2020-11-30

How the U.S. Military Buys Location Data From Ordinary Apps

Spread the love

Joseph Cox, reporting for Motherboard:

The U.S. military is buying the granular movement data of people
around the world, harvested from innocuous-seeming apps,
Motherboard has learned. The most popular app among a group
Motherboard analyzed connected to this sort of data sale is a
Muslim prayer and Quran app that has more than 98 million
downloads worldwide. Others include a Muslim dating app, a popular
Craigslist app, an app for following storms, and a “level” app
that can be used to help, for example, install shelves in a
bedroom.

Through public records, interviews with developers, and technical
analysis, Motherboard uncovered two separate, parallel data
streams that the U.S. military uses, or has used, to obtain
location data. One relies on a company called Babel Street, which
creates a product called Locate X. U.S. Special Operations Command
(USSOCOM), a branch of the military tasked with counterterrorism,
counterinsurgency, and special reconnaissance, bought access to
Locate X to assist on overseas special forces operations. The
other stream is through a company called X-Mode, which obtains
location data directly from apps, then sells that data to
contractors, and by extension, the military.

Matt Drance:

Developers: Read this thread and please, please push back on
growth hackers telling you to put random ass libraries in
your apps.

There’s a whole seedy industry of location/data harvesting companies who pay the developers of popular (or even just semi-popular — anything with users) to include their frameworks in their applications. This is especially true for apps that ask for location permissions for legitimate purposes — things like weather or dating apps. If you, the user, grant the app location access, you’re granting it to all the frameworks embedded in the app too. That’s how this company X-Mode collects, packages, and sells the location data for untold millions of users who’ve never heard of X-Mode. They’re like privacy permission parasites.

X-Mode, specifically, isn’t the scandal — the scandal is the whole industry, and the widespread practice of apps just embedding them for the money without looking at what they do, or disclosing these “partnerships” to users.