Apple and Google are pushing location data broker X-Mode out of their respective app stores, throwing the future of the large location company into question. The news comes after Motherboard revealed that X-Mode’s code was implanted in a number of highly popular apps, including Muslim Pro, a Quran and prayer app downloaded over 98 million times, and how X-Mode sells data to U.S. defense contractors and ultimately the U.S. military.
The news is a major shakeup in the multi-billion dollar location data industry, which sees ordinary apps installed on peoples phones selling data to companies like X-Mode, which then sell it onwards to data brokers or other firms and ultimately end users. The Wall Street Journal first reported the news on Wednesday.
Videos by VICE
“Americans are sick of learning about apps selling their location information and other sensitive data to anyone with a check book, including to the government,” Senator Ron Wyden told Motherboard in a statement. “Apple and Google deserve credit for doing the right thing and exiling X-Mode Social, the most high-profile tracking company, from their app stores. But there’s still far more work to be done to protect Americans’ privacy, including rooting out the many other data brokers that are siphoning data from Americans’ phones.”
Do you work at X-Mode? Did you used to? Do you know anything else about the sale of location data? We’d love to hear from you. Using a non-work phone or computer, you can contact Joseph Cox securely on Signal on +44 20 8133 5190, Wickr on josephcox, OTR chat on jfcox@jabber.ccc.de, or email joseph.cox@vice.com.
A Wyden aide told Motherboard in an email that Apple informed their office that it surveyed its App Store for apps communicating with X-Mode. The company found around 100 apps from 30 developers, the aide said.
“They [app developers] have until the 18th to remove X-Mode, or the app is removed from the store,” the aide wrote.
Google is sending a seven day warning to all developers working with X-Mode, the aide said. Developers can request an extension of up to 30 days, the aide said.
“If X-Mode is still present in the app after the timeframe, the app will be removed from Play,” the aide wrote, referring to Google’s Play Store.
An Apple spokesperson responded to a request for comment but did not provide a statement in time for publication. A Google spokesperson confirmed the action against X-Mode in a statement to Motherboard. X-Mode did not immediately respond to a request for comment.
X-Mode pays app developers to embed the company’s software development kit (SDK) into their smartphone apps. Once installed, the SDK gathers granular location data from users’ devices and sends it to X-Mode. Motherboard has found X-Mode’s code in a wide range of apps, including a popular Craigslist app, another for following the weather and storms, and a “level” app for, say, installing shelves accurately.
In some of these cases, however, the apps did not seek explicit, informed consent from users to send their location data to X-Mode. In the case of Muslim Pro, the app never mentioned X-Mode in its privacy policy, and did not mention that users’ data was being sent to the company. Through technical analysis, Motherboard found that Muslim Pro transferred location data to X-Mode.
Beyond U.S. contractors and the military, Motherboard also previously reported how X-Mode sold location data to a private intelligence firm that offered to track suspects to their “doorstep.”
The Wall Street Journal found that X-Mode provides data to a company called SignalFrame, which received a $50,000 grant from the Air Force.