U.S. Government Contractors Embedded Software in Apps to Track Phone Locations ⇥ wsj.com

Byron Tau, Wall Street Journal:

Anomaly Six LLC, a Virginia-based company founded by two U.S. military veterans with a background in intelligence, said in marketing material it is able to draw location data from more than 500 mobile applications, in part through its own software development kit, or SDK, that is embedded directly in some of the apps. An SDK allows the company to obtain the phone’s location if consumers have allowed the app containing the software to access the phone’s GPS coordinates.

App publishers often allow third-party companies, for a fee, to insert SDKs into their apps. The SDK maker then sells the consumer data harvested from the app, and the app publisher gets a chunk of revenue. But consumers have no way to know whether SDKs are embedded in apps; most privacy policies don’t disclose that information. Anomaly Six says it embeds its own SDK in some apps, and in other cases gets location data from other partners.

Tau reports that Anomaly Six tracks the location of “hundreds of millions of mobile phones” but, citing the opacity of the data brokerage world, was not able to determine which apps include its SDK. Tau also reports that the founders of Anomaly Six used to work for Babel Street, which offers a similar privacy hellscape called “Locate X”:

Babel Street doesn’t publicly advertise Locate X and binds clients and users to secrecy about even its existence, according to contracts and user agreements reviewed by the Journal. Developed with input from U.S. government officials, according to court records, Locate X is widely used by military intelligence units who work on gathering “open source” intelligence, or information taken from publicly available sources. Babel Street also has contracts with the Department of Homeland Security, the Justice Department, and many other civilian agencies, federal contracting data shows. Babel Street didn’t respond to a request for comment.

So the U.S. government is comfy with the risk of starting another Cold War over apparent mass privacy violations by foreign actors on moral absolutist grounds, and is also content with having location back doors into hundreds of millions of phones. Got it.