This is obviously hilarious, but it should be a reminder to be careful with your apps.
A popular Muslim prayer app has been secretly collecting its users’ location data, according to Vice. A network of data brokers links the app to US government law enforcement agencies such as ICE and the FBI.
The app called Salaat First (Prayer Times) was created to help Muslims perform their daily prayers, reminding when the time for the ritual has come, identifying the direction they need to take to face Mecca, and showing the location of nearby mosques. The features require identifying location data.
According to data leaked to Vice’s Motherboard website, the app went further than simply identifying where the user was, however. Until recently, it also shared that data with a broker, which sold the information on to other interested parties. The broker, a French firm called Predicio, is part of a what Vice claims is a shady data supply chain that had earlier been identified by the outlet. Among the chain’s clients are US law enforcement agencies, including the Federal Bureau of Investigations (FBI), Customs and Border Protection (CBP), and Immigration and Customs Enforcement (ICE).
Vice had previously exposed Muslim Pro, another app aimed at Muslim users, which tracked user locations and sold the data to the US military, including the US Special Operations Command. Admittedly, Salaat First has a smaller user base – the Android version of Salaat First, which had been collecting the data, has been downloaded more than 10 million times, whereas MuslimPro had racked up over 100 million downloads by the time it was outed.
The dataset examined by Vice recorded the precise geographic location of the device running Salaat First and updated it every two minutes, plus the device model and operating system, the IP address, and a timestamp. It also contained a unique advertising ID, which allowed the tracking of individual users over time. The app’s developer told Vice the tracking feature was supposed to initialize only if the app was downloaded in the UK, Germany, France or Italy. The report says Vice tested the app and decided that users had not been sufficiently informed about the feature to be able to give their informed consent to being tracked and their data being sold on.
And the data harvesting was not limited to Salaat First. Several other apps have likely used the same software development kit (SDK) to handle data collection. SDK is third-party code that usually helps create new software faster but can also add functionality beneficial to the third party in exchange for some incentive to the developer. Among other apps possibly running Predicio’s tracker were popular weather apps Fu*** Weather and Weawow, the report said, based on reverse-engineering of the code. Neither of the three apps is using the SDK now, they told Vice.
It was not clear if any of the location data collected by Predicio through Salaat First ended up in the hands of US law enforcement. The firm itself changed its website after Vice’s previous coverage of its business, to say it “does not support any governmental, commercial, or private use cases that aim to use business intelligence data to identify ethnic, religious, or political groups for human tracking or people identification of any sort.”
Vice points out that the way the data harvesting was carried out through Salaat First violated Google Play’s terms of service. X-Mode, the location tracker behind Muslim Pro, was banned by both Google and Apple from their app stores after the previous exposé. However, Predicio was allowed to run its operation for years, bringing into question Google’s willingness to enforce its own rules.
The Apple store is the only place where users of its devices can find and install apps without breaking terms of service. Android OS allows installation from third-party sources, but Google Play remains the main venue for bringing apps to end users. Big Tech power over software developers was recently highlighted by the ousting of Parler, a microblogging app catering to conservative audiences, amid the wider crackdown on supporters of Donald Trump.
You’ll hear a lot of people come out and say “OH BRO IT DOESN’T EVEN MATTER BRO EVERYTHING IS SPIED ON BRO.”
While that is possibly true, it is also nihilistic and retarded. Apple and Google were not turning over this information to the feds – an app was.
We actually have a lot of precedent for Apple in particular refusing to turn over information to the feds, or to anyone else. That doesn’t mean they aren’t doing it secretly, and I suspect they probably are, but secret information is not legally actionable.
At least not yet.
The point is: security is important, more than likely if you have a security leak, it is your fault for something stupid you did like install some random Android app and not because “BRO THEY RECORD EVERYTHING BRO.”
That having been said, there’s a good chance that under Kamala Harris, they’re going to make it so they can just legally use all of this secret NSA spying stuff to prosecute you in court, or just use it to round you up and put you in a FEMA camp.
But that means you should be more secure with your data – not less.
This is one of the reasons we removed Bitcoin as a donation option from the site.
By the way – please use Monero and donate.