Apple and Google banned apps from sharing users location data with a broker with links to U.S. military contractors.
Hundreds of Android apps much more than previously disclosed have trace and sent granular users location data to X-Mode a knowledge broker known to sell location data to U.S. military contractors.
The apps include messaging apps a free video and file converter several dating sites and religion and prayer apps each accounting for tens of many downloads so far consistent with new research.
Sean O’Brien principal researcher at ExpressVPN Digital Security Lab and Esther Onfroy co-founder of the Defensive Lab Agency found on the brink of 200 Android apps that at some point over the past year contained X-Mode tracking code.
Some of the apps were still sending location data to X-Mode as recently as December when Apple and Google told developers to get rid of X-Mode from their apps or face a ban from the app stores.
But weeks after the ban took effect one popular U.S. transit map app that had been installed many thousands of times was still downloadable from Google Play albeit it had been still sending location data to X-Mode.
The new research, now published is believed to be the broadest review so far of apps that collaborate with X-Mode during one among dozens of companies in a multibillion-dollar industry. That buys and sells access to the situation data collected from ordinary phone apps often for the needs of serving targeted advertising.
But X-Mode has faced greater scrutiny for its connections to government work amid fresh reports that U.S. intelligence bought access to commercial location data to look for Americans past movements without first obtaining a warrant.
X-Mode’s ties to military contractors (and by extension the U.S. military) was first disclosed by Motherboard. Which first reported that a well-liked prayer app with quite 98 million downloads worldwide sent granular movement data to X-Mode.
In November, Motherboard found that another previously unreported Muslim prayer app called Qibla Compass sent data to X-Mode. O’Brien’s findings corroborate that and also point to many more Muslim-focused apps as containing X-Mode. By conducting network traffic analysis. Motherboard verified that a minimum of three of these apps did at some point send location data to X-Mode, although none of the versions currently on Google Play do so. you’ll read Motherboard’s full story here.
X-Mode’s chief executive Josh Anton told CNN last year that the info broker tracks 25 million devices within the U.S. He also told Motherboard its SDK had been utilized in about 400 apps.
The researchers also published new endpoints that apps using X-Mode’s SDK are known to speak with which O’Brien said he hoped would help others discover which apps are sending or have historically sent trace users location data to X-Mode.
We hope consumers can identify if they’re the target of 1 of those location trackers and more importantly demand that this spying end. We would like researchers to create off of our findings within the public interest helping to shine light on these threats to privacy, security and rights said O’Brien.
Analyzing the network traffic on about two-dozen of the foremost downloaded Android apps within the researchers findings to seem for apps that were communicating with any of the known X-Mode endpoints. And also confirmed that several of the apps were at some point sending location data to X-Mode. We also used the endpoints identified by the researchers to seem for other popular apps which will have communicated with X-Mode.
At least one app identified by Worldstechtime slipped through Google’s app store ban.
New York Subway a well-liked app for navigating the any City subway system that has been downloaded 250,000 times consistent with data provided by Sensor Tower was still listed in Google Play as of in the week . But the apps that are not updated since the app store ban implemented was still sending location data to X-Mode.
As soon because the app loads a splash screen immediately asks for the user’s consent to send data to X-Mode for ads, analytics and marketing research but the app didn’t mention X-Mode’s government work.
A Google spokesperson confirmed the corporate removed the app from Google Play.
Using the researchers list of apps also found that previous versions of two highly popular apps Moco and Video MP3 Converter which account for quite 115 million downloads so far are still sending user location data to X-Mode. That poses a privacy risk to users who install Android apps from outside Google Play and people who are running older apps that are still sending data to X-Mode.
Neither app maker skilled an invitation for comment. Google wouldn’t say if it had removed the other apps for similar violations or what measures it might take if any to guard users by trace who is running older app versions that are still sending location data to X-Mode.
None of the corresponding and namesake apps for Apple’s iOS that we tested seemed to communicate with X-Mode’s endpoints. When reached, Apple declined to mention if it had blocked any apps after its ban went into effect.
The sensors in smartphones provide rich data which will be exploited to limit our movements our free expression and our autonomy said O’Brien. Location spying poses a significant threat to human rights because it peers into the foremost sensitive aspects of our lives and who we accompany.
The newly published research is probably going to bring fresh scrutiny to how ordinary smartphone apps are harvesting and selling vast amounts of private data on many Americans often without the user’s explicit consent.
Several federal agencies including the interior Revenue Service and Homeland Security are under investigation by government watchdogs for purchasing and using location data from various data brokers without first obtaining a warrant. Last week it emerged that intelligence analysts at the Defense intelligence buy access to commercial databases of Americans location data.
Critics say the govt is exploiting a loophole during a 2018 Supreme Court ruling which stopped enforcement from obtaining telephone location data directly from the cell carriers without a warrant.
Now the govt says it doesn’t believe it needs a warrant for what it can purchase directly from brokers.
Sen. Ron Wyden a vocal privacy critic whose office has been investigating the data broker industry previously drafted legislation which may grant the Federal Trade Commission new powers to manage and fine data brokers.
Americans are disgusted learning that their location data is sold by data brokers to anyone with a master card. Industry self-regulation clearly isn’t working. Congress must pass tough legislation like my Mind Your Own Business Act to offer consumers effective tools to stop their data being sold. Also to offer the FTC the facility to carry companies accountable once they violate Americans’ privacy,” said Wyden.