U.S. Military Buys Location Data from Ordinary Apps
The Claim
Various Muslim apps have been knowingly and intentionally selling their users’ data to the US military.
News posted on
Emerging story
Users have taken to Twitter to denounce various apps, particularly Muslim Pro, following an exposé by vice that uncovered how the US military is procuring the location data of Muslims worldwide. Twitter users have repeatedly shared that Muslim Pro had been selling the data of its users to the US military.
Muslim Pro has denied that it has sold its users’ location data to the US military, but the report by Vice’s Motherboard shows otherwise.
Misbar’s Analysis
Vice’s Motherboard has discovered in a report that the US military has been buying the location data of millions of Muslims from ordinary apps such as a weather app, Craig’s List, and Muslim Prayer and Qur’an App, which has been downloaded over 98 million times. The US Special Operations Command relied on data analytics companies, X-mode and Babel Street, to procure the data from the apps, who then sold it to contractors, industries, government agencies and the military.
The way the US military retrieved the data was through appointing two data broker companies known as Babel Street and X Mode who sent streams of location data from ordinary apps to the US military. A data broker is a third person or company which specializes in collecting information about individuals from public records and private sources, including apps, and thereafter sells that information to customers. In this case, the customer was the US military which wanted to procure the location data of Muslims within the US and around the world.
The first stream is through Babel street which owns a product called LOCATE X, which tracks phones, and sold access to that product to the US Special Operations Command to assist in “overseas special forces operations.” The second stream is through X-Mode, which is a company that pays app developers to put its location data-collecting code into apps to be sent back to them where it is then analyzed and sold to third parties. X-Mode was the company that had a contract with Muslim Pro, a Prayer and Qur’an app that has been downloaded nearly 100 million times. At the same time, X-Mode was in a contract with the US military in procuring certain types of data.
X-Mode had also confirmed it is selling information taken from ordinary smartphone apps to “US military customers” for purposes concerning “counter-terrorism, cyber-security and predicting future COVID-19 hotspots.” The US military has also confirmed the finding of the investigation in a statement by US Senator Ron Wyden, citing the need to “support Special Operations forces’ mission requirements overseas.”
It is important to understand that X-mode is the middleman and that there was no direct contact between its customer, being defense contractors, and the apps from which data was obtained, being Muslim Pro. Vice’s Motherboard spoke with the apps developers and confirmed that they were unaware that X-mode, who they sell data to, in turn, worked with military contractors, stating that the location industry is a black box even for people that work within it. However, Muslim Pro misrepresented the claim stating that Vice’s investigation found it sold its users’ data to the US military directly, which was not the case. Joseph Cox, the author of the report by Vice’s Motherboard, confirmed this on Twitter:
However, Misbar finds that it is important to note that this is still a serious breach of privacy for the apps’ users and that not enough due diligence was done on the part of Muslim Pro in the sale of personal data and in warning users that their data was being sold. Some apps that were observed sending location data to X-Mode do include that info in their privacy policy or have a pop-up saying it will use location data for some purposes. Others had no warning whatsoever, including Muslim Pro. An ordinary user would have no idea. Furthermore, X-Mode previously informed Motherboard that it gathers data from 400 apps. Considering that there are apps that don’t actually get users' consent, it would not be surprising if more of these apps weren't either.
Both Muslim Pro and Twitter users have been selective in sharing their information. The investigation by Vice hasn’t found that Muslim Pro has sold users’ data to the US military, but rather the app has a contract with X-mode, with whom it sold the data. Thereafter, X-mode sells that location data to defense contractors who then sell it to the US military, without the knowledge of the app’s developers. Either way, the location data of nearly 100 million Muslim users have ended up in the hands of the US military, and the LOCATION X program, which the US military has access to, can de-anonymize the data to reveal the identity of a specific user. Muslim Pro has stopped sharing location data with X-Mode following the release of Vice’s report.
The Singaporean Personal Data Protection Commission is currently investigating the claim of mass privacy breach by Muslim Pro, as the app’s developer, Bitsmedia, is headquartered in Singapore. The revelation is particularly alarming considering the global context of growing islamophobia. There is a strong possibility that the location data, which can be de-anonymized, could potentially be used for measures beyond its intended purpose, that result in further surveillance and crackdowns on Muslim minorities worldwide.
