Apple and Google have both taken the exceptional step of banning any apps that include X-Mode's software from their respective app stores, according to The Wall Street Journal. The news comes after investigations revealed location data gathered by X-Mode in those apps were sold to parties with ties to the US government and national security efforts. Play Store developers have one week to comply before the banhammer falls.
X-Mode, for the unfamiliar, markets itself to developers as a source of ad-free revenue. Rather than dealing with the process of building ads into their apps, developers simply have to include the X-Mode "XDK" (read: SDK), allowing their app to gather and submit location data to X-Mode, and receive passive compensation in trade. The company behind it claims it complies with Google, Apple, GDPR, and CCPA requirements as it sells that location data to third parties. However, Apple has already claimed the practice may potentially violate its policies.
X-Mode claims its practices follow both Google and Apple's policies.
While most of X-Mode's customers are alleged to be in commerce, some are claimed to be government entities or tied to companies with government contracts in national security and counterterrorism applications, as well as pandemic response. Last month, a report by Vice revealed that apps with millions of installs use the SDK, including Muslim Mingle and Accupedo Pedometer. Earlier this year, the government was caught purchasing location data from a service called Locate X. Companies engaged in this sort of practice — gathering data and selling it to third parties — go by the cyberpunk-sounding name "data brokers" or "information brokers."
X-Mode believes the upcoming ban is unfair, claiming other advertising SDKs follow similar practices and that it's not reasonable for Apple and Google to determine how third-party enterprises collect and use mobile app data. Following inquiries from the WSJ, X-Mode also claims it's "re-evaluating its government work" and that the contracts in place prevent linking identifying information like names or addresses to devices.
From X-Mode's FAQ.
The news of the upcoming ban was revealed as part of an ongoing investigation by US Senator Ron Wyden, who has been digging into the subject and crafting legislation intended to ban the practice, "Americans are sick of learning about apps selling their location information and other sensitive data to anyone with a checkbook, including to the government."
In a review, Apple found that 100 apps on the App Store from 30 different developers contained X-Mode's software. Changes to iOS (to be enforced at a future date) will prevent software like X-Mode's from even working correctly unless customers explicitly opt-in, though we aren't aware of any similar plans for Google's Android.
Play Store developers have seven days to strip out X-Mode code from their apps, while Apple is giving them a bit more time with a two-week deadline. Developers that fail to comply risk a ban.
- The Wall Street Journal