All people who are using the Pandora music app on their iPhone or Android smartphones should be aware. The Pandora app is revealing your personal information to third party advertisers without your knowledge or consent, according to the application security company Veracode. The leaked information can be used to determine your gender, birth date, zip code, and your location using GPS system coordinates.

Pandora, a free Internet radio service that streams and recommends songs, recently announced the company has been served a subpoena as part of a federal grand-jury investigation over how personal data is shared among smartphone applications. Although results from the Federal investigation aren’t in yet, Internet security firm Veracode decided to conduct its own research.

VeraCode says “your personal information is being transmitted to advertising agencies in mass quantities.” Veracode puts its allegations into context, saying, “consider for a moment that your current location is being tracked while you are at your home, office, or significant other’s house. Couple that with your gender and age and then with your geolocated IP address. When all that is placed into a single basket, it’s pretty easy to determine who someone is, what they do for a living, who they associate with, and any number of other traits about them.”

Veracode claims that its own tests revealed that the Pandora app for Android is tied to advertisement libraries for AdMarvel, AdMob, comScore (SecureStudies), Google.Ads, and Medialerts. The study also took at look at what kinds of data Pandora is storing in these libraries. GPS system locations, user birthdays, genders, and postal codes were among the types of information the app has been giving away.