ExpressVPN ha scoperto sul Play Store e sull'App Store centinaia di app contenenti un codice di tracciamento sviluppato da X-Mode.
I due store di Google e Apple, cioè Play Store e App Store, sono pieni di app che tracciano la posizione fisica dell’utente grazie ad un “SDK“, cioè un software development kit sviluppato da una azienda terza e integrato nell’app. L’azienda in questione è X-Mode e, in teoria, i suoi SDK erano stati bannati da Google e Apple.
X-Mode, infatti, è un cosiddetto “data broker“, cioè una azienda che raccoglie dati sul comportamento degli utenti per poi rivenderli ai suoi clienti. Tra i clienti di X-Mode, però, ci sono anche l’esercito degli Stati Uniti e alcuni suoi “contractors“, ovvero aziende del settore militare che lavorano con l’esercito USA. X-Mode was literally kicked out of Apple and Google's stores in December 2020: the two giants had given app developers using the offending SDKs two weeks to remove them, or the apps themselves would be deleted.
What ExpressVPN discovered
ExpressVPN, a company that develops a well-known privacy-protecting virtual private network (VPN) software, analyzed hundreds of apps still on the Play Store and App Store and found 450 that still have X-Mode's location tracking software inside.
In total, these apps have already had 1.7 billion downloads, a number that is enough to understand the extent of the phenomenon. But it's also enough to understand that this is not just an issue for Americans, but for all of us.
What are the location tracking apps
These 450 apps include a bit of everything: many are prayer apps dedicated to Muslims, who seem to be the main target of this remote spying campaign. But there are also messaging apps, some of which are particularly insidious because they mimic famous apps like Telegram, Signal and Facebook Messenger.
There are also dating apps (as many as 64, with 52 million downloads), keyboard apps, video games, browsers, utilities of various kinds and more. ExpressVPN has published the full list of apps at this address.