https://www.theregister.com/2021/02/06/google_xmode_android_apps_play_store/ The Register(r) -- Biting the hand that feeds IT search [ ] # # Sign in Off-Prem CloudInternet of ThingsChannelBusiness (X) On-Prem ServersStorageNetworksPersonal Tech (X) Software All SoftwareDevOpsArtificial IntelligenceVirtualization (X) SecurityOff-Beat DebatesScienceGeek's GuideBOFHVerity StobPolicyBootnotesSite News (X) Vendor Voice AdobeNutanixRapid7Red hatSophosVeeam (X) # # # [front] Software Oops: Google admits failing to wipe all Android apps with location-tracking X-Mode SDKs from its Play Store For best results, take a second dose of privacy cleanse Thomas Claburn in San Francisco Sat 6 Feb 2021 // 02:19 UTC Share reddit Twitter Facebook linkedin WhatsApp email [https://www.theregis] Copy --------------------------------------------------------------------- Google on Friday removed 25 Android apps from the Google Play Store after missing them during a prior purge. The apps contained the X-Mode SDK that the Chocolate Factory previously banned for selling location data. "Due to an oversight during our enforcement process, 25 apps containing the X-Mode SDK were not removed from Google Play after the developers were given a 7-day warning," a Google spokesperson said in a statement emailed to The Register. "After learning of the error, we immediately removed the apps." [front] The SDK gathers location data that X-Mode, a Reston, Virginia-based data broker, then sells to third-parties. In early December, Google and Apple gave mobile app developers seven days and two weeks respectively to jettison the X-Mode SDK, a software library the developers had integrated into their apps in exchange for payment - "$10K or more a month," the data biz claims. Illustration of location tracking in a city Location tracking report: X-Mode SDK use much more widespread than first thought READ MORE [front] X-Mode maintains that it does not collect personally identifiable information such as names or email addresses, even though location data can help identify someone. It promises "automated privacy compliance" with the California Consumer Privacy Act and Europe's GDPR laws, which doesn't appear to have swayed Apple or Google from disallowing the technology. Or rather disallowing the technology in theory. In late January, ExpressVPN, in conjunction with Paris-based Defensive Lab Agency, published a report identifying 450 Android apps, with 1.7bn downloads between them, that had incorporated the location-harvesting SDK, and claiming that hundreds were still available at the end of last month. When we reported on the findings earlier this week, Google told us that all Android apps with X-Mode's code had been removed. But ExpressVPN told us that 25 privacy-violating apps remained and provided The Register with a list that we then presented to Google for verification. The VPN biz suggested that its initial report helped hasten Google's removal of the non-compliant apps but also said that 25 out of 199 it had analyzed identified still contained X-Mode. The majority of these were city guide apps, which present themselves as aids to travelers and would not raise eyebrows when seeking permission to use location data. [front] "We note that the remaining apps containing X-Mode have been downloaded more than 12 million times from Google Play, that older versions of apps containing X-Mode still persist on consumer smartphones and alternative app stores for Android, and, most importantly, that the privacy problems posed by location surveillance are not limited to X-Mode," said Sean O'Brien, principal researcher for ExpressVPN Digital Security Lab. (r) Get our Tech Resources * MORE * Google * Security * Software * Privacy Corrections Send us news 8 Comments reddit Twitter Facebook linkedin WhatsApp email Get our Weekly newsletter [front] Most Read 1. car speeds away The Linux box that runs the exec carpark gate is down! A chance for PostgreSQL Man to show his quality 2. wait for update Chrome zero-day bug that is actively being abused by bad folks affects Edge, Vivaldi, and other Chromium-tinged browsers 3. View of a city with location tags Oops: Google admits failing to wipe all Android apps with location-tracking X-Mode SDKs from its Play Store 4. Tired IT worker rubs his eyes My bad! So you're saying that redacting an on-screen PDF with Tipp-Ex won't work? 5. Cisco Cisco reveals critical bug in small biz VPN routers when half the world is stuck working at home [front] --------------------------------------------------------------------- [front] Keep Reading India launches Google antitrust probe and Google mostly shrugs it off The usual stuff in the spotlight: Google Pay crowding out rivals, search algo bias We've got some really bad news about Apple's privacy measures, Google tells iOS app devs: It'll hurt your Google ad revenue Chocolate Factory insists it's working on its own info usage labels, too Kick Google all you like, Mozilla tells US government, so long as we keep getting our Google-bucks In case you've forgotten: Google sends Mozilla about $400m a year Developer beta for Huawei's Google-free HarmonyOS is here - but you may need to Google Translate the docs It's all in Chinese if you fancy a gander Cutting the ties: European hosting provider OVHCloud to offer Google Anthos, no Google account needed Full Euro data sovereignty, promises cloud company Google allows 15 more nations to offer gambling in the Play store India gets special attention with new rules for apps that tie loyalty and prize draws to payments Epic Games files competition lawsuit against Google in the UK over Fortnite's ejection from Play Store Epic by name, epic (lawsuit) by nature Fedora's Chromium maintainer suggests switching to Firefox as Google yanks features in favour of Chrome 'They're not closing a security hole, they're just requiring that everyone use Chrome' Tech Resources [whitep] Incident Response Guide What's the best way to stop a cyberattack from turning into a full breach? Prepare in advance. [whitep] Security Information and Event Management (SIEM) Solutions In this buyer's guide, get an overview of today's SIEM security market, what SIEM solutions can (and should) offer, and what to consider when evaluating vendors. [whitep] The Role Frameworks and Privacy Regulations Play in Healthcare in Cybersecurity Find out what tools and techniques can help overcome challenges to safeguard healthcare. [whitep] How to Fortify Your Organization's Last Layer of Security - Your Employees People impact security outcomes, much more often than any technology, policy or process. [front] ABOUT US[f] * Who we are * Under the hood * Contact us * Advertise with us MORE CONTENT[f] * Latest News * Popular Stories * Forums * Whitepapers * Webinars SITUATION PUBLISHING[f] * The Next Platform * DevClass * Blocks and Files * Continuous Lifecycle London * M-cubed Situation Publishing The Register - Independent news and views for the tech community. Part of Situation Publishing SIGN UP TO OUR DAILY NEWSLETTER Subscribe Twitter Facebook LinkedIn feeds no-js Biting the hand that feeds IT (c) 1998-2021 Do not sell my personal information Cookies Privacy Ts&Cs