Truth, Inspiration, Hope.

Federal Agencies Bought Harvested Location Data From Dating and Prayer App Broker

Published: February 26, 2022
Federal agencies such as the DHS and IRS purchased harvested location data from a broker notorious for exploiting dating and prayer apps.
Fencing and caution tape is sealing off the Internal Revenue Service (IRS) building from the public in Washington, D.C., on Jan. 19, 2022. The IRS came under scrutiny last year after congress members raised questions about the close ties the agency maintained with a data mining company called X-Mode. (Image: STEFANI REYNOLDS/AFP via Getty Images)

A data broker that sold millions of dollars worth of sensitive location data from dating apps and Muslim prayer apps to federal agencies is now owned by a federal government contractor.

The data broker, formally known as X-Mode, acquired more than 50,000 portions of location data in 140 countries from more than 20,000 individual advertising IDs provided by 107 apps during 2018 and 2019, according to a batch of transactions obtained by The Intercept.

Though the list may not be exhaustive, it appeared to be legit, according to the outlet, based on reviews by two former employees of the data selling enterprise. 

X-Mode bought location data from apps like Bro, a dating app for “bi, gay, and open-minded men,” Perfect365, a virtual makeup app, and Tango, a popular live-streaming app, as well as from dozens of other apps that shared their customers’ credentials in what the outlet called a multibillion-dollar location data trade. 


According to The Markup, the acquired data would then be sold to federal agencies like the Internal Revenue Service (IRS) and Department of Homeland Security. 

Shadowy figures

It is unknown how big a slice X-Mode, a company that boasts of handling data from over 25 percent of the adult U.S. population per month, had obtained in the deal. It can be speculated that it must have been somewhere between zero and the $12 billion that the market is estimated to be worth.

“There isn’t a lot of transparency, and there is a really, really complex shadowy web of interactions between these companies that’s hard to untangle,” a cyber policy associate at the Duke Tech Policy Lab, Justin Sherman, told the outlet in September of 2021. 

“They operate on the fact that the general public and people in Washington and other regulatory centers aren’t paying attention to what they’re doing,” he added. 

Public outcry and rebranding

Location data are not only used for optimizing ads, but also by law enforcement agencies and governmental bureaus for tracking and identifying purposes. The extent to which your data is being mined, merchandised, and analyzed—be it with or without your consent—is unknown but it’s a virtually unbridled market.

Last year, the IRS came under enhanced scrutiny by Congress after statistics about an alleged mass data mining scam by the agency’s division on criminal investigation surfaced. 

The probe never happened, but X-Mode promised to do better in the future and, officially, said it would drop its plans to use biometric identification software to validate new accounts.

Whether that intention was ever followed up is hard to say as the company rebranded itself to “Outlogic” after it was purchased by Digital Envoy, a contractor for several Federal agencies such as DHS, IRS, and the Defense Department.

The fusion

“Digital Envoy and Outlogic have a shared mission to enrich their clients’ decision making and innovation by providing the world’s most valuable IP and location intelligence, while preserving the safety and privacy of consumers,” it read in a joint statement of both parties in August of 2021. 

“Consumer privacy and data protection have remained important issues for the location and digital data collection sectors,” the announcement read.

“Following the acquisition, Digital Envoy has instituted a code of ethics, created a data ethics review panel, implemented a sensitive app policy, and is hiring a Chief Privacy Officer,” it said, adding that, “Historically, X-Mode has contractually prohibited clients from re-identification.”

Henceforth, the joint venture announced that it took “additional care by shutting off all U.S. location data going to defense contractors.”

Nonetheless, the company would keep serving government clients, while contending that accruing and selling location data “has been integral in confronting the COVID-19 pandemic, the fight against human trafficking, and the optimization of emergency vehicle and evacuation routes during natural disasters, among powering many other essential social services.”