Search

Security Advisory : Apps and Location Tracking: What Are the Consequences? 

INTRODUCTION 

Of the many digital traces we leave in daily life, location metadata may be the most revealing. Location tracking is common in many applications because it’s so useful – it can allow you to get directions from here to there, discover the closest restaurants near you, or tell you your local weather conditions. These perks, however, can come with large privacy risks. 

Companies that you would never suspect needing so much of your data, are quietly collecting enormous amounts of data. For example, in 2020, an investigation was done on Tim Hortons, as the Tim Hortons app reportedly tracked an individual’s location more than 2,700 times in five months. Commissioners say Tim Hortons collected “vast amounts” of granular location data with the aim of delivering targeted advertising, to better promote its coffee and associated products, but that it never actually used the data for this purpose.  

Some of the apps on our phone sell or share location data about their users with companies that analyze the data and sell their insights. There are many ways location data can be used, and the market for this data is huge – the location data industry is an estimated $12 billion market. Collectors, aggregators, marketplaces, and location intelligence firms are potential buyers interested in your location data.  

WHAT IS BEING COLLECTED?

Some apps genuinely need your location to work properly, but others have different motives. Many collect location data for reasons unrelated to their main function, like targeted ads or selling it to data brokers. 

Once an app collects your location data, you lose control over where it goes. It can be sold repeatedly—from data providers to aggregators that combine information from multiple sources. It could end up in the hands of a “location intelligence” firm that uses the raw data to analyze foot traffic for retail shopping areas and the demographics associated with its visitors.  

You might think, “I have nothing to hide.” But location data can reveal much more than you realize, such as: 

  • Where you get medical treatment and what kind 
  • If you visit a domestic abuse shelter 
  • Where you worship 
  • Where your kids play (if they have phones) 
  • When you’re on vacation and where you go 
  • Where you shop, eat, and bank 
  • Who you spend time with 

Even though this data isn’t directly linked to your name, experts have shown that it’s easy to match location history with other data to identify people and their habits. In 2020, a religious publication used smartphone app data to infer the sexual orientation of a high-ranking Roman Catholic official. The publication claimed it obtained “commercially available” location data from an unnamed vendor and linked it to the priest’s phone, revealing visits to gay bars and private residences while using Grindr, a dating app popular with the LGBTQ+ community.  

Privacy advocates have long cautioned that advertisers gather location and personal data, which is then compiled and sold by data brokers. This information can be used to identify individuals and is not subject to regulations requiring clear consent from those being tracked.

WHAT CAN I DO TO LIMIT LOCATION TRACKING?

The quickest and easiest way to reduce tracking is to delete unnecessary apps. Both Android and Apple allow you to check which apps have access to your location and whether they track it only while in use or all the time. If you don’t use an app often, consider removing it. 

Your location can be tracked through your phone, logged-in accounts, internet connection, and location services. To limit oversharing, take these steps: 

  • Only allow location access for apps that truly need it.
  • Set location permissions to “While Using the App” instead of “Always.” 
  • Only share “Find My Phone” with trusted friends and family. 
  • Review third-party apps in location settings—you might be sharing more than you realize. 

Despite these precautions, location tracking can’t be completely eliminated. It’s important to support companies that provide clear and transparent privacy policies.