Second prayer app caught harvesting user location data may have snitched on Muslims to ICE and FBI – media
A popular Muslim prayer app has been secretly collecting its users’ location data, according to Vice. A network of data brokers links the app to US government law enforcement agencies such as ICE and the FBI.
The app called Salaat First (Prayer Times) was created to help Muslims perform their daily prayers, reminding when the time for the ritual has come, identifying the direction they need to take to face Mecca, and showing the location of nearby mosques. The latter feature requires identifying location data.
According to data leaked to Vice’s Motherboard website, the app went further than simply identifying where the user was, however. Until recently, it also shared that data with a broker, which sold the information on to other interested parties. The broker, a French firm called Predicio, is part of a what Vice claims is a shady data supply chain that had earlier been identified by the outlet. Among the chain’s clients are US law enforcement agencies, including the Federal Bureau of Investigations (FBI), Customs and Border Protection (CBP), and Immigration and Customs Enforcement (ICE).
Vice had previously exposed Muslim Pro, another app aimed at Muslim users, which tracked user locations and sold the data to the US military, including the US Special Operations Command. Admittedly, Salaat First has a smaller user base – the Android version of Salaat First, which had been collecting the data, has been downloaded more than 10 million times, whereas MuslimPro had racked up over 100 million downloads by the time it was outed.
Also on rt.com
The dataset examined by Vice recorded the precise geographic location of the device running Salaat First and updated it every two minutes, plus the device model and operating system, the IP address, and a timestamp. It also contained a unique advertising ID, which allowed the tracking of individual users over time. The app’s developer told Vice the tracking feature was supposed to initialize only if the app was downloaded in the UK, Germany, France or Italy. The report says Vice tested the app and decided that users had not been sufficiently informed about the feature to be able to give their informed consent to being tracked and their data being sold on.
And the data harvesting was not limited to Salaat First. Several other apps have likely used the same software development kit (SDK) to handle data collection. SDK is third-party code that usually helps create new software faster but can also add functionality beneficial to the third party in exchange for some incentive to the developer. Among other apps possibly running Predicio’s tracker were popular weather apps Fu*** Weather and Weawow, the report said, based on reverse-engineering of the code. Neither of the three apps is using the SDK now, they told Vice.
Also on rt.com
It was not clear if any of the location data collected by Predicio through Salaat First ended up in the hands of US law enforcement. The firm itself changed its website after Vice’s previous coverage of its business, to say it “does not support any governmental, commercial, or private use cases that aim to use business intelligence data to identify ethnic, religious, or political groups for human tracking or people identification of any sort.”
Vice points out that the way the data harvesting was carried out through Salaat First violated Google Play’s terms of service. X-Mode, the location tracker behind Muslim Pro, was banned by both Google and Apple from their app stores after the previous exposé. However, Predicio was allowed to run its operation for years, bringing into question Google’s willingness to enforce its own rules.
The Apple store is the only place where users of its devices can find and install apps without breaking terms of service. Android OS allows installation from third-party sources, but Google Play remains the main venue for bringing apps to end users. Big Tech power over software developers was recently highlighted by the ousting of Parler, a microblogging app catering to conservative audiences, amid the wider crackdown on supporters of Donald Trump.
Also on rt.com
Like this story? Share it with a friend!