‘Appsolutely’ not

Published Updated
The writer is a journalist.
The writer is a journalist.

‘LOOSE lips sink ships’: this slogan was coined during World War II by the United States Office of War Information when they became aware that American sailors, who would loiter around bars and public areas near naval docks before deployment, were being targeted by spies. These spies, taking advantage of the natural proclivities of young sailors about to go off to war, would ply them with drinks and other favours, hoping — in the time-honoured tradition of spies — to pick up enough breadcrumbs to create an accurate picture of US navy deployments and supply routes, which would then be used to target and torpedo Allied shipping convoys.

While mainly intended for the navy, it applies to all services more or less because such loose lips can also get planes shot down and annihilate infantry, armour and artillery divisions. Nowadays, it’s not just loose lips you have to worry about because loose fingers and thumbs and, in fact, loose apps, photos and browsers can easily do the job as well. And in this, the job of spies has, in many senses, become much easier. Instead of buying you drinks, they can now just buy your data.

In fact, you don’t even need spies as such because we’re constantly carrying around a rectangular spy in our pockets. Take a picture with your mobile phone right now and then open it in your gallery and you’ll see — in the details section — that the time the picture was taken is recorded and if location and app permissions are enabled, the exact longitude and latitude at which the picture was taken is also visible. If you were to upload such a picture, you may have revealed your location. Even if you were to scrub this metadata, geolocation is still possible, and there are countless ‘geoguessers’ online who do this as a hobby or a challenge; some can even locate a picture accurately with a minimum of visual clues and sometimes just by analysing the way the shadows are falling, all with easily available open-source tools. And if that’s what ‘ordinary’ people can do, imagine the resources state actors have.

During the US-led war on Iran, Centcom claimed to have received multiple threat reports about hostile actors exploiting commercial location data obtained from phone apps to target or surveil US personnel in the Gulf. This was no elaborate hacking scheme but the simple obtaining of the data that commercial apps — such as food delivery, ride-sharing or even weather apps — and ad tracking services collect on all users, all the time. The apps are used because they’re free and convenient, but the price we pay is our data and in a theatre of war, convenience can kill.

The job of spies has become much easier.

It shouldn’t have come as a surprise; in 2017 the popular fitness app Strava — used by over 200 million people in 185 countries — released a heat map showing every single activity users had ever uploaded to Strava. Popular jogging and hiking tracks lit up on the map; the goal was to allow fitness fans to find popular routes and tracks and possibly meet other users.

However, it also inadvertently revealed military secrets as US soldiers using Strava clocked in on the app while deployed in Afghanistan and Syria. So, not only were the locations and perimeters of such bases now openly displayed — including some bases that were not officially supposed to exist — you could also determine which perimeters were patrolled when and what supply routes were used. Essentially, the soldiers’ pattern of life was available to all. No lessons were learned, and the location of the French aircraft carrier Charles de Gaulle was inadvertently exposed when a French sailor decided to log his Strava run while on the deck of the carrier as it sailed the Mediterranean.

Then there are thr­eats that come wearing disguises; remember Pokemon Go!? This augmented reality game was laun­ch­­ed in 2016 and promptly swept the world, being hailed as a breakthrough that would finally get gamers off their chairs and into the real world where they would wander streets and parks looking for virtual pokemons to capture on their phone cameras. They would then congregate in locations designated as Pokemon gyms to ‘train’ their Pokemon and, in the process, hopefully meet actual people.

Pokemon also started appearing in military bases, prompting puzzled militaries to issue advisories warning people not to intrude into secure locations. But now we have learned that, while the game was free, Niantic, the company behind it, was actually using the real-world location images and videos to train AI for spatial recognition and navigation.

The devices thus trained range from delivery robots to military drones which would now have the capability to operate in areas where GPS signals were weak or else blocked, all thanks to the efforts of players who were unaware that they were, in fact, being played.

The writer is a journalist.

X: @zarrarkhuhro

Published in Dawn, July 13th, 2026

Opinion

Editorial

Banking inertia
Updated 13 Jul, 2026

Banking inertia

PRIME Minister Shehbaz Sharif’s latest call to banks to expand lending to SMEs is nothing new. Every government...
Justice imperilled
13 Jul, 2026

Justice imperilled

THE Human Rights Commission of Pakistan and the International Federation for Human Rights have raised concerns about...
Toxic staple
13 Jul, 2026

Toxic staple

A RECENT article published in Dawn has shed light on the challenges being faced by Sindh’s chilli farmers, whose...
Mixed messaging
Updated 12 Jul, 2026

Mixed messaging

In case the parleys fail, a return to full-scale war would be the likely outcome.
Way forward
12 Jul, 2026

Way forward

A GROUP of estranged PTI leaders, calling themselves the ‘National Dialogue Committee’ and led by figures like...
Recalled orders
12 Jul, 2026

Recalled orders

WHILE justice should be blind, it should not be oblivious to the human suffering some decisions may cause. This is...