The Shady $12 Billion Industry Tracking Your Every Move

Hello, friends,

If you’re a privacy nerd like me, you may have turned off “location” services for many apps on your phone that request access to your whereabouts—and allowed only certain apps, like maps and weather, to access your location. 

But it turns out that even that diligence may not be enough to prevent your location history from being swept into the shady $12 billion marketplace for location data that The Markup investigative data journalist Jon Keegan and reporter Alfred Ng revealed this week. 

Jon and Alfred dug deep into the little-known companies that, unbeknownst to most users, buy, sell, and trade location data harvested from apps on your phone—and identified 47 key players in the location data broker industry. 

Their marketing language is pretty telling: 

We built an interactive dashboard of their marketing claims that you can explore at your leisure. (See our data on GitHub, here.)

And yet the most important piece of the puzzle remains elusive: Which apps are selling user location data into this market? 

Most of these companies refused to tell us where they get their data—except Foursquare, which disclosed to us that “a considerable portion” of its location data comes from its own apps, such as Swarm, CityGuide, and Rewards. 

Most other companies appear to rely on a shadowy pipeline that starts when you give permission to an app to use your location data. That app might have a legitimate reason to need your data, but it might also have language in its privacy policy that allows it to share that data with third parties. 

“When the app asks for location, in the moment, because maybe you click the button to find stuff near you and you get a permission dialog, you might reasonably infer that ‘Oh, that’s to service that request to provide that functionality,’ but there’s no guarantee of that,” Serge Egelman, a researcher at UC Berkeley’s ​​International Computer Science Institute and chief technology officer of AppCensus, which audits apps for privacy violations, told The Markup. 

Yiannis Tsiounis, the CEO of the location analytics firm Advan Research, told The Markup that his company buys from aggregators that collect the data from thousands of apps—but would not say which apps. “Everybody sells to everybody else,” he said.

Occasionally, an intrepid reporter will be able to identify an app that is selling into these marketplaces. Last year, Vice reporter Joseph Cox found that the U.S. military was buying location data from a broker, X-Mode (now Outlogic), that sourced its data from apps including a Muslim prayer app called MuslimPro. (After the Vice story broke, MuslimPro said it would no longer share user location data with X-Mode.) 

In 2018, a New York Times team led by Jennifer Valentino-DeVries tested and was able to identify several apps, including The Weather Channel and theScore, a sports app, that were passing location data on to location data tracking companies. The apps said that the data sharing was disclosed in their privacy policies.

Earlier this year, journalists used commercial location data to identify a Catholic priest who was visiting gay bars while using a gay hookup app. The priest then resigned from his post. It is not clear whether the journalists purchased the location data or obtained it in some other way.

The Wall Street Journal reporter Byron Tau has also been diligently tracking military use of cellphone location data. Last year, he and Michelle Hackman reported that the Department of Homeland Security was using location data from Venntel for immigration and border enforcement. Earlier this year, Byron reported that the Defense Intelligence Agency was using commercial databases to monitor U.S. cellphone locations without a warrant. 

Sen. Ron Wyden has introduced legislation, the Fourth Amendment Is Not For Sale Act, that would prohibit law enforcement and intelligence agencies from buying commercial data about Americans without court oversight—closing what he called a “legal loophole.” Congress has not acted on the bill as of yet.

Google and Apple have tried in the past to crack down on apps in their apps stores that send information to location data brokers. Last year, for instance, Google and Apple both said they would ban apps that included code from certain location data brokers from their app stores. But earlier this year, researchers found hundreds of apps in the Android app store that still contained the location tracking codes. 

The researchers also found that location tracking was booming across the board. They found location tracking code in 450 apps, including 64 dating apps and 42 messaging apps. And despite the furor over the use of location data from the Muslim prayer app disclosed by Vice, they found location tracking code in another 10 Muslim religious and cultural apps. 

Of course, all this tracking of our movements is legal. The location data brokers we identified all freely advertise their wares, and many of them are registered as data brokers in California and/or Vermont—the two states that require data brokers to identify themselves.

And the data broker industry is a powerful political force. As investigative data journalist Maddy Varner and reporter Alfred Ng revealed earlier this year, data brokers spent nearly as much lobbying Congress as Big Tech did in 2020. Maddy and Alfred identified 25 data brokers who spent $29 million on federal lobbying in 2020, compared with $19 million spent by Facebook, $18 million by Amazon, and $8 million by Google. 

Still, we plan to keep shining a light on this little-known industry. If you have any insights to share about the location data tracking industry, please send them along to Jon Keegan at keegan@themarkup.org.

As always, thanks for reading.

Best,

Julia Angwin

Editor-in-Chief

The Markup

P.S. For more from Julia Angwin and Hello World, look here. To receive the latest from our Citizen Browser project, sign up here, and so you can keep up on all the news from The Markup, sign up here, and we’ll email you every time we publish about the ways powerful actors are using technology to change society, usually two to three times a week.