SINGAPORE, Nov 20 — The Personal Data Protection Commission (PDPC) is investigating allegations that a Singapore-based Muslim prayer mobile application sold sensitive location data of its users to the United States military, the regulator said yesterday.
App developer Bitsmedia, which owns the Muslim Pro app, has denied the claims.
Based on a report by the US-Canadian news outlet Vice Media on Monday, the app sent data to X-Mode, an American data broker that has past dealings with US defence contractors.
Data brokers collect data and trawl through the internet for information about users and combine those details with data from other sources.
Muslim Pro has about 100 million users across various mobile platforms, making it the most downloaded Islamic app globally.
A network analysis that Vice Media carried out found that Muslim Pro had sent “granular location data” to X-Mode.
In profilesThe data transfer included the name of the Wi-Fi network to which a user’s mobile phone was linked, a time stamp and details about the phone, such as its model.
In response to TODAY’s queries, a PDPC spokesperson said that the commission was aware of the allegations and has requested more information from Bitsmedia.
“Organisations with mobile applications available to Singapore users must comply with the data protection requirements of the Personal Data Protection Act (PDPA),” the spokesperson said.
“We remind users to also be mindful of the type of permissions and personal data that they provide and how it may be used. If in doubt, users should not download or use any application.”
Under the PDPA, Singapore’s main data protection law, organisations that breach the rules are liable for a fine of up to S$1 million (RM3.05 million).
The Act was amended earlier this month to increase the financial penalty to 10 per cent of an organisation’s yearly turnover in Singapore, or S$1 million, whichever is higher. The amendments, however, have not come into force yet.
Vice Media’s investigation also named other mobile apps outside Singapore that appealed to Muslim users.
On Tuesday, Bitsmedia denied the Vice Media article’s allegations, saying that media reports were “incorrect and untrue.”
In a statement on its website, it said that it had terminated all relationships with its data partners, including X-Mode.
Two days later, the company said that it collects, processes and uses information from users to improve its services and support further research and development for the app. Location data is also used for its features, such as to calculate Muslim prayer times.
It claimed that data shared with its partners was anonymised and, like other free apps, this was done “for common purposes such as advertising, which is the main source of revenue for us in order to keep most of the app features free for our users.”
This was done in “full compliance” with relevant laws and regulations, Bitsmedia said, adding that it has a strict data governance policy in place.
“We work with a selected range of third parties in the industry, including social media, data analytics and advertising partners, who generally help improve our product and services — all done with the consent of our users.”
Based on TODAY’s checks, there was no mention of X-Mode in Muslim Pro’s data privacy policy.
However, the policy did include Tutela and Quadrant, two other location data firms. Quadrant, a Singapore-based data broker, lists X-Mode as one of its trusted partners on its website, along with US defence firms such as the Sierra Nevada Company.
Data sharing between firms for business improvement is legal in Singapore, as long as the data can be anonymised and is transmitted securely between two companies.
Last year, PDPC and the Infocomm Media Development Authority launched a framework to sketch out the best industry practices for such data sharing. — TODAY
