Apple and Google will ban developers in their app stores from working with data broker X-Mode, which makes an SDK that collects user location data and passes it to U.S. defense contractors, and by extension the U.S military. The former said that X-Mode, "surreptitiously builds user profiles based on collected user data" in violation of its terms of service. Developers embedded the SDK in exchange for monthly payments.
The moves follows an investigation by VICE, which found that popular Muslim apps were using the SDK. X-Mode works with defense contractors to provide precise tracking of app users, though they would likely never know as apps with the SDK embedded were found to be vague about its usage.
Warrant-free spying — Senator Ron Wyden called out the reporting, saying that contracts with X-Mode violate American's privacy rights by allowing the government to surveil citizens while circumventing the need to acquire a warrant because the data came from a private company.
About thirty developers were identified by Apple as using the SDK across 100 apps, with more than 400 apps estimated to use it across platforms. On iOS, developers have two weeks to remove X-Mode or else risk having their apps pulled from the App Store. Developers in Google's Play Store are receiving a 7-day warning, but could request an extension of up to thirty days to remove the SDK. Because iOS and Android power nearly all smartphones, X-Mode will effectively be cut off with this decision.
On the one hand, the move by Google and Apple to protect their users stands as a positive in contrast to the wave of developers complaining that the tech giants wield too much power over them. But it also demonstrates that these types of violations will slip through, policies be damned.
The revelations that X-Mode was embedded in a Muslim prayer app felt like a betrayal to the Muslim community, which the U.S. has targeted at home and overseas for decades.
Potential for abuse — X-Mode argues the data it collects is no different than what the likes of Google and Facebook do, but Apple has also been aggressive against those companies, rolling out a new App Tracking Transparency feature in iOS 14 that will require developers ask for permission before tracking a user across apps or websites.
As more data is collected on individuals, the risk of abuse is clear. The information could be used to identify illegal immigrants as they move through the U.S., for instance. Or the data could be acquired by other nations with the intent of spying on adversaries. Even if a particular company like Google has good intentions today, once the data collection begins it's hard to stop, and that data could someday land in the hands of someone with more insidious ideas.