Pandora, which recently announced that it was subpoenaed by a court for its policies regarding user data collection in its apps, has been revealed to be sending personal information about its users to third party advertising clients.
Veracode, a security firm, has looked through Pandora’s Android application and has found that the streaming music company is transmitting GPS data and other information to five different ad networks. It appears that a user’s birthday, gender, and postal code could be sent to the ad networks as well.
Pandora’s reasoning for collecting the data in the first place is to provide personalized music services for each user. Veracode’s findings show that the company is also using it for advertising purposes, effectively profiting from it. Veracode’s concerns lie with all of the data collectively being used. In isolation, each piece of data is benign; however, when grouped together and tied to a single user, it can paint a very accurate picture of the person.