Is this app by a Singapore-based developer selling data to the US military?

By November 19, 2020 Religion, Technology

We have been alerted to a screenshot of an Instagram Story being forwarded on WhatsApp. Below is the full screenshot:

In the post, we see what looks to be an infographic from the Majlis Ash-Shura: Islamic Leadership Council of New York.

The infographic was posted on the Council’s Facebook page on 17 November:

The caption of the post shares a link to an article on Vice News published on 16 November which is said to detail “how popular Muslim apps have sold data to third party contractors, who have then sold user location data to the U.S. military around ‘counter-terrorism efforts'”.

The caption also urges followers to delete the Muslim Pro app from their phones.

As a quick background, Muslim Pro is an app that has features which include prayer times based on the current location of users, an online Quran library, as well as a map of Halal restaurants and mosques around a user. According to Muslim Pro’s website, the app has been downloaded over 98 million times worldwide.

The app is developed by Singapore-based firm Bitsmedia Pte Ltd.

According to an investigation by Motherboard, the U.S. military uses two data streams to obtain location data of people around the world. One relies on a company called Babel Street, which creates a product called Locate X, while another stream is through a company called X-Mode, which obtains location data directly from apps, then sells that data to contractors, and by extension, the military.

How X-Mode works is that it encourages developers to incorporate SDK (Software Development Kit) into their own apps. The SDK will then collect the app users’ location data and send it to X-Mode, and in return, X-Mode will pay the app developers a fee based on how many users each app has.

Two apps that have been identified to have been sending data to X-Mode include Muslim Pro and dating app Muslim Mingle.

In the investigation, Motherboard used network analysis software and had reportedly observed “both the Android and iOS versions of the Muslim Pro app sending granular location data to the X-Mode endpoint multiple times”. This was also observed by Will Strafach, an iOS researcher and founder of Guardian, who said he saw the iOS version of Muslim Pro sending location data to X-Mode.

U.S. Senator Ron Wyden had also told Motherboard in a statement that X-Mode said it is “selling location data harvested from U.S. phones to U.S. military customers”.

Senator Wyden was quoted as saying: “In a September call with my office, lawyers for the data broker X-Mode Social confirmed that the company is selling data collected from phones in the United States to U.S. military customers, via defense contractors. Citing non-disclosure agreements, the company refused to identify the specific defense contractors or the specific government agencies buying the data.”

Several app developers who work with X-Mode told Motherboard they did not know their users’ location data was being sent to defense contractors.

Muslim Pro terminates relationships with data partners, including X-Mode

In an article published on 17 November on Vice News, Bitsmedia, the developer of Muslim Pro, told Motherboard in an email that “it will no longer share user data with X-Mode”.

Bitsmedia was quoted as saying: “In respect of the trust millions of prayers puts in Muslim Pro every day, we are immediately terminating our relationships with our data partners—including with X-Mode, which started four weeks ago. We will continue to take all necessary measures to ensure that our users practice their faith with peace of mind, which remains Muslim Pro’s sole mission since its creation.”

The developer also took to Muslim Pro’s Facebook page and website to state that the claims that they are selling personal data of its users to the U.S. Military is “incorrect and untrue”.

In the statement, the team mentioned that they had shared “anonymised data with selected technology partners who are required to comply with global laws and regulations around data privacy protection”. They also mentioned that they have “launched an internal investigation and are reviewing [their] data governance policy to confirm that all user data was handled in line with all existing requirements”. They reiterated that they have terminated their relationships “with all data partners, including X-Mode”.

Therefore, it is false that Muslim Pro sold users’ personal data to the U.S. Military per se.

However, it is still important to note that it is not mentioned what exactly Bitsmedia and X-Mode were working on prior to the termination. It is also not mentioned who Bitsmedia’s other data partners are.

What does this mean for Singapore users of the app?

In an article on The Straits Times regarding the incident, the Islamic Religious Council of Singapore (Muis) said that it “does not have oversight over apps like Muslim Pro and does not provide any support for them”.

A Muis spokesman added that members of the Muslim community should “exercise care when using such apps” and this includes being careful about the information they reveal, the terms and conditions that come with using the apps, and the content that such apps provide.

The spokesman added that Muis has its own supported app Muslim SG, which provides similar useful information for local Muslims.

Leave a Reply