Last month it was reported that the X-Mode software development kit, used by many apps, was collecting and selling user location data, with the U.S. military among the buyers. In response, earlier this month both Apple and Google gave developers a deadline to remove X-Mode from their apps: seven days in Google’s case, fourteen in Apple’s. Apple found 100 apps that contained the code; X-Code claims 400 apps on all platforms, tracking 25 million devices in the U.S. and 40 million elsewhere. The Wall Street Journal story is behind a paywall; see The Verge and MacRumors for summaries.
Motherboard reported last week that the U.S. military was buying location data that originated, among other places, from Muslim prayer and dating apps. The Motherboard exposé details how it happened: how the location data supply chain works, and, for example, how data brokers pay app developers to incorporate their frameworks into apps so that user data can be harvested and sold to buyers like law enforcement and military contractors. Developers may not necessarily be aware of what they’re agreeing to when they accept those frameworks, but they don’t have to embed data harvesting algorithms in their apps either. [Daring Fireball, MetaFilter]
A long exposé from the New York Times explores just how much location data is collected from mobile apps, to the point where the identity of an anonymous user can be reconstructed from where they’ve been. The key point: whatever purpose the app is collecting your location for (for example, to give you your local weather), that location data may be shared with and sold to other parties.