By Byron Tau – The Wall Street Journal | Wed. Dec. 9, 2020 |
Apple Inc. and Alphabet Inc.’s Google will ban the data broker X-Mode Social Inc. from collecting any location information drawn from mobile devices running their operating systems in the wake of revelations about the company’s national-security work.
The two largest mobile-phone platforms told developers this week that they must remove X-Mode’s tracking software from any app present in their app stores or risk losing access to any phones running Apple’s or Google’s mobile operating systems.
Both Apple and Google disclosed their decision to ban X-Mode to investigators working for Sen. Ron Wyden (D., Ore.), who has been conducting an investigation into the sale of location data to government entities.
In a statement provided by a spokesman, Google said developers had seven days to remove X-Mode or face a ban from Google’s Play store, adding that some developers could ask for an extension of up to 30 days. An Apple representative confirmed that the company had given developers notice that they had two weeks to remove X-Mode’s trackers.
Google said developers had seven days to remove X-Mode or face a ban from Google’s Play store. Together, the two tech companies have an overwhelming market share of mobile phones globally, and their actions to restrict X-Mode represent one of the first times a location broker has been targeted so directly.
X-Mode has been the subject of several media reports, including from The Wall Street Journal, about its defense work. The company has provided data to several U.S. government contractors for national security, counterterrorism and pandemic response, according to its privacy policy and public-spending records.
Dozens of other companies like X-Mode obtain, buy and resell detailed location information about the movement of mobile devices in what has become a billion-dollar industry in which the data is used for targeted advertising, understanding consumer behavior and planning real-estate and investment decisions. Many location brokers, including X-Mode, also have sought to help federal, state and local officials with their Covid-19 pandemic response.
Consumers technically opt-in to such tracking by granting apps permission to record their devices’ location and accepting the terms of service. X-Mode collects the data using a tiny bit of computer code called a software development kit, or SDK, which it pays to embed into other developers’ apps in exchange for the data collected. Other brokers simply buy the data directly from app developers—a tactic that Apple and Google have less ability to police.
Most of X-Mode’s work is in the commercial sector, where investors and corporate clients use its data to guide planning and decision-making. But it also is one of the players in the growing market for government technology—a cottage industry of companies that have sprung up to service the national security establishment’s demand for data.
The Journal reported last month that X-Mode was collecting data from phones running its software about nearby “Internet of Things” devices such as fitness trackers and automobiles. That data was being made available to a company called SignalFrame that had received a small grant from the military and had been trying to win other national security-related contracts.
In addition, Vice News reported last month that X-Mode drew some of its location information from apps with a predominantly Muslim user base, such as a dating app called Muslim Mingle and a prayer app called Muslim Pro, though the company also has software embedded in many other kinds of apps.
In response to questions from the Journal, X-Mode said it was re-evaluating its government work and that its contracts prevent anyone from linking a device to personal information such as a name, address or email address.
The Reston, Va.-based company also suggested it was being unfairly singled out. “A ban on X-Mode’s SDK would have broader ecosystem implications considering X-Mode collects similar mobile app data as most advertising SDKs, and Apple and Google would be setting the precedent that they can determine private enterprises’ ability to collect and use mobile app data,” the company said.
Several developers that work with X-Mode have told the company they plan to ask Apple to reconsider the decision, the data broker said.
Investigators working for Mr. Wyden have been probing the commercial data market in the wake of revelations that such data is being bought by U.S. government entities for surveillance and law enforcement. He said he is drafting legislation to ban the practice.
“Americans are sick of learning about apps selling their location information and other sensitive data to anyone with a checkbook, including to the government,” Mr. Wyden said. “Apple and Google deserve credit for doing the right thing and exiling X-Mode Social, the most high-profile tracking company, from their app stores. But there’s still far more work to be done to protect Americans’ privacy, including rooting out the many other data brokers that are siphoning data from Americans’ phones.”
A review by Apple found 100 apps made by 30 developers contained X-Mode’s software, according to a briefing given to Mr. Wyden’s office and described to the Journal. Apple cited potential violations of its rules around data use and sharing and gave developers two weeks to remove X-Mode’s SDK. Apple told developers that it appeared X-Mode “surreptitiously builds user profiles based on collected user data,” in violation of its terms of service.
The crackdown on X-Mode comes as Apple is preparing to better highlight to users of its iPhones how their data is being tracked. Next year, Apple has said, it will roll out software updates that will prevent advertisers from being able to collect a person’s advertising identifier without the user’s permission. Some companies, such as Facebook Inc., have said the change will hurt their ability to target personalized ads at people using Apple devices.
Craig Federighi, Apple’s head of software engineering, this week reiterated Apple’s position that users should have control over their data, especially when it comes to tracking their location. Among changes made to limit such tracking, he noted that a recent software change allows users to enable a feature that allows for approximate location rather than precise location.
“Where you go says a lot about who you are. Like whether you go to a particular place of worship,” Mr. Federighi said Tuesday during the European Data Protection and Privacy Conference. “There is an enormous potential for this kind of data to be misused. And the way some apps are designed, users may have no idea that they’re giving it away.”
Read the original article at The Wall Street Journal HERE.