A popular Muslim prayer app has been secretly collecting its users’ location data, according to Vice. A network of data brokers links the app to U.S. government law enforcement agencies such as ICE and the FBI.
The app called Salaat First (Prayer Times) was created to help Muslims perform their daily prayers, reminding when the time for the ritual has come, identifying the direction they need to take to face Mecca, and showing the location of nearby mosques. The features require identifying location data.
According to data leaked to Vice’s Motherboard website, the app went further than simply identifying where the user was, however. Until recently, it also shared that data with a broker, which sold the information on to other interested parties. The broker, a French firm called Predicio, is part of what Vice claims is a shady data supply chain that had earlier been identified by the outlet. Among the chain’s clients are U.S. law enforcement agencies, including the Federal Bureau of Investigations (FBI), Customs and Border Protection (CBP), and Immigration and Customs Enforcement (ICE).
Vice had previously exposed Muslim Pro, another app aimed at Muslim users, which tracked user locations and sold the data to the U.S. military, including the U.S. Special Operations Command. Admittedly, Salaat First has a smaller user base—the Android version of Salaat First, which had been collecting the data, has been downloaded more than 10 million times, whereas MuslimPro had racked up over 100 million downloads by the time it was outed.
The dataset examined by Vice recorded the precise geographic location of the device running Salaat First and updated it every two minutes, plus the device model and operating system, the IP address, and a timestamp. It also contained a unique advertising ID, which allowed the tracking of individual users over time. The app’s developer told Vice the tracking feature was supposed to initialize only if the app was downloaded in the UK, Germany, France or Italy. The report says Vice tested the app and decided that users had not been sufficiently informed about the feature to be able to give their informed consent to being tracked and their data being sold.
And the data harvesting was not limited to Salaat First. Several other apps have likely used the same software development kit (SDK) to handle data collection. SDK is third-party code that usually helps create new software faster but can also add functionality beneficial to the third party in exchange for some incentive to the developer. Among other apps possibly running Predicio’s tracker were popular weather apps Fu*** Weather and Weawow, the report said, based on reverse-engineering of the code. Neither of the three apps is using the SDK now, they told Vice. (RT.com)