The US military buys location data from a number of apps, including a Muslim prayer app used by 98 million people, according to a new report today. Another app is a Muslim dating app with more than 100,000 downloads.
Other apps are seemingly random, including a popular Craigslist app, a storm-tracker and a level app to help you install shelves …
Motherboard reports that the data is used for, among other things, foreign special forces operations.
The U.S. military is buying the granular movement data of people around the world, harvested from innocuous-seeming apps, Motherboard has learned. The most popular app among a group Motherboard analyzed connected to this sort of data sale is a Muslim prayer and Quran app that has more than 98 million downloads worldwide […]
Through public records, interviews with developers, and technical analysis, Motherboard uncovered two separate, parallel data streams that the U.S. military uses, or has used, to obtain location data.
One relies on a company called Babel Street, which creates a product called Locate X. U.S. Special Operations Command (USSOCOM), a branch of the military tasked with counterterrorism, counterinsurgency, and special reconnaissance, bought access to Locate X to assist on overseas special forces operations.
The other stream is through a company called X-Mode, which obtains location data directly from apps, then sells that data to contractors, and by extension, the military […]
In a statement, Navy Cmdr. Tim Hawkins, a U.S. Special Operations Command spokesperson, confirmed the Locate X purchase, and added “Our access to the software is used to support Special Operations Forces mission requirements overseas. We strictly adhere to established procedures and policies for protecting the privacy, civil liberties, constitutional and legal rights of American citizens.”
The US military has previously used location data to help target drone strikes.
Although Apple requires location data sold to third parties to be anonymized, an earlier NYT piece explained how such data can be tied to specific individuals.
[One phone] leaves a house in upstate New York at 7 a.m. and travels to a middle school 14 miles away, staying until late afternoon each school day. Only one person makes that trip: Lisa Magrin, a 46-year-old math teacher […]
We followed military officials with security clearances as they drove home at night. We tracked law enforcement officers as they took their kids to school […]
We spotted a senior official at the Department of Defense walking through the Women’s March [and] to a high school, homes of friends, a visit to Joint Base Andrews, workdays spent in the Pentagon and a ceremony at Joint Base Myer-Henderson Hall with President Barack Obama in 2017.
App users are exceedingly unlikely to be aware of the end users of their location data, even if they read the lengthy privacy policies, which almost no-one does. Worse than this, the same is true of some of the developers of the apps.
Some app developers Motherboard spoke to were not aware who their users’ location data ends up with.
John Gruber explains how this happens.
There’s a whole seedy industry of location/data harvesting companies who pay the developers of popular (or even just semi-popular — anything with users) apps to include their frameworks in their applications. This is especially true for apps that ask for location permissions for legitimate purposes — things like weather or dating apps. If you, the user, grant the app location access, you’re granting it to all the frameworks embedded in the app too. That’s how this company X-Mode collects, packages, and sells the location data for untold millions of users who’ve never heard of X-Mode. They’re like privacy permission parasites.
X-Mode, specifically, isn’t the scandal — the scandal is the whole industry, and the widespread practice of apps just embedding them for the money without looking at what they do, or disclosing these “partnerships” to users.
Perhaps it’s time for Apple to update its developer guidelines to prohibit the sale of location data to brokers? Please lets us know your views in the comments.
FTC: We use income earning auto affiliate links. More.