Muslim Pro, a Muslim prayer and Quran app with over 98 million downloads, has said it will no longer share user data with X-Mode, a location data firm that has sold information to, among other clients, defense contractors and ultimately the U.S. military. A Motherboard investigation found Muslim Pro was sending granular location data to X-Mode.
"In respect of the trust millions of prayers puts in Muslim Pro every day, we are immediately terminating our relationships with our data partners—including with X-Mode, which started four weeks ago. We will continue to take all necessary measures to ensure that our users practice their faith with peace of mind, which remains Muslim Pro’s sole mission since its creation," Muslim Pro told Motherboard in an email on Tuesday.
Do you work at Babel Street, X-Mode, Venntel, or one of the apps mentioned in this piece? Did you used to, or know anything else about the location data industry? We'd love to hear from you. Using a non-work phone or computer, you can contact Joseph Cox securely on Signal on +44 20 8133 5190, Wickr on josephcox, OTR chat on email@example.com, or email firstname.lastname@example.org.
Through a technical analysis of various Android and iOS apps, Motherboard found a series of apps sending location data to X-Mode. Those included Muslim Pro, which reminds users when to pray and what direction Mecca is in relation to the user's current location. The app has been downloaded over 50 million times on Android, according to the Google Play Store, and over 98 million in total across other platforms including iOS, according to Muslim Pro's website.
As part of the investigation, Senator Ron Wyden told Motherboard in a statement that X-Mode said it is selling location data harvested from U.S. phones to U.S. military customers.
"In a September call with my office, lawyers for the data broker X-Mode Social confirmed that the company is selling data collected from phones in the United States to U.S. military customers, via defense contractors. Citing non-disclosure agreements, the company refused to identify the specific defense contractors or the specific government agencies buying the data," the statement read.
Earlier versions of X-Mode's "Trusted Partners" page also included defense contractors such as Sierra Nevada Corporation and Systems & Technology Research. Both of these companies work with the U.S. armed forces.
At the time, X-Mode told Motherboard in a statement that "X-Mode licenses its data panel to a small number of technology companies that may work with government military services, but our work with such contractors is international and primarily focused on three use cases: counter-terrorism, cybersecurity and predicting future COVID-19 hotspots."
Other apps Motherboard found sending data to X-Mode included Accupedo, a step tracking app which has been downloaded more than 5 million times according to the app's page on the Google Play Store; Global Storms, an app for following hurricanes, typhoons, and tropical storms, which has been downloaded more than a million times; and the "CPlus for Craigslist" app which lets users more easily search Craigslist, and has more than one million downloads.
Muslim Pro's statement added "The protection and respect of the privacy of our users is Muslim Pro’s outmost priority. As one of the most trusted Muslim app over the last 10 years, we adhere to the most stringent privacy standards and data protection regulations, and never share any personal identifiable information. Since we were made aware of the situation, we have launched an internal investigation and are reviewing our data governance policy to confirm that all user data was handled in line with all existing requirements." Muslim Pro also sent location data to other firms, such as Tutela.
Motherboard's investigation also found that U.S. Special Operations Command (USSOCOM) had bought access to smartphone location data through Locate X, a product offered by a company called Babel Street. Locate X also uses location data harvested from apps.