CChances are that your smartphone is currently sending location data to multiple companies. It’s an issue that’s growing increasingly prominent, with the Associated Press reporting on September 1 that police have been using a cellphone tracking tool to “search hundreds of billions of records from 250 million mobile devices.” This week the FTC also sued a broker for selling sensitive location data from hundreds of millions of devices.
Your smartphone has many apps that track where you are. Many of these apps often have obvious motives. The weather app will tell you the current conditions. Branded fast-food apps like Chick-Fil-A’s find your nearest location. These apps are designed to help you find people nearby through dating and hookup. These apps quietly accumulate huge amounts of data. A 2018 study found that as many 200 million smartphones transmit location data, according to an app. New York Times investigation, with some logging a user’s location as many as 14,000 times in a single day.
For certain individuals, location data can be sensitive. Privacy experts state that data are always personal no matter who they may be.
“These location points reveal everything about what we do over the course of a day,” explains ACLU lawyer and privacy expert Nathan Wessler. He says they can reveal ”where we sleep at night—because our phones are near us; where we go during the day, our friends and romantic partners. You leave work and may go to an AA meeting or stop at a psychiatrist’s office. Your patterns of life are going to be reflected in this data.”
Companies are also increasingly experiencing backlash.
Earlier this month, Facebook parent company, Meta, settled a class action lawsuit alleging that the company tracked users’ whereabouts even after they had turned off location settings on their phones. Meta was ordered to settle the lawsuit by paying $37.5 million to close to 70 million users.
Coffee chain Tim Horton’s apologized to customers after Canadian privacy regulators found the app tracked thousands of users “every few minutes” throughout the day, even when the app was closed. Users are often unaware that data is being collected by apps such as prayer reminders and fitness apps.
The location data industry is a $12 billion market, with firms like X-Mode boasting on their websites they’ve collected such data from 25% of U.S. adults at some point. Companies aren’t just collecting location data, though—they’re also sharing it with brokers, aggregators, and potentially law enforcement. An app that helps you navigate the streets or make a saving on coffee can also keep track of your whereabouts.
Here’s what you should know about apps that collect location data from users.
The apps’ knowledge about you
They only have access to your locality or municipality. None of this data is tied to your name or identifying personal details—it’s all associated with your phone itself. However, privacy experts have shown repeatedly that it isn’t difficult to match location data with other data points they have on a person, revealing their identity and where they’ve been.
It’s another way to make money. Although location data is critical to how some apps work—for example, a mapping app—companies may share this information with third parties, usually advertisers. Local car dealers may partner with advertising companies to target left-leaning moms who are interested in minivans that are eco-friendly. An ad agency is paid by the dealership. They hire brokers and other aggregators who combine your location data with your internet history, such as past purchases or likes on Facebook. That information helps the ad company show deals and promotions based on what they think you’re likely to buy.
“Nobody expects that those apps on our phones are also harvesting every location point as we go about our days and selling them to data brokers,” says Wessler.
Your data poses risks
Location data reveals much more than where you’ve been. Law enforcement has also used it to infer people’s immigration status, religion, and sexual orientation.
2020 Vice detailed in a report how federal agencies used location data collected from Quran app and Muslim prayer to counter terrorism. Last year, a Catholic priest was outed after a news outlet claimed it used location data sourced from Grindr to show the priest’s phone was at gay bars.
The ACLU published thousands of documents earlier this month that showed how ICE, DHS and other agencies bought location data from app brokers. The data, which was gathered from many millions of smartphones in the US southwestern region, was used for immigration enforcement. These documents don’t indicate whether or not this information resulted in deportation.
A person’s choice of clinic can help to infer their health information. This is especially important for those seeking abortion. Since the Supreme Court’s reversal of Roe V. Wade privacy advocates have urged lawmakers to strengthen digital privacy protections. Companies like Facebook and Google get tens to thousands of requests from the law enforcement for their user data each year. They comply almost 90% of all of these requests. This can include the user’s search histories, profile information, or sometimes even their location history.
Alphabet, Google’s parent company has announced that it will stop location tracking and reduce the amount of data it retains on individuals seeking abortion information. Facebook CEO Mark Zuckerberg touted the platform’s encryption policies, while both companies have said they will push back on any overly broad requests. Privacy experts warn, however, that the states will undoubtedly press tech companies to provide data. This could include location data that can reveal whether an individual has requested an abortion.
Data where the data is
Apps may say that they don’t “sell” your location data—but the reality of “selling” data is complicated.
In the physical world, selling a product means an item leaves the seller’s hands and ends up in the buyer’s hands. For location data, however, it’s more accurate to say brokers sell AccessFor the opportunity to download and search information in a shared data base, you will be charged for this service.
Alan Butler, executive director of the Electronic Privacy Information Center, argues that this kind of access is “a sale as well, especially when you’re allowed to download the information.”
Some buyers are law enforcement agencies.
If any law enforcement agency wanted to track someone’s movements by following them around town in a police car, they’d need a warrant. Agency have been able to bypass this process for many years by working with data brokers. Some data brokers market location services to agencies and boast their ability find people.
Privacy advocates have called for Congress to close the loophole, which they say amounts to a warrantless search.“The question we need to ask as a society is if we think the government should have access to a complete almanac of everywhere we go and everything we do, just by buying it,” says Wessler.
Lawmakers are now trying to update privacy rules, forcing companies to inform users whether they’re “sharing,” “selling” or “accessing” data. In August, the FTC stated that it would do more to regulate companies that collect or share data.
What you can do if you don’t like the sound of this
The quickest and most obvious way to counter this is to delete apps. Both Android and Apple lets users see which apps you’ve granted location access. It is important to note that you cannot see what apps are tracking your location while the app remains open. If there’s any app you don’t rely on regularly, go ahead and delete it.
The app can be stopped at any time if it is not necessary. Users are often presented with a false binary: hit “Agree” once and be tracked or endure frequent nudges asking for location permission. Decline the location request if it isn’t necessary, and turn off notifications so the app won’t ping you constantly to turn it back on.
The system is confusing by design, Butler says, but the fault shouldn’t lie with the user. Over the years, Google and Apple, the two largest app stores in the world, introduced new data collection rules. Developers have been required by both Apple and Android to present their privacy policies. They must clearly state what data they collect. Android even has a helpful section for pausing collection from apps you don’t use much, while Apple has told developers to make it easier to make deletion requests.
The lawmakers also work on long-term strategies. Butler supports the Fourth Amendment Is Not For Sale Act. This would make it mandatory that law enforcement obtain a warrant prior to purchasing location data from brokers. The bill was introduced in 2021 and has received renewed support. an August hearingThe loophole was used to implicate the FBI, DHS and ICE among others.
California Consumer Privacy Act allows users to request that any company delete all data they have. However, other states are slow in adopting such rules.
“Even for someone who thinks they truly have nothing to hide and they are totally comfortable with every detail of their life being an open book to the government,” said Wessler, “people have to make a decision about what kind of society we want to live in, and particularly what kind of protections we want for the most vulnerable members of that society.”
Read More From Time