A Muslim prayer and Quran study app named “Muslim Pro” is reportedly selling user data to various entities, including the United States Military. When we say user data, we mean extremely granular and analytical location and movement data that can help someone determine where a person is, where they have been in recent months, where they live, and who they visited. “Muslim Pro” is available for both Android and iOS and has had about 98 million installations in total.
The sale of the user location data isn’t taking place through a direct channel but through the ‘Textonix X-Mode’ tool, which has seen its uptake rise to the sky with the COVID-19 pandemic. Unfortunately, “Muslim Pro” isn’t the only app that’s feeding X-Mode with data. According to Motherboard, the same applies to “Muslim Mingle,” an app with over 100,000 installations.
One question that comes to mind is how exactly these apps justify the use of location services on the users’ devices. The answer is a feature meant to help the user pray in Mecca’s direction, the holiest city in Islam. The apps abuse the granting of this permission to gather people’s data and sell it to X-Mode, as it seems.
The fact that the reports uncover two Muslim apps could be a random one - or not. There’s a long history of Muslim terrorist action in the United States, as well as in other countries where the U.S. Army engages, such as Afghanistan, Iraq, and Pakistan. There may be a connection here, but the exact reasons why the U.S. Military is interested in Muslim data remains officially unknown.
X-Mode has officially admitted that they are tracking no less than 25 million devices in the United States and another 40 million smartphones in Europe, Latin America, and Asia. The SDK that feeds X-Mode is embedded in four hundred apps, some of which don’t raise concerns when they ask the user for location data access.
The “Accupedo” step counter app, which has five million installations, is one of these examples. Another one is “Global Storms,” an app that aims to keep users safe from tropical storms, hurricanes, and typhoons.
What’s even more worrying is that while Motherboard discovered what the American army is interested in, they have no way of telling which private entities could be buying that same data from X-Mode. Certainly, there are many, and suggesting that all of them comply with any kind of data protection regulation would be utterly naive.
Of course, users are giving their consent for this upon installing the apps and accepting the terms of use - it’s just that almost nobody realizes what they agree to.