Dating, weather, and other apps monitor users’ location and send it to military contractors, report claims

Sign up to our free weekly IndyTech newsletter delivered straight to your inbox

Sign up to our free IndyTech newsletter

Please enter a valid email address

Please enter a valid email address

SIGN UP

I would like to be emailed about offers, events and updates from The Independent. Read our privacy policy

A group of apps, including a Muslim prayer and Quran app, a Muslim dating app, an app for tracking storms, and more have been used to collect data that has been sold to the US military contractors

The data is collected through a company called X-Mode, which gets access to location data from apps and sells that data to contractors, according to a report from Motherboard.

It encourages app developers to use its software development kit (SDK) code in their products, which then collects app users location data and sends it to X-Mode, in exchange for a fee based on how many users the app has. For 50,000 daily active users, a developer will earn $1,500.

Data is sent from these apps to X-Mode, which is then sold to a range of clients including Sierra Nevada Corporation and Systems & Technology Research, who could be found on an archived “Trusted Partners” page on X-Mode’s website.

The former builds combat aircraft and developers cyber and electronic warfare, while the latter offers “data analytics” to intelligence analysts.

X-Mode told Motherboard that it "does not work with Sierra Nevada or STR", but did not deny they were previously customers.

During a concurrent investigation into X-Mode by US Senator Ron Wyden, which happened as Motherboard was gathering information, X-Mode reportedly removed multiple company names from the Trusted Partners page, including Sierra Nevada Corporation.

The Independent has reached out to Sierra Nevada Corporation and Systems & Technology Research for comment.

"X-Mode licenses its data panel to a small number of technology companies that may work with government military services, but our work with such contractors is international and primarily focused on three use cases: counter-terrorism, cybersecurity and predicting future COVID-19 hotspots," X-Mode said.

X-Mode’s SDK is currently in approximately 400 apps, including Muslim Pro, the Muslim Mingle dating app, the "Accupedo" step counter app, the “CPlus for Craigslist" app, “Bubble level”, a spirit level app, and "Global Storms," an app for tracking weather events.

"I was not aware that X-Mode was selling those data to some military contractors," Nicolas Dedouche, CEO at app development firm Mobzapp, said. "I cannot be aware X-Mode is working with military contractors if they do not clearly mention it somewhere.”

"As an app developer I do care with whom I'm contracting with," Antoine Vianey, the developer behind the app "Bubble level", but added that he was not aware that Sierra Nevada Corporation or Systems & Technology Research were partners.

YanFlex, the developer behind the CPlus for Craigslist app, did not know that X-Mode worked with military contractors.

"We do not speak publicly about the relationships we have with our partners. If you are interested in our relationship with X-Mode, you can contact them directly” said step-tracking app Accupedo.

"We are comfortable with how X-Mode uses location data," Neil Kelly, president and chief developer of Kelly Technology, which makes the Global Storms app, said.

Muslim Pro reportedly did not respond to Motherboard’s request for comment. When approached by the Independent, Muslim Pro provided this comment:

"On 16 November 2020, Vice media reported that the Muslim prayer app Muslim Pro was selling personal data of its users to the US military contractors. This is incorrect and untrue.

"The protection and respect of the privacy of our users is Muslim Pro’s outmost priority. As one of the most trusted Muslim app over the last 10 years, we adhere to the most stringent privacy standards and data protection regulations, and never share any personal identifiable information. Since we were made aware of the situation, we have launched an internal investigation and are reviewing our data governance policy to confirm that all user data was handled in line with all existing requirements.

“Regardless, in respect of the trust millions of prayers puts in Muslim Pro every day, we are immediately terminating our relationships with our data partners - including with X-Mode, which started four weeks ago. We will continue to take all necessary measures to ensure that our users practice their faith with peace of mind, which remains Muslim Pro’s sole mission since its creation.”

Some apps’ privacy policies, as well as X-Mode's own policy, says the company may use location data "for disease prevention and research, security, anti-crime and law enforcement." Other apps do not mention the transfer of location data at all, but following Motherboard’s reporting made changes for to add an opt-in consent box.

Many users will not have been aware that location data is used for military purposes. X-Mode said that its partner apps are contractually obligated to follow data protection laws and obtain consent.

As well as getting information through companies like X-Mode the US military – specifically US Special Operations Command (USSOCOM) – also purchased access to Locate X, a data location product from a company called Babel Street.

Locate X gives users the ability to draw a shape on a map, see all the devices Babel Street has information for within that location, and follow a specific device.

While the Locate X data is anonymised, Motherboard reports that the company “could absolutely deanonymize a person” and that Babel Street employees would "play with it, to be honest."

The Independent has reached out to Babel Street for comment.