X-Mode sent multiple emails to Silverberg, which he provided to The , offering at least $100,000 annually for SCRUFF’s user data.
“Since your company is already collecting location data, you might be interested in adding X?Mode’s revenue of at least $100,000 annually (Based on your apptopia numbers) on top of what you are already making,” X?Mode’s pitch email in said.
Last July, a high-ranking Catholic priest resigned after a media outlet used location data to link the priest to a gay dating app and tracked his visits to gay bars. There’s no indication that X?Mode was involved in the incident.
Sean O’Brien, the lead researcher at polyamorous web chat the Yale Privacy Lab, has uncovered several other LGBTQ dating apps that sold location data to X-Mode by looking for apps that used X?Mode’s SDK. (An SDK, which stands for Software Development Kit, is a tool embedded into apps that can be used for data collection.) App developers would install X-Mode’s SDK so the location data broker could collect information directly in exchange for payouts.
In 2020, O’Brien scanned the Google app store and found that the apps “Wapo: Gay Dating,” “Wapa: Lesbian Dating, Find a Match Chat to Women,” “MEET MARKET – Gay Dating App. Chat Date New Guys” and “FEM – Free Lesbian Dating App. Chat Meet Singles” also had X?Mode’s tracking code embedded. None of them do anymore, he said.
There are other ways for apps to give data to location data brokers, even without the SDKs. Life360, for instance, provides data brokers with location data directly through its own servers, as The Markup previously reported.
Two former X?Mode employees told The Markup that the company received more data from direct server transfers than from SDKs.
Report Deeply and Fix Things
This method would be more difficult for researchers like O’Brien to detect. All of the data in the sample we reviewed appears to be collected directly from mobile devices via the SDK.
It can be difficult for app stores like Apple’s and Google’s to detect and monitor such sales, according to The Wall Street Journal. Apple and Google said certain types of user data sales are prohibited, regardless of how the data is collected and received.
“We do not allow apps to surreptitiously build user profiles based on collected user data. Apps found to be using the X-Mode SDK are required to remove it or risk removal from the App Store altogether,” Apple spokesperson Adam Dema said in an email.
“Google Play’s policy explicitly prohibits apps that collect sensitive and personal user data from selling it,” Google spokesperson Scott Westover said in an email.
A former employee at X-Mode told The members were each responsible for bringing in new sources of location data. Each team member’s annual goals were set at one million new combined users from apps, the ex-employee said.
Often, that included reaching out to app developers with charts showing how much they could make based on their user count and a pitch deck showing how the data was used for targeted advertising.
Three of the developers who sold data to X-Mode said they ended their partnerships after learning about the military relationship. For them, working with X?Mode mostly represented a simple way to monetize their apps.
Help Us Find the Apps That Sell Your Location
Anuj Saluja, the developer behind the app “Stock Trainer: Virtual Trading,” said he stopped sharing location data with X?Mode in and that he had received from $800 to $1,000 a month from the data broker.
25% of my revenue. So financially it was a hard decision to exclude X?Mode from my app, but I think I did the right thing by my app’s users. My app doesn’t need to know or care about users’ location,” the developer said in an email.