Government Contractor ‘Anomaly Six’ Used SDK to Track Phones

A U.S. government contractor called Anomaly Six used its SDK embedded in over 500 apps to track people. Which apps have this SDK is unknown (via WSJ).

Anomaly Six SDK

App makers sometimes let other companies embed an SDK into their apps. It collects data from people which is then sold, and the app maker gets a cut of the revenue. But users have no way of knowing what SDKs are inside an app, like the one created by Anomaly Six.

In the data drawn from apps, each cellphone is typically represented by an alphanumeric identifier that isn’t linked to the name of the cellphone’s owner. But the movement patterns of a phone over time can allow analysts to deduce its ownership—for example, where the phone is located during the evenings and overnight is likely where the phone-owner lives.

It’s a small, federal contractor that provides global location data products to branches of the U.S. government as well as private companies. The company says is doesn’t sell data collected by its SDK to government clients, only private entities. However, despite this sale of data to private clients it doesn’t have a privacy policy on its website, and it’s not registered as data broker in California.

The two founders of Anomaly Six used to work for a company called Babel Street, which provides social media monitoring services to the intelligence community and law-enforcement agencies. Brandan Huff is a former Army counterintelligence officer while Jeffrey Heinz, formerly of the Army, managed Babel Street’s relations with clients such as U.S. Cyber Command.

Senator Ron Wyden (D-OR) is conducting a probe into the sale of American’s location data and has been in contact with Anomaly Six.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.