Pandora Subpoenaed In Probe of Mobile-App Privacy

ideaz writes "Pandora Media Inc., the largest Internet radio company, said it's been asked for information as part of a federal grand-jury probe into the way smartphone software developers handle personal data. Pandora isn't a specific target of the investigation and similar subpoenas have been issued to other publishers of apps that run on Apple's iPhone and Google's Android operating system, the company said in a securities filing today."

Re:

[WrongSizeGlass]

This shouldn't even be on here.

I disagree. I think it's:
* good news that the government may finally be taking a serious interest in protecting user data.
* bad news that the government may try to start regulating personal data or application developers because let's face it, they rarely get it right (if ever).

Why I stopped using their app

[Anonymous Coward]

I stopped using their app when it wanted access to the system logs. This includes all notifications of pretty much everything going on on your phone. It might help them debug the app, it might help them with advertisers. Who knows. I just knew their app wasn't worth it.

Probably their login method

[Culture20]

Their login method is "what's the iPhone's UUID?" Found that one out the hard way when I purchased a friends' (wiped by me) old iPhone. They're probably an example of doing it wrong.

Re:

[Beat The Odds]

What, exactly, is wrong with them connecting your Pandora account to the UNIVERSALLY UNIQUE ID for YOUR phone?

Re:

[ThunderBird89]

Then they shouldn't install ANY apps whatsoever, and wrap their phones in a layer of tinfoil, move out into a cave and never leave it!

Seriously though, I don't see problems with being tracked by Google through Latitude (which I use, keep my GPS online, and share my location with my friends), or Pandora (which, I don't use). It's not like their going to stalk you and peer in your windows while you sleep...

Re:

[Nyder]

Some people are paranoid when it comes down to being tracked.

Then i guess they should go live in a cave in the wilderness or something. The track cat is out of the bag and has been for the last 5 years or so.

You don't want to be tracked?

Don't get an ID, don't get an cell phones, don't use internet, don't use credit cards.

Do you understand? You are already being tracked and it is NOT going to stop.

Re:

[pclminion]

Because there is no one-to-one relationship between phones and users. As pointed out in the second freakin' sentence of the post you replied to.

Incorrect use of a smart phone

[shuz]

Listen here the parent obviously did not correctly follow the intentions of both the phone manufacturer as well as the assumption of the software designer. You are supposed to throw the phone into the closest trash receptical after 3-6 months of use and purchase a new $500 phone. By ensuring that your phone is securely in a landfill you can then feel confident that you will be supported to the fullest extent by your software vendor as well as your hardware vendor. Of course both data security and software b

Re:

[h4rr4r]

Because that is a unique ID per Phone not per User. Pandora accounts are unique to users, not phones.

Please tell me you are not involved in any sort of development.

Re:Probably their login method

[ArcCoyote]

Yep, and that's how I found iPhones that are returned as defective to the Apple Store make it back to the public.

I exchanged a 3GS that was spontaneously rebooting and syncing slowly or not at all, even after a DFU Restore (which is why I honestly believe jailbreaking can damage your flash, especially after I had it happen to TWO jailbroken 3GS's... but that's another story.)

Anyway, I had Pandora on it. I didn't reinstall Pandora right away on my replacement phone, but when I finally did (months later) and logged into my Pandora account, my stations had been replaced with a bunch of stuff I would never listen to. So explain to me how that happened, other than someone using the phone that was supposedly returned to Apple?

Re:

[Tim C]

I'd imagine the phone was refurbished and either sold again as such (hardly an uncommon practice) or passed off as new (again hardly uncommon, but definitely naughty). Neither of these things preclude it being returned to Apple and the refurbishment performed by them.

Re:

[tlhIngan]

Anyway, I had Pandora on it. I didn't reinstall Pandora right away on my replacement phone, but when I finally did (months later) and logged into my Pandora account, my stations had been replaced with a bunch of stuff I would never listen to. So explain to me how that happened, other than someone using the phone that was supposedly returned to Apple?

UUIDs are unique per phone hardware (I think they're derived from an internal serial number embedded either in flash, the CPU, or a mixture of all sorts of entr

Re:

[Ungrounded Lightning]

Has anyone figured out what these posts are all about?

Don't know this is what it is. But it would be an interesting way to use Steganography to broadcast or exchange a small amount of information.

Re:

[Thing 1]

I think we should get the FBI to ask the Internet to give them too many answers that they can't cope with real threats?

Not Surprised Pandora Got Called Out on This

[Maltheus]

I uninstalled Pandora from my phone the second they wanted permissions to access my calendar. I don't care so much that they know who my contacts are, but the details of my personal appointments are much more sensitive. Still, I knew the price and was free not to pay it. It's not like Android doesn't warn you when the permissions change.

Re:

[Belial6]

I just wish they would add a new "access to data" level that gives access to the application's private directory, and nothing else. It seems kind of silly that you have to give access to everything on the SD, or nothing.

Re:

[Tim C]

I'm not really sure how that would help - surely untrustworthy apps (or those that legitimately need the refused permission) will simply fail, thus gaining you nothing? Either way you're not going to be using the app.

Re:

[Culture20]

I have no idea what it has access to on my iPhone.

Re:

[node 3]

You don't, but Apple does. I'm sure it's their policy to reject an app that accesses a user's contact list or calendar (for example) which doesn't reasonably make use of.

Personally, I'd rather have a procedure like happens when an app requests access to the location data, but this is yet another situation where Apple's "walled garden" provides value to the average user.

Re:

[Thing 1]

Personally, I'd rather have a procedure like happens when an app requests access to the location data, but this is yet another situation where Apple's "walled garden" provides value to the average user.

I disagree, and I live in that walled garden. I would much prefer each app ask me for the permissions it needs, every single one of them, before it has access to my data.

Re:

[node 3]

Personally, I'd rather have a procedure like happens when an app requests access to the location data, but this is yet another situation where Apple's "walled garden" provides value to the average user.

I disagree, and I live in that walled garden. I would much prefer each app ask me for the permissions it needs, every single one of them, before it has access to my data.

If you were to re-read what I wrote, I think you'd find you don't disagree with me.

Re:

[Thing 1]

I'm mostly agreeing with you; the disagreement was with the extension of the thought (and not what you wrote directly), that being "what Apple provides is sufficient." So when I said I disagree, I actually disagreed with that, not with what you wrote. Seriously, thanks for bringing that to my attention. What I really meant, was that I would prefer more granularity than Apple currently provides in terms of giving applications access to my data.

Re:

[node 3]

Well, now I'm more confused. I don't know if you're still disagreeing with me or not. I did state I wanted more detailed security options, like what you said you wanted. I'm pretty sure I didn't imply I was alone in this.

We may just have to agree to agree on this...?

Re:

[Thing 1]

Yeah I was a bit confused when I wrote it. :) I agree, that we're just going to have to agree to agree. :)

Re:

[Coren22]

http://blog.pandora.com/faq/contents/1643.html [pandora.com]

The reasons they give are actually pretty good. IF you want to send your stations to a friend, it needs email and contacts. IF you want to add a concert, etc to your calendar, it needs calendar access. It uses GPS to give better targeted advertising (Metallica at the MCI center on )

I installed Pandora...

[Anonymous Coward]

And didn't uninstall it, especially when I realized I could get free, high quality music I actually enjoyed..
Anywhere. Music statistically optimized by my taste by doing little more than suggesting a few bands, then saying "Sucks, skip it" or "This rocks" a few times.
In the car? Internet>3G>Iphone>bluetooth>aftermarket bluetooth car deck.
No wires. Touch the screen of my phone and stuff it back in my pocket and forget it while driving. Got a phone call? Music pauses, in-car stero becomes speakerp

Re:

[Tim C]

Google has the problem of telling you all of the things an app will access, but not telling you why.

I also find that annoying at times, but realistically what can Google do? Demand to see the source code and implement a scheme to ensure that what they see is what is actually compiled in to the app? Or change the API to require a message that is displayed at permission request time, and trust the developers not to lie?

Re:

[Tim C]

And didn't uninstall it, especially when I realized I could get free, high quality music I actually enjoyed..
Anywhere.

Anywhere in the US. That's great for you, but sucks for the rest of us.

avoid dictionary.com app!

[1800maxim]

If you value privacy, YOUR privacy, avoid dictionary.com app at all costs. First, their website was riddled with over 200 pieces of cookies and tracking info (read a piece either here http://online.wsj.com/public/page/what-they-know-digital-privacy.html [wsj.com] or somewhere else, can't recall).

Second, their app for the blackberry wants access to ALL of your information, including calendar, contacts, files, email, SMS, etc... If you deny any of those permissions, the app won't work.

Moreover, I sent 2 emails to