Another Day, Another Location Data Privacy Scandal We'll Probably Do Nothing About

Privacy

from the this-problem-isn't-going-away dept

Another day, another location data scandal we probably won’t do anything about.

Joseph Cox, a one-man wrecking ball on the location data privacy beat the last few years, has revealed how a popular Muslim prayer app has been collecting and selling granular user location data without those users’ informed consent. Like so many apps, Salaat First (Prayer Times), which reminds Muslims when to pray, has been recording and selling detailed daily activity data to a third party data broker named Predicio. Predicio, in turn, has been linked to a supply chain of government partners including ICE, Customs and Border Protection, and the FBI.

As usual, users aren’t clearly informed that their every waking movement is being monetized on a massive scale, something that concerned an anonymous source familiar with Salaat First’s business model:

“Being tracked all day provides a lot of information, and it shouldn’t be usable against you, especially if you are unaware of it,” the source said.”

The report comes on the heels of previous reports showing how a similar app, Muslim Pro, was also found to be collecting sensitive user location data and selling it to third parties with links to the federal government. In most of these instances the companies involved try to hide behind claims that this isn’t a big deal because the data involved is anonymized. But there’s usually no objective inquiries to confirm that’s actually true, and it doesn’t matter anyway because as countless studies have found, “anonymized” data isn’t actually anonymous anyway (especially for a government rich with other data sets).

The data collected here includes app users, their phone model, their movement habits, their operating system, IP address, timestamps, user advertising IDs, and more. As with many apps, the Salaat First doesn’t direct users to an overlong privacy policy at any point. Nor does it make clear that user data is sold to third parties, not just used for advertising purposes. This violates Google’s app store guidelines, not that it apparently seems to matter to anybody:

“A Google spokesperson told Motherboard in a statement “The Play Store prohibits the sale of personal or sensitive data collected through Play apps. We investigate all claims related to apps violating our policies, and if we confirm a violation, we take action.”

Predicio, however, has been harvesting location data from Android apps and paying developers for years, raising questions about Google’s lackluster enforcement of its own policies.”

Predicio didn’t much want to comment. The laundry list of location data scandals at this point is monumental, and the primary response to the problem, with the occasional exception, has been little more than silence and scattered policy dipshittery.

First there was the Securus and LocationSmart scandal, which showcased how cellular carriers and data brokers buy and sell your daily movement data with only a fleeting effort to ensure all of the subsequent buyers and sellers of that data adhere to basic privacy and security standards. Then there was the blockbuster report showing how this data routinely ends up in the hands of everyone from bail bondsman to stalkers, again, with only a fleeting effort made to ensure the data itself is used ethically and responsibly. Since then, there’s just a steady parade showing the same problems throughout adtech.

Throughout it all, government has refused to lift a finger to address the problem, presumably because lobbyists don’t want government upsetting the profitable apple cart, and government doesn’t want to lose access to its ability to track your every waking stumble without much transparency or oversight. Meanwhile, countless folks continue to labor under the illusion that this sort of widespread dysfunction will be fixed by telecom or adtech “market forces.”

It’s not clear what people expected would happen when we created a massive online ecosystem that monetizes users’ every waking movement (and tied it to the federal government) while simply refusing to pass even a basic privacy law for the internet era. Instead of taking this problem seriously, the nation’s top policy voices in 2020 spent most of their time freaking out about a Chinese teen dancing app or trying to destroy a law integral to the functioning of the internet in the mistaken belief this would let them be bigger assholes online.

Filed Under: data privacy, location data, privacy