Pandora Android app sends personal user data to ad servers

Security! Another Android app is taking user data and sending it elsewhere, but this time it’s Pandora. Earlier this week, we learned that Pandora was being asked for documentation on its privacy policies for a federal grand jury. And while Pandora wasn’t the particular target of the government probe, it was still forced to give up some info for some privacy issues.

This time, security firm Veracode says that Pandora is sending user data such as GPS information, sex, birth dates and more to third parties and ad servers.

Ars Technica reports:

Veracode decided to dig into Pandora’s Android app to see exactly what kinds of data might be transmitted (there was no reason given as to why they left iOS out, but it sounds like the team did it out of curiosity and Android is what they had on hand). According to Veracode’s analysis, Pandora’s app seems to be integrated with five separate ad libraries: AdMarvel, AdMob, comScore (SecureStudies), Google.Ads, and Medialets.

The story as to why the music-streaming service is collecting the information is a bit mixed up, too. Pandora says it needs personal information so that it can continue to provide a personalized music experience, but Veracode begs to differ:

Veracode’s analysis, however, shows that Pandora isn’t just collecting that information for itself, but is also using it for advertising purposes. If the grand jury ends up coming to the same conclusion, Pandora (and other app makers) could be facing legal difficulties.

It isn’t just the Android app that comes under fire, however, as the data probe from earlier this week will call into question the iOS version, too.

If Pandora is really collecting this kind of data and offering it up to third parties and advertisers without explicitly saying so in its privacy policy, it’s a shame. I really love the service. Perhaps for now I’ll be sticking to Slacker Radio for my mobile music streaming solution.

[Via: Ars Technica]