Share this page!

Wolfie Christl Profile picture
Twitter logo
16 Nov, 10 tweets, 4 min read
So far the most comprehensive report on how all kinds of mobile apps share or sell location data with data brokers, who in turn sell it to US military and defense contractors, all without the users' knowledge.

The mobile app ecosystem is totally broken.
vice.com/en/article/jgq…
Who is to blame?

- Tech giants Google+Apple and lobbyists from many industries (especially in advertising/marketing) who fought any regulation
- US politicians, who didn't pass appropriate legislation
- EU politicians, who don't get the GDPR enforced
- App vendors who don't care
It's a systemic fail, and it's the whole surveillance-based web and app economy that is failing.

In many cases not even app vendors know who they actually sell user data to. However, they do know that the shady SDKs they embed into their apps share data in an uncontrolled way. Image
At the latest since February 2020, everyone in the industry knows that data from the SDK and advertising sphere is flowing to US federal agencies without a warrant. App vendors, who didn't clean up their supply chain since then, must be held responsible.
Above all, tech giants Google/Apple must be held accountable, of course, and their platform power must be broken. Location data brokers who sell personal information to clients or for purposes people are not aware of should cease to exist, and digital advertising needs a reboot.
Not sure whether app vendors and location data brokers like Babel Street and X-Mode can be legally challenged in the US under the current privacy frameworks. In some cases, it may be possible. Image
It's certainly possible in the EU.

I don't see how Babel Street and X-Mode could have a legal basis to process personal data on EU users in this way under the GDPR. If they do.
Dear EU authorities,
X-Mode claims to track the movements of 'up to 10%' of people in the UK, Spain, Italy and France via mobile apps:
xmode.io/data-licensing/

X-Mode says it sells location data to US military contractors for 'counter-terrorism' purposes:
vice.com/en/article/jgq… Image
This is enough to launch an urgent inquiry. Actually, the investigation should have been started months ago (if not years).

Personal data on EU mobile app users flowing to the US military *without* a legal basis would be a blatant violation of the GDPR and EU fundamental rights.
I'd say, this is a false dichotomy. It's not either pay with $ or data. If there is a law that prohibits personal data sharing/exploitation, and it's strictly enforced (=level playing field) there will 100% still be Muslim prayer apps that do not cost $.

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with Wolfie Christl

Wolfie Christl Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @WolfieChristl

Wolfie Christl Profile picture
2 Nov
So, Facebook (semi)automatically creates a kind of discussion forum ('crisis response'), everyone in the affected area is notified about it and can post disturbing photos/videos or misinformation, completely unmoderated #wtf @facebook
Seriously, I CANNOT believe that FB doesn't even have dedicated moderation resources for these kinds of 'crisis response' forums.
The crisis started a few hours ago. It's ongoing and FB still lets people post toxic stuff every minute.

I thought I've seen every kind of irresponsible business conduct by this billion-dollar corporation, but this beats everything.
Read 8 tweets
Wolfie Christl Profile picture
15 Sep
Android apps from dating to fertility to selfie editors share personal data with the Chinese company Jiguang via its SDK that is embedded in the apps, including GPS locations, immutable device identifiers and info on all apps installed on a phone.

Report: blog.appcensus.io/2020/09/15/rep…
Jiguang, also known as Aurora Mobile, claims to be present in >1 million apps and >26 billion mobile devices. Which seems wildly exaggerated.
jiguang.cn/en/

Anyway, researchers found Jiguang's SDK in about 400 apps, some of them with hundreds of millions of installs.
According to the paper, Jiguang’s SDK is "particularly concerning because this code can run silently in the background without the consumer ever using the app in which it is embedded". Also, the SDK uses several methods to "obfuscate and hide" its "behavior and network activity".
Read 17 tweets
Wolfie Christl Profile picture
14 Sep
"The personal details of millions of people around the world have been swept up in a database compiled by a Chinese tech company with reported links to the country’s military and intelligence networks, according to a trove of leaked data" theguardian.com/world/2020/sep…
Data includes "dates of birth, addresses, marital status, along with photographs, political associations, relatives", data scraped from social media and "information which appears to have been sourced from confidential bank records, job applications".
abc.net.au/news/2020-09-1…
Zhenhua Data looks like the Chinese version of US firms such as Babel Street, which sold its social media monitoring and data analytics products "to nearly every major defense, national-security or law-enforcement agency" in the US.

babelstreet.com
Read 15 tweets
Wolfie Christl Profile picture
2 Sep
"A threat intelligence firm called HYAS …is buying location data harvested from ordinary apps installed on peoples' phones around the world …and claims to be able to track people to their 'doorstep'."

Systemic misuse of data from apps and 'advertising': vice.com/en_us/article/…
"HYAS' location data comes from X-Mode, a company that started with an app named 'Drunk Mode,' designed to prevent college students from making drunk phone calls and has since pivoted to selling user data from a wide swath of apps"
According to an X-Mode spokesperson quoted by Vice, they 'obfuscate any user IDs' and they 'aggregate devices using generalization' when they sell location data gathered from apps. Whatever this means.
Read 7 tweets
Wolfie Christl Profile picture
1 Sep
Amazon is hiring 'intelligence analysts', who should work
on 'sensitive topics that are highly confidential, including labor organizing threats against the company' and spy on 'organized labor, activist groups, hostile political leaders'.

Via @jfslowik / amazon.jobs/en/jobs/102606…
Amazon's list of enemies, to be targeted by their corporate intelligence agency:

'hate groups, policy initiatives, geopolitical issues, terrorism, law enforcement, and organized labor'

...plus 'activist groups' and 'hostile political leaders'.
Here's another Amazon job listing with a similar description:
amazon.jobs/en/jobs/121361…

In both cases, 'preferred qualifications' include:

'Previous experience in Intelligence analysis and or watch officer skill set in the intelligence community, the military, law enforcement...'
Read 10 tweets
Wolfie Christl Profile picture
25 Aug
For more than a year, 1200+ apps installed on hundreds of millions of iPhones and iPads contained malicious software operated by a shady adtech/data company that spied on users in order to steal ad revenue from competitors, according to security firm Snyk:
snyk.io/blog/sourmint-…
App vendors integrated this software/SDK by Mintegral, a Chinese adtech firm owned by Mobvista, another adtech firm, to earn money through ads.

Many iOS apps are affected, from dating to games, also very popular ones like Helix Jump, Subway Surfers and PicsArt. And their users.
For more than a year, 1200 app vendors: 🙈🙉🙊

Mediation platforms including Twitter's MoPub, who helped embedding Mintegral 🙈🙉🙊

Apple: "no evidence that users have been harmed" 🙈🙉🙊

Industry associations: fighting against any regulation 🙈🙉🙊

forbes.com/sites/johnkoet…
Read 7 tweets

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!

Follow Us on Twitter!

Like this author's thread?

Get email notifications when new thread is out from this Author!

Check out other threads from this Author!

Read all threads by @WolfieChristl