It’s certainly not the first time that we are hearing about this. In November 2020, news began to circulate that a popular Islamic prayer and Quran app called Muslim Pro had been selling the personal data of its users to the US military. In January 2021, we had another similar incident whereby a Muslim prayer app called Salaat First was accused of selling users’ location data to tech firms that had ties with the US military. Fast forward to March 2022 and we have another similar incident. But this time, it’s not just Muslim prayer apps.
It all began when Serge Egelman of the University of California and Joel Reardon of the University of Calgary, identified data-harvesting code while researching Android app vulnerabilities. The Wall Street Journal were involved and after investigations, they reported that the apps included software that was developed by a company that has ties to U.S. security agencies. What’s more, the software was discreetly collecting data from users without their knowledge. According to the researchers, the code was written to be extremely invasive which prompted them to describe it as malware.
The apps in reference are some of the most downloaded within the Google Play App Store, with over 5-10 million downloads. This includes Qibla Compass, Al-Moazin Lite (Prayer Times), WiFi Mouse and Speed Camera Radar. The Wall Street Journal reported that developers were paid by the Panamanian company Measurement Systems S. de R.L. – who initially wrote the data-harvesting code – to include this within their software. This allowed them to collect data from millions of users over a long period of time and pass it on to the U.S. security agencies.
Upon being contacted by the Wall Street Journal, Measure Systems S. De R.L. denied any record of this and has also denied that it has any links with U.S. security agencies. The developers of Qibla Compass and Al Moazin were also contacted, but only the developer of Al Moazin commented on the matter. Denying any knowledge of data being transferred to U.S. security agencies, the developer said that it assumed that Measure Systems S. De R.L. was gathering data on behalf of internet providers, financial services and energy companies.
Previously when apps contained any malware written by Measure Systems, they were reinstated on the Google App Store once the malware was removed. The same applies to the two banned Muslim prayer apps after Google said that the apps can be reinstated once the data-harvesting code was removed.
Main Image Credit – Rami Al Zayat, Unsplash