Location of Android users followed by “snooping beacon” technology in applications – despite its ban by Google
Hundreds of Android apps sent user location data to a data broker that had been banned from the Google Play Store since December 2020.
Almost 200 messaging apps, video and file converters, dating sites, and religious and prayer apps downloaded tens of millions of times had X-Mode installed. Despite the ban, only ten percent of these apps have been removed from Google Play.
The tracker sparked controversy after Vice’s Motherboard reported that the U.S. military was purchasing granular motion data from users of a Muslim prayer and Quranic app that had more than 98 million downloads worldwide. The US military reportedly used location data to target drone strikes.
Along with X-Mode’s Localization SDK (Source Development Kit, a code package that provides functionality to application developers) called “io.xmode”, researchers at ExpressVPN’s Digital Security Lab have found an additional SDK called “io.mysdk”.
SDKs – which can include mapping software, Bluetooth compatibility, or graphics and emojis – are difficult for Apple and Google to follow because they are built into the app code before it reaches the App Store, and Smartphone users are not notified of their presence when they are being installed.
The five providers found in io.mysdk are “location beacons” which include “Placed (a subsidiary of Foursquare), Sense360, Wireless Registry (aka SignalFrame), BeaconsInSpace (aka Fysical) and OneAudience”. Researchers claim that at least seven apps targeting a Muslim audience contain X-Mode.
Some of these beacons have reportedly been used to determine the actual location of millions of devices, are in legal battles against privacy breaches, and are “major players in location monitoring,” according to the media. researchers.
âStatic analysis on Apple iOS apps is limited by logistical barriers and uncertain legal status,â the researchers say, meaning they can’t examine X-Code on iPhones as easily, but point out that Android has a 73% market share in the world.
Responding to the investigation, X-Mode CEO Josh Anton told TechCrunch, âX-Mode’s SDK ban has broader ecosystem implications given that X-Mode has collected mobile app data similar to most advertising SDKs. Apple and Google set the precedent by allowing them to determine the ability of private companies to collect and use mobile app data even when a majority of our publishers had secondary consent for the collection and use of location data. .
He continued, âWe recently sent a letter to Apple and Google to understand how we can best solve this problem together so that we can both continue to use location data to save lives and continue to build capacity. technological communities to create a location. based products. We believe it is important to ensure that Apple and Google keep X-Mode on par with themselves when it comes to collecting and using location data.
Google did not respond to a request for comment from The independent before the time of publication.