You may have never heard of the company X-Mode Social, but its code may be in some of the apps on your phone, tracking and selling your location data. Now, Google and Apple are trying to put a stop to it. According to a Wall Street Journal article, the tech companies have told developers to remove X-Mode’s code from their apps, or risk getting them pulled from their respective app stores.
X-Mode works by giving developers code to put into their apps, known as an SDK, which tracks users’ location and then sends that data to X-Mode, which sells it. In return, X-Mode pays the developer a certain amount based on how many users the app has. According to the company, its technology is in over 400 apps, including many apps designed for Muslim users, such as one that reminds users when to pray, and a Muslim-focused dating app.
Apple is giving developers two weeks to remove the SDK, and Google is giving devs one week, with the ability to apply for an extension to 30 days. But the model of tracking users’ locations and selling the data is nothing new: what may have gotten X-Mode banned was that, according to a report by Motherboard, it was also selling it to the US military. When you consider the fact that many of the largest apps using the X-Mode were designed for Muslim populations, it’s understandable why this would be concerning.
Of course, government services buying citizens’ location data is nothing new, but most of the time they buy it from data brokers, who just aggregate the information from various sources, not from companies collecting it directly. For its part, X-Mode claims it’s being singled out, saying that it “collects similar mobile app data as most advertising SDKs”.
To wrap this up with a PSA: X-Mode, and other companies like it, can only get your location data when given permission. Often apps don’t make it clear that your location data is going to X-Mode (it’s either buried in a EULA, or not there at all), but every app on iOS and Android will have to ask for permission to be able to see your location. If your level app (as in, the tool you use to make sure a picture isn’t crooked) is asking for permission for your location, it’s probably worth thinking about whether or not it actually needs it.
Of course, that won’t protect you in cases where the app has an actual reason to use your location (such as with a dating app), which is why it’s good that both Apple and Google, as well as some lawmakers, are starting to take a harder look at how companies sell user data.