A well-known Muslim prayer app has been recording and selling the location data of users, leading to fears this information will be abused.
This is according to a report by Vice, which said granular location data from Salaat First, an app that reminds Muslim users of when to pray, is being sold to a data broker who in turn sells it on to other clients.
The data broker, Predicio, has been linked to a supply chain of data involving a US government contractor that has worked with security agencies including Customs and Border Protection and the FBI.
The story emerged after a large dataset of raw, precise movements of app users was obtained by Motherboard. The leaked data contained users’ precise latitude and longitude, their phone model, operating system, IP address, a timestamp and their unique advertising ID.
Such information could potentially be used to track the day-to-day movements of Muslims, such as when they visit their places of worship.
Vice stated that the developer behind Salaat First, which has been downloaded more than 10 million times on Android, confirmed to them that the app sent users’ location data to Predicio. While the privacy policy on Salaat First’s website does mention it shares anonymized location data with third parties for “ads and to improve our services,” there is no mention the app sells users’ location data itself.
Since the story was published, Predicio released a statement on its website saying: “Predicio does not support any governmental, commercial, or private use cases that aim to use business intelligence data to identify ethnic, religious or political groups for human tracking or people identification of any sort. We do not tolerate the abuse of our solutions for the use cases that do not follow our global moral, social and ethical code of conduct.”
As quoted by Vice, Nihad Awad, national executive director of the Council on American Islamic Relations, said: “In light of these latest revelations, the owners of all major Muslim applications should thoroughly investigate how their companies handle user data. The companies should publicly acknowledge any identified sale of user data that could have been obtained by government entities, and then take transparent steps to ensure that it never happens again.”