Muslim Pro - Prayer Times, Azan, Quran & Qibla

Retest Observations

We retested this app on 19.02.2019. The app still exhibits the behaviour documented below.

Disclaimer: Additionally the tested app may still share data with other third parties. This is outside the scope of this work.

Read more

From the Google Play Store page:

"Recognized by more than 50 million Muslims around the world as the most accurate prayer time & azan application, Muslim Pro also features the full Quran with Arabic scripts, phonetics, translations and audio recitations as well as a Qibla locator, an Islamic Hijri calendar, a map of halal restaurants and Mosques, etc..."

Observed Behaviour

 This documentation demonstrates actions taken by the test user and the apps subsequent responses.

Test user action 1: The user taps on the application icon, which opens the application
Response from app: The application is initialised and the following data is sent and received by the app:

Immediately after the app is opened, the following data is sent to graph.facebook.com (Graph)

The following HTTP GET request is made to graph.facebook.com

GET https://graph.facebook.com/v3.2/155477247795798?fields=supports_implicit_sdk_logging%2Cgdpv4_nux_content%2Cgdpv4_nux_enabled%2Cgdpv4_chrome_custom_tabs_enabled%2Candroid_dialog_configs%2Candroid_sdk_error_categories%2Capp_events_session_timeout%2Capp_events_feature_bitmask%2Cauto_event_mapping_android%2Cauto_event_setup_enabled%2Cseamless_login%2Csmart_login_bookmark_icon_url%2Csmart_login_menu_icon_url&format=json&advertiser_id=474364c6-e9cf-4971-8dd2-b1dc3c605450&sdk=android HTTP/1.1

With the response

 {
  "supports_implicit_sdk_logging":true,"gdpv4_nux_enabled":false,"gdpv4_chrome_custom_tabs_enabled":true,"android_sdk_error_categories":[ {
    "name":"login_recoverable","items":[ {
      "code":102
    }
    , {
      "code":190
    }
    ],"recovery_message":"Please log in to this app again to reconnect your Facebook account."
  }
  ],"app_events_session_timeout":60,"app_events_feature_bitmask":7,"auto_event_setup_enabled":false,"seamless_login":1,"smart_login_bookmark_icon_url":"https:\/\/static.xx.fbcdn.net\/rsrc.php\/v3\/yh\/r\/HyQ4Fq_iGUX.png","smart_login_menu_icon_url":"https:\/\/static.xx.fbcdn.net\/rsrc.php\/v3\/yR\/r\/xi3BPJ134MF.png","id":"155477247795798"
}

 

Without any further user action, the app sends the following request to graph.facebook.com

format:                       json
sdk:                          android
event:                        MOBILE_APP_INSTALL
advertiser_id:                474364c6-e9cf-4971-8dd2-b1dc3c605450
advertiser_tracking_enabled:  true
installer_package:            com.android.vending
anon_id:                      XZ74c17f70-62b0-4018-9914-ed107d708611
application_tracking_enabled: true
extinfo:                      ["a2","com.bitsmedia.android.muslimpro",98609,"9.8.6","8.1.0","Nexus 5","en_GB","GMT","",1080,1776,"3.00",4,13,6,"Europe\/London"]
application_package_name:     com.bitsmedia.android.muslimpro

The app receives the following response from graph.facebook.com:

 {
  "success":true
}

 

Without any further user action, the app sends the following request to graph.facebook.com

format:                       json
sdk:                          android
custom_events:                [{"_eventName":"fb_sdk_initialize","_eventName_md5":"d470d22f237aee69843355edba5a8178","_logTime":1543936366,"_ui":"unknown","_implicitlyLogged":"1","core_lib_included":"1","billing_client_lib_included":"1","login_lib_included":"1","billing_service_lib_included":"1"},{"_eventName":"fb_mobile_activate_app","_eventName_md5":"cb7f3b6cd294afce05ece615d43ea7b9","_logTime":1543936367,"_ui":"MainActivity","_session_id":"9fab509e-6c8b-4274-aff1-2ba13646b7e6","fb_mobile_launch_source":"Unclassified"}]
event:                        CUSTOM_APP_EVENTS
advertiser_id:                474364c6-e9cf-4971-8dd2-b1dc3c605450
advertiser_tracking_enabled:  true
installer_package:            com.android.vending
anon_id:                      XZ74c17f70-62b0-4018-9914-ed107d708611
application_tracking_enabled: true
extinfo:                      ["a2","com.bitsmedia.android.muslimpro",98609,"9.8.6","8.1.0","Nexus 5","en_GB","GMT","",1080,1776,"3.00",4,13,6,"Europe\/London"]
application_package_name:     com.bitsmedia.android.muslimpro

The app receives the following response from graph.facebook.com:

 {
  "success":true
}

 

The following HTTP GET request is made to graph.facebook.com

GET https://graph.facebook.com/v3.2/155477247795798/mobile_sdk_gk?fields=gatekeepers&format=json&sdk_version=4.38.1&sdk=android&device_id=474364c6-e9cf-4971-8dd2-b1dc3c605450&platform=android HTTP/1.1

The app receives the following response from graph.facebook.com:

 {
  "data":[ {
    "gatekeepers":[ {
      "key":"app_events_auto_logging","value":false
    }
    , {
      "key":"app_events_if_auto_log_subs","value":false
    }
    ]
  }
  ]
}

 

Action from app:   The user is asked to allow the app to access the location, and accept the privacy policy and terms and condition
Test user action 2:  The user accepts the terms and conditions and privacy policy, and denys the location request

Screenshot of Dialog shown to user:

Test user action 3: The user goes through the configuration process
Action from app: Advertisments are displayed

The request to graph.facebook.com is as follows

COPPA:                          false
APPBUILD:                       98609
KG_RESTRICTED:                  false
VALPARAMS:                      {"is_emu":"false","apk_size":"15631271"}
UNITY:                          false
ACCESSIBILITY_ENABLED:          false
APPNAME:                        Muslim Pro
WIDTH:                          -1
NUM_ADS_REQUESTED:              1
SESSION_TIME:                   1543936446.001
PLACEMENT_ID:                   155477247795798_2245983322078503
MAKE:                           LGE
REQUEST_TIME:                   1543936446.194
CARRIER:                        
SDK_CAPABILITY:                 [3,4,5,7,11,16,17]
TEMPLATE_ID:                    5
CLIENT_REQUEST_ID:              5ca9212d-95dc-47b7-bf3c-5b26799d32ec
DENSITY:                        3.0
AD_REPORTING_CONFIG_LAST_UPDATE_TIME:0
M_BANNER_KEY:                   Y29tLmJpdHNtZWRpYS5hbmRyb2lkLm11c2xpbXBybyBjb20uYW5kcm9pZC52ZW5kaW5n
SCREEN_HEIGHT:                  592
SDK_VERSION:                    5.1.0
PROCESS:                        {"process_name":"com.bitsmedia.android.muslimpro","is_ads_process":false,"client_supports":false}
SCREEN_WIDTH:                   360
ID_SOURCE:                      
SDK:                            android
OSVERS:                         8.1.0
CLIENT_EVENTS:                  
OS:                             Android
ANALOG:                         {"charging":"1","available_memory":"841449472","total_memory":"1944141824","battery":"100.0","free_space":"5983637504"}
PLACEMENT_TYPE:                 banner
ROOTED:                         2
MODEL:                          Nexus 5
HEIGHT:                         50
BUNDLE:                         com.bitsmedia.android.muslimpro
ASHAS:                          ac80a9856a49ea721cab93531dbe06e1209819f5;
LOCALE:                         en_GB
NETWORK_TYPE:                   1
IDFA:                           474364c6-e9cf-4971-8dd2-b1dc3c605450
ATTRIBUTION_ID:                 
APPVERS:                        9.8.6
MEDIATION_SERVICE:              ADMOB_14799018
INSTALLER:                      com.android.vending
IDFA_FLAG:                      1
SESSION_ID:                     2a93ed74-63ef-4276-b9fb-7013cf9816c8

With the partial response

 {
  "type": "error",
     "code": 1001,
     "message": "No fill",
     "placements": [ {
    "definition": {
      "placement_id": "155477247795798_2245983322078503",
                  "type": "banner",
                  "refresh": "0",
                  "refresh_threshold": "-1",
                  "min_viewability_percentage": "1",
                  "viewability_check_ticker": "0",
                  "viewability_check_interval": "100",
                  "viewability_check_initial_delay": "0",
                  "video_time_polling_interval": "200",
                  "cacheable": false,
                  "client_max_retry_count": "1",
                  "invalidation_duration_in_seconds": "3600",
                  "conv_tracking_data": [ {
        "url": "//.facebook.com",
                          "key": "fr",
                          "value": "1lRoFMx3QJwpTh1mr.AWUAn7P2eFURq9mdCZxyvKJ6EcM.BcBpm_..AAA.0.0.BcBpm_.AWVYMhlt",
                          "expiration": "1551712447"
      }
      , {
        "url": "//.atdmt.com",
                          "key": "ATX",
                          "value": "e24a7288e3f27b7dc8ea313877c387726830eab3",
                          "expiration": "1551712447"
      }
      ]
    }
    ,
             "feature_config": {
      "adnw_android_video_caching_enabled": "true",
                  "adnw_enable_exoplayer": "false",
                  "adnw_enable_iab": "true",
                  "adnw_debug_logging": "true",
                  "adnw_block_lockscreen": "false",
                  "adnw_enable_debug_overlay": "false",
                  "adnw_ios_use_store_url": "true",
                  "adnw_client_request_id_enabled": "false",
                  "adnw_native_cookie_injection": "false",
                  "adnw_top_activity_viewability": "false",
                  "adnw_enhanced_viewability_area_check": "false",
                  "adnw_ios_watch_and_install": "false",
                  "adnw_android_disable_playable_precache": "false",
                  "adnw_android_disable_blur": "false",
                  "adnw_android_memory_opt": "true",
                  "adnw_viewability_check_area_based": "true",
                  "adnw_mapp_markup_impression_after_image_load": "false",
                  "adnw_ios_blur_images_enabled": "false",
                  "adnw_enable_inline_x_out_on_sdk": "true",
                  "adnw_android_wo_bot_detection_enabled": "false",
                  "adnw_unique_db_name_per_process": "true",
                  "adnw_enable_rage_shake": "false",
                  "adnw_enable_inline_x_out_non_fullscreen_on_sdk": "false",
                  "adnw_arrows_instead_of_x_skip_button": "true",
                  "adnw_ios_wo_bot_detection_enabled": "false",
                  "adnw_ios_wo_idfa_enabled": "false",
                  "adnw_ios_wo_bot_detection_dogfooding": "false",
                  "adnw_should_fail_on_cleartext_http_blocked": "true",
                  "adnw_use_iosurface_player_layer": "false",
                  "adnw_ios_wo_network_signal_enabled": "false",
                  "adnw_show_cta_in_rv_pre_endcards": "false",
                  "adnw_fail_ad_load_on_cache_failure": "true",
                  "adnw_images_in_display_size": "true",
                  "unified_logging_immediate_delay_ms": "2000",
                  "additional_debug_logging_sampling_percentage": "10",
                  "additional_debug_logging_black_list_percentage": "0",
                  "additional_debug_logging_black_list": "[\"ipc:2306\",\"api:1015\",\"api:1011\",\"image:2001\",\"api:1018\",\"web_view:1305\",\"cache:2101\",\"cache:2102\",\"cache:2103\",\"act_util:2203\",\"api:1010\"]",
                  "ad_viewability_tap_margin": "0",
                  "minimum_elapsed_time_after_impression": "-1",
                  "visible_area_check_enabled": "false",
                  "visible_area_percentage": "50",
                  "disable_in_app_app_store": "true",
                  "unified_logging_event_limit": "30",
                  "video_and_endcard_autorotate": "autorotate_enabled",
                  "stack_trace_sample_rate": "100",
                  "show_metadata_rewarded_video": "true",

Test user action 4: The user makes further interaction with app
Response from app: No futher data is sent to graph.facebook.com

Test user action 5: The user closes the application
Response from app: No futher data is sent or received by the app from graph.facebook.com

Notes and Commentary

Note 1: In the videos below, the clocks between the VirtualBox Virtual Machine and the Phone handset are not synchronised.
Note 2: The phone videos are split into multiple parts due to a 180 second limitation in Android Developer Bridge screenrecord command

Date Tested
04/12/2018
App Version
9.8.6
Number of App Installs (according to Google Play Store at time of analysis)
10,000,000+
Facebook SDK Version
4.38.1
Opt out of Ads Personalisation (Google Settings)
Not Enabled (Default Setting)