<strong>How US churches breach privacy with spyware to force congregants conform to what pastors want</strong>

How US churches breach privacy with spyware to force congregants conform to what pastors want


While the accessibility functionalities are meant to help software developers build out features that assist people with disabilities, these apps take advantage of such permissions to either capture screenshots of everything actively being viewed on the internet device or detect the name of apps as they’re being used and record every website visited in the device’s browser.

In Hao-Wei Lin’s case, that included his Amazon purchases, articles he read, and even which friends’ accounts he looked at on Instagram. The trouble is, according to Hao-Wei Lin, providing his Gracepoint Church leader with a ledger of everything he did online meant he could always find something to ask him about, and the way Covenant Eyes flagged content didn’t help.

For example, in Covenant Eyes reports that Hao-Wei Lin showed us, his online psychiatry textbook was rated “Highly Mature,” the most severe category of content reserved for “anonymisers, nudity, erotica and pornography.” The same was true of anything Hao-Wei Lin felt was “remotely gay,” like his Statigr.am searches.

After we contacted Google about Covenant Eyes and Accountable2You, both apps were suspended from the Google Play store. “Google Play permits the use of the Accessibility API for a wide range of applications,” spokesperson Danielle Cohen says in an email. “However, only services that are designed to help people with disabilities access their device or otherwise overcome challenges stemming from their disabilities are eligible to declare that they are accessibility tools.”

Covenant Eyes and Accountable2You both remain available on iOS. While we did not test the apps on Apple devices, neither app appears to utilize iOS’ accessibility permissions. Apple has not yet responded to a request for comment.

In our tests of Accountable2You prior to its suspension, we found that the software similarly flagged content with keywords like “gay” or “lesbian” in the URL. For instance, when we set up a test account and navigated to the US Centers for Disease Control’s website for LGBTQ youth resources, the phone we designated as our accountability partner was immediately texted and emailed a “questionable activity report” indicating that our test phone had visited a “Highly Questionable” website.

“It’s really not about pornography,” says Brit, a former user of Accountable2You who asked to only be identified by her first name, due to privacy concerns. “It’s about making you conform to what your pastor wants.”

Brit says she was asked to install the app by her parents after she was caught looking at pornography and that her mother and her pastor were both her designated accountability partners. “I remember I had to sit down and have a conversation with him [her pastor] after I Wikipedia’d an article about atheism,” she says. “I was a kid, but that doesn’t mean I don’t have some kind of right to read what I want to read.”

While accountability apps are largely marketed to parents and families, some also advertise their services to churches. Accountable2You, for example, advertises group rates for churches or small groups and has set up several landing pages for specific churches where members can sign up.

Covenant Eyes, meanwhile, employs a director of Church and Ministry Outreach to help onboard religious organizations.

Eva Galperin is director of cybersecurity at the Electronic Frontier Foundation, a digital rights non-profit, and cofounder of the Coalition Against Stalkerware. Galperin says consent to such surveillance is a major concern.

“One of the key elements of consent is that a person can feel comfortable saying no,” she says. “You could argue that any app installed in a church setting is done in a coercive manner.”

While we did not speak to anyone who was unaware that the app was on their phone, which is often the case with spyware, Hao-Wei Lin says he didn’t feel like he was in a position where he could say no to his church leader when he was asked to install Covenant Eyes. Gracepoint had secured him a $400-a-month apartment in Berkeley, where he was attending college. Without the church’s support, he might have had nowhere to live.

But this is not the experience of everyone we spoke to. James Nagy is a former Gracepoint member who, as a one-time church leader, was on both sides of Covenant Eyes reports. Nagy, who is gay, was taught from a young age that homosexuality was a sin. So when Gracepoint offered him a software solution that claimed to be able to help what he then considered to be a moral dilemma, he jumped at the opportunity. He says that while he believed many people at Gracepoint were pressured to install the app, in his case, the pressure came from himself.

“Gracepoint didn’t try to change me,” Nagy says. “I tried to change me.” Nagy is now an elder at the Presbyterian Church (USA) and until 2021 was a facilitator with the Reformation Project, a non-profit whose mission is to advance LGBTQ inclusion in the church.

In the quest to curb behaviour churches deem immoral, these accountability apps will collect and store extremely sensitive personal information from their users, including from those under the age of 18. Fortify, which describes itself as an addiction recovery app, asks its users to log information about when they last masturbated, where they were when it happened, and what device they used.

While Fortify’s privacy policy states that the company doesn’t sell or otherwise share this data with third parties, its policy does allow it to share data with trusted third parties to perform statistical analysis, although it does not mention who these trusted third parties are.

In a phone call, Clay Olsen, the CEO of Fortify parent company Impact Suite, clarified that these trusted third parties include companies like Mixpanel, an analytics service company that tracks user interactions with web and mobile applications.

While we found several churches recommending Fortify to their congregations, Olsen says neither Fortify nor Impact Suite count religious institutions as customers.

When we tested the Fortify software, we found that the app also utilises other technology to track users. For instance, because it includes Facebook’s Pixel, data related to Fortify’s masturbation-tracking form is sent to Facebook. While the data does not appear to include the contents of the tracking form, it does have metadata about the form itself, including when it was filled out.

Facebook appears to store that data and, when possible, associates it with a user’s account. After setting up a test account with Facebook, logging in, and then interacting with Fortify, we were able to see interactions with Fortify in a copy of the test account’s data obtained through Facebook’s privacy centre.

Fortify’s inclusion of Facebook’s Pixel isn’t just a privacy issue, it’s a security problem. While testing the app, we also noticed that the password to our account was sent in plaintext to Facebook in the URL of the tracking requests. Facebook claims to have filtering mechanisms to prevent its systems from storing this type of personal information, but Fortify’s apparent oversight is still concerning to experts like Galperin. “That’s a huge vulnerability,” she says. “It’s the sort of behaviour that makes me feel like they don’t have security experts reviewing the app or its policies.”

Facebook spokesperson Emil Vazquez says companies that share sensitive user data with the Meta-owned social media platform are violating its policies.

“Advertisers should not send sensitive information about people through our Business Tools. Doing so is against our policies,” Vazquez says. “Our system is designed to filter out potentially sensitive data it is able to detect.” Facebook did not say whether its filters detected the plaintext passwords sent by Fortify.

After being notified of the password issue, Olsen said Fortify would stop transmitting users’ unencrypted passwords to Facebook. As we went to press, the issue had not yet been addressed.

Hao-Wei Lin has since moved on from Gracepoint but is still processing the trauma he feels the church has caused him. We met earlier this month (September) at his thesis exhibition at Parsons School of Design in New York City, where he is about to get his Master of Fine Arts in photography. He says it was only after he went back to school that he felt he was in a safe enough space to start processing what he went through at Gracepoint.

Hao-Wei Lin’s photography was sombre, but not without humour. One was of a 3D rendering of a room where he says he and other members of Gracepoint would meet after their Sunday service. A solitary figure is hunched over praying, his head resting in the seat of his plastic chair. As I look at the photo, Hao-Wei Lin tells me he wants the viewer to feel like they are a surveillance camera perched in the top corner of the room. The name of his work: “Covenant Eyes.”

  • A Wired report
About author

Your email address will not be published. Required fields are marked *