seed stock and it's brand new, except sans accessories, etc). What that refurb pile gets big enough, they ship it back to Apple who then accumulates a big pile of those and they go and repair them all in one go. Those then get distributed back as units to replace other failed ones, and the cycle continues. Your broken unit ended up fixed and was used to replace another broken unit.

And Apple does have refurb sales too to sell the repaired units.

Of course, the developer is an idiot for using UUIDs to identify people, since there's no 1:1 relationship between phones and people. Some people own more than one phone. Some phones are owned by more than one person.

neo-gods inbreeding w/monkeys=hymen shortage (-1)

Anonymous Coward | more than 3 years ago | (#35715030)

it was also decried that we could 'blame it on the night'. fiction could never be closer to hiding the truth than it now is? lavish lunch meetings & expedited unproven depopulation schemes are ongoing until the georgia stone mandated .5 billion remaining pop.ruled.done. it was also mentioned that aliens may have contributed to the anomalies?

non-virgins birthing hymenless babys? (0)

Anonymous Coward | more than 3 years ago | (#35715114)

queer enough? stop it. go away. this can't be real? everybody knows god made us to suffer & die for our rulers, so all this 'where did we come from, where are we not going' drivel has no meaning to those of us who had hymens, & disposed of them appropriately, with help, from our religious & non-religious trainings. so there? monkeys? sex? what?

anybody know what these posts are? (0)

Anonymous Coward | more than 3 years ago | (#35715262)

Has anyone figured out what these posts are all about? What is somebody getting from doing this? It doesn't appear to be advertising for something, so what is its point?

Seems it's always one AC, and another one follows up, but just once per thread.

Re:anybody know what these posts are? (1)

Ungrounded Lightning (62228) | more than 3 years ago | (#35715616)

Has anyone figured out what these posts are all about?

Don't know this is what it is. But it would be an interesting way to use Steganography to broadcast or exchange a small amount of information.

Re:anybody know what these posts are? (1)

Thing 1 (178996) | more than 3 years ago | (#35716792)

I think we should get the FBI to ask the Internet to give them too many answers that they can't cope with real threats?

Not Surprised Pandora Got Called Out on This (2)

Maltheus (248271) | more than 3 years ago | (#35715050)

I uninstalled Pandora from my phone the second they wanted permissions to access my calendar. I don't care so much that they know who my contacts are, but the details of my personal appointments are much more sensitive. Still, I knew the price and was free not to pay it. It's not like Android doesn't warn you when the permissions change.

Re:Not Surprised Pandora Got Called Out on This (0)

Anonymous Coward | more than 3 years ago | (#35715172)

I uninstalled Pandora from my phone the second they wanted permissions to access my calendar. I don't care so much that they know who my contacts are, but the details of my personal appointments are much more sensitive.

Which is why I still prefer BlackBerry -- I'm given the option to reject the App's requested permissions and substitute my own.

Who the fuck said app developers should be able to dictate the permissions their apps get?
Any app running on my phone has a choice: "Personal Data" or "Internet Access" never shall the two meet.

PLEASE Google, add the ability to override app permissions and I'll gladly switch!

Re:Not Surprised Pandora Got Called Out on This (1)

Belial6 (794905) | more than 3 years ago | (#35717136)

I just wish they would add a new "access to data" level that gives access to the application's private directory, and nothing else. It seems kind of silly that you have to give access to everything on the SD, or nothing.

Re:Not Surprised Pandora Got Called Out on This (1)

Tim C (15259) | more than 3 years ago | (#35718830)

I'm not really sure how that would help - surely untrustworthy apps (or those that legitimately need the refused permission) will simply fail, thus gaining you nothing? Either way you're not going to be using the app.

Re:Not Surprised Pandora Got Called Out on This (0)

Anonymous Coward | more than 3 years ago | (#35719342)

It depends on what you mean by "untrustworthy".
The intentionally malicious apps will fail.
But it's more about keeping "honest" apps honest - only the parts of the app requiring personal info fail to operate.

It's something I've done for a few years, and it's worked well enough so far.

Re:Not Surprised Pandora Got Called Out on This (1)

Culture20 (968837) | more than 3 years ago | (#35715460)

I have no idea what it has access to on my iPhone.

Re:Not Surprised Pandora Got Called Out on This (0)

node 3 (115640) | more than 3 years ago | (#35715908)

You don't, but Apple does. I'm sure it's their policy to reject an app that accesses a user's contact list or calendar (for example) which doesn't reasonably make use of.

Personally, I'd rather have a procedure like happens when an app requests access to the location data, but this is yet another situation where Apple's "walled garden" provides value to the average user.

Re:Not Surprised Pandora Got Called Out on This (1)

Thing 1 (178996) | more than 3 years ago | (#35716842)

Personally, I'd rather have a procedure like happens when an app requests access to the location data, but this is yet another situation where Apple's "walled garden" provides value to the average user.

I disagree, and I live in that walled garden. I would much prefer each app ask me for the permissions it needs, every single one of them, before it has access to my data.

Re:Not Surprised Pandora Got Called Out on This (1)

node 3 (115640) | more than 3 years ago | (#35716924)

Personally, I'd rather have a procedure like happens when an app requests access to the location data, but this is yet another situation where Apple's "walled garden" provides value to the average user.

I disagree, and I live in that walled garden. I would much prefer each app ask me for the permissions it needs, every single one of them, before it has access to my data.

If you were to re-read what I wrote, I think you'd find you don't disagree with me.

Re:Not Surprised Pandora Got Called Out on This (1)

Thing 1 (178996) | more than 3 years ago | (#35727414)

I'm mostly agreeing with you; the disagreement was with the extension of the thought (and not what you wrote directly), that being "what Apple provides is sufficient." So when I said I disagree, I actually disagreed with that, not with what you wrote. Seriously, thanks for bringing that to my attention. What I really meant, was that I would prefer more granularity than Apple currently provides in terms of giving applications access to my data.

Re:Not Surprised Pandora Got Called Out on This (1)

node 3 (115640) | more than 3 years ago | (#35729126)

Well, now I'm more confused. I don't know if you're still disagreeing with me or not. I did state I wanted more detailed security options, like what you said you wanted. I'm pretty sure I didn't imply I was alone in this.

We may just have to agree to agree on this...?

Re:Not Surprised Pandora Got Called Out on This (1)

Thing 1 (178996) | more than 3 years ago | (#35743482)

Yeah I was a bit confused when I wrote it. :) I agree, that we're just going to have to agree to agree. :)

Re:Not Surprised Pandora Got Called Out on This (1)

Coren22 (1625475) | more than 3 years ago | (#35720776)

http://blog.pandora.com/faq/contents/1643.html [pandora.com]

The reasons they give are actually pretty good. IF you want to send your stations to a friend, it needs email and contacts. IF you want to add a concert, etc to your calendar, it needs calendar access. It uses GPS to give better targeted advertising (Metallica at the MCI center on )

I installed Pandora... (2, Interesting)

Anonymous Coward | more than 3 years ago | (#35715260)

And didn't uninstall it, especially when I realized I could get free, high quality music I actually enjoyed..
Anywhere. Music statistically optimized by my taste by doing little more than suggesting a few bands, then saying "Sucks, skip it" or "This rocks" a few times.
In the car? Internet>3G>Iphone>bluetooth>aftermarket bluetooth car deck.
No wires. Touch the screen of my phone and stuff it back in my pocket and forget it while driving. Got a phone call? Music pauses, in-car stero becomes speakerphone. Music resumes and fades in when call ends. This, in a vehicle that was made when "push technology" was the buzzword of the day. When did the future get here?

Re:I installed Pandora... (0)

Anonymous Coward | more than 3 years ago | (#35717146)

The functionality is great, what's not great is that you have to give it access to your soul-binding true name. Most people don't care, but it is exactly for the people who don't care that we should task developers to lock down their security.

I don't see why it's so hard for apple/google etc to pop up a dialog the first time a specific app requests a specific permission. "Pandora wants to use the calendar (why does it need to do this again?)" Yes/no. Should have been built into the software day one.

Google has the problem of telling you all of the things an app will access, but not telling you why. Some apps request permission for features that are rarely used, or used for a specific feature. Apple has the problem that apple is your only line of defense. You still don't know if an app is safe, you only know that Apple thinks it is. More often than not they are probably right, but...

Re:I installed Pandora... (1)

Tim C (15259) | more than 3 years ago | (#35719254)

Google has the problem of telling you all of the things an app will access, but not telling you why.

I also find that annoying at times, but realistically what can Google do? Demand to see the source code and implement a scheme to ensure that what they see is what is actually compiled in to the app? Or change the API to require a message that is displayed at permission request time, and trust the developers not to lie?

Re:I installed Pandora... (0)

Anonymous Coward | more than 3 years ago | (#35717460)

Stop talking rubbish:
http://www.pandora.com/restricted

Re:I installed Pandora... (1)

Tim C (15259) | more than 3 years ago | (#35718842)

And didn't uninstall it, especially when I realized I could get free, high quality music I actually enjoyed..
Anywhere.

Anywhere in the US. That's great for you, but sucks for the rest of us.

Re:I installed Pandora... (0)

Anonymous Coward | more than 3 years ago | (#35722498)

And didn't uninstall it, especially when I realized I could get free, high quality music I actually enjoyed..
Anywhere.

Anywhere in the US. That's great for you, but sucks for the rest of us.

Maybe I'm missing something here... why would you have their App installed then if you can't use it? Or are you saying that only the free listening is available in the US, and paid listening is available outside? Please clarify.

avoid dictionary.com app! (1)

1800maxim (702377) | more than 3 years ago | (#35719616)

If you value privacy, YOUR privacy, avoid dictionary.com app at all costs. First, their website was riddled with over 200 pieces of cookies and tracking info (read a piece either here http://online.wsj.com/public/page/what-they-know-digital-privacy.html [wsj.com] or somewhere else, can't recall).

Second, their app for the blackberry wants access to ALL of your information, including calendar, contacts, files, email, SMS, etc... If you deny any of those permissions, the app won't work.

Moreover, I sent 2 emails to them asking what kind of information their app collects, and received no response.

Beware!
Check for New Comments
Slashdot Login

Need an Account?

Forgot your password?