By John Gruber

• Archive
• The Talk Show
• Dithering
• Projects
• Contact
• Colophon
• Feeds / Social
• Sponsorship

How the U.S. Military Buys Location Data From Ordinary Apps

Joseph Cox, reporting for Motherboard:

The U.S. military is buying the granular movement data of people around the world, harvested from innocuous-seeming apps, Motherboard has learned. The most popular app among a group Motherboard analyzed connected to this sort of data sale is a Muslim prayer and Quran app that has more than 98 million downloads worldwide. Others include a Muslim dating app, a popular Craigslist app, an app for following storms, and a “level” app that can be used to help, for example, install shelves in a bedroom.

Through public records, interviews with developers, and technical analysis, Motherboard uncovered two separate, parallel data streams that the U.S. military uses, or has used, to obtain location data. One relies on a company called Babel Street, which creates a product called Locate X. U.S. Special Operations Command (USSOCOM), a branch of the military tasked with counterterrorism, counterinsurgency, and special reconnaissance, bought access to Locate X to assist on overseas special forces operations. The other stream is through a company called X-Mode, which obtains location data directly from apps, then sells that data to contractors, and by extension, the military.

Matt Drance:

Developers: Read this thread and please, please push back on growth hackers telling you to put random ass libraries in your apps.

There’s a whole seedy industry of location/data harvesting companies who pay the developers of popular (or even just semi-popular — anything with users) apps to include their frameworks in their applications. This is especially true for apps that ask for location permissions for legitimate purposes — things like weather or dating apps. If you, the user, grant the app location access, you’re granting it to all the frameworks embedded in the app too. That’s how this company X-Mode collects, packages, and sells the location data for untold millions of users who’ve never heard of X-Mode. They’re like privacy permission parasites.

X-Mode, specifically, isn’t the scandal — the scandal is the whole industry, and the widespread practice of apps just embedding them for the money without looking at what they do, or disclosing these “partnerships” to users.

★ Thursday, 19 November 2020