It’s been an unexpectedly busy week for Samad Rafe, the chief executive officer for a healthcare technology company in Brooklyn Center and founder of the Islamic prayer app Muslim Directory.
Why the new interest in Rafe and his Minneapolis-based app?
Muslims worldwide flooded social media last week after an investigation revealed the U.S. Special Operations Command (USSOCOM) has been buying data harvested from Muslim Pro, a hugely popular Muslim prayer and Qur’an app. This branch of the military focuses on counterterrorism and collects intelligence to use for overseas special forces operations.
Through public records, interviews with developers, and technical analysis, VICE’s tech publication Motherboard found that a company called X-Mode has been obtaining data from Muslim Pro (and other apps), and selling it to the military.
Available for iPhones and Android devices, Muslim Pro reminds users when to pray and how to face Mecca from any location. The app, created by Bitsmedia Pte Ltd. and based in Singapore, counts more than 98 million downloads worldwide, according to Muslim Pro’s website.
Just a day after the report was published, Muslim Pro said in an email to Motherboard that the company will no longer share data with X-Mode In a statement posted to its website Friday, Muslim Pro announced the formal launch of a full investigation.
“We will continue to take all necessary measures to ensure that our users practice their faith with peace of mind, which remains Muslim Pro’s sole mission since its creation,” the email to Motherboard said.
Nonetheless, Muslims around the world quickly deleted the app from their phones and searched for alternatives—which takes us back to Samad Rafe and Muslim Directory.
Rafe is the CEO of SRS Web Solutions which specializes in healthcare documentation. He’s been particularly concerned about how apps collect user data for advertisements.
Data privacy laws are difficult to navigate. So Sahan Journal spoke with Rafe and asked him some of the same questions that have been flooding his inbox this last week. What exactly happened with Muslim Pro? How could our prayer data be misused by government operators in Washington? Which apps can we trust—religious or not?
For people who don’t really understand the purpose of an app such as Muslim Directory, can you explain what it’s for?
It’s all for a good purpose. The first thing is it reminds you of prayer times. The second thing is that there is a compass that shows you the direction to pray towards. We also have a directory of mosques across the United States and Canada.
Can you briefly explain the issue surrounding Muslim Pro?
The way it works is that the apps can sell your data to the third parties. And the third parties can do whatever they want with it. When we started Muslim Directory, we made a conscious decision that we aren’t going to sell the data to anybody.
What kind of guarantee can you provide that you don’t sell location data?
We have donor funds and have been able to support ourselves. It’s not like we’re making money every day from it. But if we do make money, we’re not going to make money from advertisers by selling them your data.
Technically speaking, for apps like Muslim Pro or Muslim Directory, don’t you have to give them your location data? How do you know which apps to trust?
The responsibility falls a lot on the user. So you’ve got to look at three things when you download an app.
- Prompts for permissions: If the app is prompting you to grant permission, you have to look carefully as to why it’s asking for permission. If you’re looking for prayer times, you’re going to have to grant location permission because that varies depending on where you are. But the same app doesn’t need to access, say, your contacts, camera, microphone, etc. You can also check what permissions you’ve granted for certain apps in your phone settings.
- Know the country: When you download an app, take a few seconds to see where the developer is. If the developer is outside the United States, that’s really important. Muslim Pro is in Singapore, for example. Singapore cyber security laws are very lenient compared to U.S. law.
- Watch out for advertisements: If you have an app that has ads on it, that’s a red flag. They’re taking information from you and selling it. You’re the product. Who you’re sold to, nobody knows. Whether it’s a gaming app or an Islamic app, if it has ads, your data is being compromised.
When you first heard about Muslim Pro what was your reaction?
I wasn’t very surprised. I knew that people are selling data, because that’s how they make money. But I wasn’t sure, to be honest, that there are companies out there who are actually directly serving government agencies like the military. I wasn’t fully aware of who they could sell it to.
The analytics that you can run out of the data–I don’t think that’s fully known. What I can tell, for example, is how many people in Minneapolis are actually going to the mosque based on location data. I can see how many people actually care about praying based on how many times they check the app. I can even see how much time a user spends reading a page on an app with passages from the Qur’an.
What worries me are the decisions a person sitting behind a screen in Virginia—who doesn’t know anything about Muslims—is going to make. And a whole community is going to suffer because of those decisions.
How will the community suffer?
Here’s my fear. Let’s say you have 20,000 users in the Middle East. Out of those users, five people have a specific behavior. This isn’t about reading emails. This is about making decisions based on behaviors—like whether you go to the mosque, pray on time, or read the Qur’an regularly. Let’s say that those five people in the Middle East with a specific behavior happen to do something dangerous.
A person analyzing their data can then make an incorrect analysis and decide that a group of users in Minneapolis who exhibit the same specific behavior through an app are just as dangerous. But maybe the behavior is that they’re just reading the same passage from the Qur’an. That’s why this is problematic.
How was Muslim Directory started?
In 2012, there was a space in the market where people were looking for some kind of app that reminds them about prayer times. There were a lot of tools coming into the market. But people usually did not realize the privacy aspect of that initially. So a few of my friends and I, and also some Islamic scholars, were discussing potentially creating an app.
I said there’s a privacy issue here. They can collect all religious information, they can sell it or make analytics out of it. Who knows how they’ll use that data? So we decided we needed to make a tool that serves the community but depends on donations. We weren’t going to allow advertising agencies to come and access the data that we collect from our users. There were investors at that time that recognized the importance of that. We’ve had 100,000 users in the past five years.
What’s the broader issue to consider here?
We as a community need to take our privacy seriously. I’m not worried about five years from now; I’m worried about what privacy will look like for my kids in 15 years. I don’t want them to be a victim of my decisions—that I make a decision to download something and now my data, and possibly my kids’ data are with someone.
Who knows how they’re going to use it. We learned about the U.S. military using it today, but tomorrow we don’t know what kind of government is going to use it and for what intention.
In our country, we take patient data very seriously, like with HIPAA laws. My question is, are we really okay with sharing our behavior data, especially religious data? If not, we need stronger laws for sharing and taking advantage of behavioral data.