For Muslims, the matter of digital privacy is interwoven with fears of government surveillance and Islamophobia.PHOTO BY JACOB LUND/ADOBE Most apps collect and store data. Now some Muslim developers are trying to keep that practice consistent with the tenets of Islam. Why you can trust us
BY AYSHA KHAN JUN 16, 2021
In late 2020, as the coronavirus ravaged London’s minority communities, Ibrahim Javed was losing sleep over data. He’d developed an app, Salah Space, to allow worshippers to book time slots for prayer at mosques, which had limited capacity during the pandemic. But for his app to work, it needed to collect data from British Muslims.
Over the past year, Javed has been thinking more about his role in what he describes as “preserving the sanctity of Muslim data.” He’s part of a new generation of Muslims in the technology industry who view their users’ data and privacy as an amanah, or trust, that they have a sacred duty to uphold. And increasingly, amid a broader cultural shift around digital privacy, Muslim users are pushing app developers like him to maintain that trust.
“This is what scared me,” said Javed, who also is the founder of the faith-based tech-for-social-good nonprofit Deen Developers. “We’re building something for the community—how do we ensure that no one has access to this data? Because it’s valuable and potentially can be used to hurt our communities. How do you build a solution in the safest way possible without infringing on anyone’s rights?”
Many Muslim software developers are concerned with the possibility of troves of Muslims’ personal data being exposed in a data breach, whether it is a general leak of user data, or part of a targeted hack or harassment campaign by anti-Muslim groups. They are also wary of taking part in the multibillion dollar personal data sales industry.
We as Muslims have just felt the consequences of privacy violations sooner than everyone else.
For Muslims, the matter of digital privacy is also deeply interwoven with fears of government surveillance and Islamophobia. Invasive post-9/11 counter-extremism and intelligence programs, such as the New York Police Department’s secret spying project and federal informant networks, weigh heavy on many young Muslims’ minds, as do new revelations about how tech companies have aided China’s repression of Uyghur Muslims. Such realities inform the choices of many Muslims building, or simply using, technology.
In November 2020, a few months before Salah Space launched, Vice News published an investigation revealing that the popular Islamic prayer timing app Muslim Pro and dating app Muslim Mingle were among several that sold users’ location data to third-party data brokers. That data, the report alleged, was eventually bought by U.S. defense contractors before landing in the hands of the U.S. military. Muslim Pro dismissed the report as “incorrect and untrue” and said it was cutting all ties with the data broker.
Regardless, the expose led to mass deletion of the app—and a shift in many Muslims’ vigilance about digital privacy.
“The Muslim community knows that they’re under heightened surveillance, since 9/11 and even prior to that,” said Electronic Frontier Foundation attorney Saira Hussain. “So when people found out their data from Muslim Pro was being vacuumed up by a third party they didn’t even know existed, for example, many people saw a clear invasion of privacy. And many people said, ‘Oh, I expected this.’”
The news sent shockwaves throughout Muslim communities around the world. “This is wild and unacceptable,” Texas imam Sheikh Omar Suleiman reacted. “No Muslim app should be selling data, especially not like this.” The Islamic Leadership Council of New York warned members of its 90 organizations to delete the apps. Group chats lit up with outrage over the apps’ “betrayal” of Muslims and advised finding alternative ways of finding prayer times, from printing out timetables to using old-school alarm clocks that play the Arabic call the prayer.
“We as Muslims have just felt the consequences of privacy violations sooner than everyone else,” said Abdul-Rahman Abbas, who co-founded a privacy-focused prayer app called Pillars to fill the gap for Muslims like him who had deleted Muslim Pro. “As a result, we’ve all become quite paranoid. And rightly so, to be honest with you.”
We have a trust between us and the community.
The Pillars app was born out of a conversation in one of those group chats, where local Muslim students were seeking alternatives to Muslim Pro. But truly secure apps were difficult for non-experts to find and verify: One cybersecurity analyst’s examination of privacy policies for 50 Islamic prayer apps found that nearly all shared data with third-party services such as advertisers.
Pillars was launched in April as a result of an ongoing process of gathering feedback from Muslims on social media. The simple, ad-free app has since received over 1,000 daily downloads on average.
“We have a trust between us and the community,” said Pillars co-founder Tariq Imaad Jamal, a computer science student at University College London. “Anything we do in which we deal with the community, we have to maintain that trust and make sure we’re doing the right thing.”
The app does not collect any user data. All information, from a user’s location (needed to provide orientation toward Mecca) to prayer times (which vary by location, time of year, and among different schools of Islamic thought), is stored locally on the user’s phone.
“We can’t touch it,” Jamal said. “Whenever there’s a feature that we’re considering implementing down the line, our first question is, can we maintain the security of our users’ data?”
Deliberately, the creators are making their identities known and themselves easily accessible for feedback—and also as a matter of public accountability, should they violate their users’ amanah.
Data privacy consultant Jamal Ahmed, who launched the Amanah Project to promote better privacy practices among Islamic charities, says personal privacy is a central right in Islamic teachings. While the European Union’s General Data Protection Regulation laws only “gave Europeans data privacy in 2016, our prophet established data privacy as a basic right over 1,400 years ago,” he quipped.
Several groups that offer their cybersecurity and digital hygiene training say they are seeing heightened interest from Muslim activists and Islamic institutions.
Ahmed points to several prophetic traditions and Quranic injunctions requiring Muslims to cover their awrah, or intimate and private parts, and which warn against exposing their own or other believers’ weaknesses. The Prophet Muhammad also forbade trespassing and peering into others’ homes, even saying that if a homeowner threw a stone that killed a peeping tom, it would not be a sin.
“These tech companies are collecting much more invasive and intimate information about people’s thoughts, preferences, and behavior than they could ever learn by peering into your house,” Ahmed said. Just as with the metadata collected by apps like WhatsApp, which many users deleted after a recent update that worried privacy advocates, Ahmed said “they don’t actually need to know the contents of your messages to understand a lot more about you than you probably know about yourself.”
After the Muslim Pro news emerged, the American Civil Liberties Union filed a public records request about the government’s purchase and use of Islamic apps’ user data. The ACLU called it “yet another betrayal of trust” and a violation of the religious freedom of U.S. Muslims. The Council on American-Islamic Relations requested a congressional investigation into the “government’s use of personal data to target the Muslim community here and abroad.” Led by a group of officials including Muslim Representatives Rashida Tlaib and Ilhan Omar, 18 members of Congress signed a letter to the Secretary of Defense and Director of National Intelligence requesting an investigation into the data purchases and questioning whether they were part of “systematic, warrantless surveillance of the Muslim-American community contrary to the privacy protections guaranteed in the U.S. Constitution.”
For the creators of Salah Space, finding privacy solutions that satisfied both the needs of the developers and the users required collaborating with Muslim lawyers, Islamic scholars, mosque board members, programmers, and members of the wider Muslim community. They decided to allow anonymous prayer time bookings, set all data to be deleted after two weeks, and encrypt all collected data, only releasing what is necessary for specific and verified government contact tracing to control the spread of COVID-19.
“We’ve got 180,000 bookings on the platform, and there have been no COVID outbreaks at any mosques using our platform, so I feel all right about the good we were able to do,” Javed said.
For some critics, such precautions are still insufficient. Ahmed, the data privacy expert, argued that any possibility of a data breach or government request to hand over data on an already-targeted community is too risky. Among users of Pillars, too, some are urging the developers to make the app fully open-source, allowing its source code to be audited and freely used by anyone.
Several groups that offer their cybersecurity and digital hygiene training—such as Ahmed’s organization, Kazient, and the South Asian tech organization Equality Labs—say they are seeing heightened interest from Muslim activists and Islamic institutions in the wake of Vice’s exposé, as well as an increase in doxxing campaigns and other digital attacks against Muslim organizers.
Sharmin Hossain, Equality Labs’ political director, says her whole family had used Muslim Pro. Now, her main concern is increasing digital security literacy so that privacy-focused tools, like messaging app Signal and the Tor browser, become “something that your average uncle who works at a bodega can access.”
“It’s a ripple effect,” she said. “I might not be able to say that a certain big mosque in Dallas is following digital security best practices. But people within that congregation have some level of knowledge about the risks of data mining and doxxing and social media surveillance, and how to mitigate them.”