A Muslim prayer app with over 98 million downloads is one of the apps connected to a wide-ranging supply chain that sends ordinary people’s personal data to brokers, contractors, and the military….
The U.S. military is buying the granular movement data of people around the world, harvested from innocuous-seeming apps, Motherboard has learned. The most popular app among a group Motherboard analyzed connected to this sort of data sale is a Muslim prayer and Quran app that has more than 98 million downloads worldwide. Others include a Muslim dating app, a popular Craigslist app, an app for following storms, and a “level” app that can be used to help, for example, install shelves in a bedroom.
Through public records, interviews with developers, and technical analysis, Motherboard uncovered two separate, parallel data streams that the U.S. military uses, or has used, to obtain location data. One relies on a company called Babel Street, which creates a product called Locate X. U.S. Special Operations Command (USSOCOM), a branch of the military tasked with counterterrorism, counterinsurgency, and special reconnaissance, bought access to Locate X to assist on overseas special forces operations. The other stream is through a company called X-Mode, which obtains location data directly from apps, then sells that data to contractors, and by extension, the military.
The news highlights the opaque location data industry and the fact that the U.S. military, which has infamously used other location data to target drone strikes, is purchasing access to sensitive data. Many of the users of apps involved in the data supply chain are Muslim, which is notable considering that the United States has waged a decades-long war on predominantly Muslim terror groups in the Middle East, and has killed hundreds of thousands of civiliansduring its military operations in Pakistan, Afghanistan, and Iraq. Motherboard does not know of any specific operations in which this type of app-based location data has been used by the U.S. military.
The apps sending data to X-Mode include Muslim Pro, an app that reminds users when to pray and what direction Mecca is in relation to the user’s current location. The app has been downloaded over 50 million times on Android, according to the Google Play Store, and over 98 million in total across other platforms including iOS, according to Muslim Pro’s website.
“The Most Popular Muslim App!,” Muslim Pro’s website reads. The app also includes passages and audio readings from the Quran. Another app that sent data to X-Mode was Muslim Mingle, a dating app that has been downloaded more than 100,000 times.
Some app developers Motherboard spoke to were not aware who their users’ location data ends up with, and even if a user examines an app’s privacy policy, they may not ultimately realize how many different industries, companies, or government agencies are buying some of their most sensitive data. U.S. law enforcement purchase of such information has raised questionsabout authorities buying their way to location data that may ordinarily require a warrant to access. But the USSOCOM contract and additional reporting is the first evidence that U.S. location data purchases have extended from law enforcement to military agencies.
USSOCOM bought access to Locate X, a location data product from a company called Babel Street, according to procurement records uncovered by Motherboard. A former Babel Street employee described to Motherboard how users of the product can draw a shape on a map, see all devices Babel Street has data on in that location, and then follow a specific device around to see where else it has been.
The Locate X data itself is anonymized, but the source said “we could absolutely deanonymize a person.” Babel Street employees would “play with it, to be honest,” the former employee added.
USSOCOM purchased the “additional software licenses” for Locate X and another product focused on text analysis called Babel X in April, according to the public records. The bundle of additional licenses cost around $90,600, the records show.
In a statement, Navy Cmdr. Tim Hawkins, a U.S. Special Operations Command spokesperson, confirmed the Locate X purchase, and added “Our access to the software is used to support Special Operations Forces mission requirements overseas. We strictly adhere to established procedures and policies for protecting the privacy, civil liberties, constitutional and legal rights of American citizens.”
A Babel Street document available online says that “Within the technical specifications of the Locate X Data, Customer’s use of the Locate X Data is not limited by the number of search queries.” The document says the location data may not always be accurate.
Babel Street did not respond to multiple requests for comment.
In March, tech publication Protocol first reported that U.S. law enforcement agencies such as Customs and Border Protection (CBP) and Immigration and Customs Enforcement (ICE) were using Locate X. Motherboard then obtainedan internal Secret Service document confirming the agency’s use of the technology. Some government agencies, including CBP and the Internal Revenue Service (IRS), have also purchased access to location data from another vendor called Venntel.
Muslim Pro did not respond to multiple requests for comment.
Other apps sending data to X-Mode included the “Accupedo” step counter app, which has been downloaded more than 5 million times according to the app’s page on the Google Play Store; the “CPlus for Craigslist” app which lets users more easily search Craigslist, and has more than one million downloads; and “Global Storms,” an app for following hurricanes, typhoons, and tropical storms. The app has been downloaded more than a million times.