View profile

The Shady $12 Billion Industry Tracking Your Every Move

Dispatches from Editor-in-Chief Julia Angwin
This Week
Hello, friends,
If you’re a privacy nerd like me, you may have turned off “location” services for many apps on your phone that request access to your whereabouts—and allowed only certain apps, like maps and weather, to access your location. 
But it turns out that even that diligence may not be enough to prevent your location history from being swept into the shady $12 billion marketplace for location data that The Markup investigative data journalist Jon Keegan and reporter Alfred Ng revealed this week. 
Jon and Alfred dug deep into the little-known companies that, unbeknownst to most users, buy, sell, and trade location data harvested from apps on your phone—and identified 47 key players in the location data broker industry
Their marketing language is pretty telling: 
  • A company called Near boasts that it has “The World’s Largest Dataset of People’s Behavior in the Real-World,” covering “1.6B people across 44 countries…. 5 billion events processed per day.” 
  • A company called Airsage says its data “includes an average of 250+ million unique devices.” 
  • A company called start.io brags it can find “your customers … in the real world in real-time.” 
  • Six companies claim that their data contained information from more than a billion devices. 
We built an interactive dashboard of their marketing claims that you can explore at your leisure. (See our data on GitHub, here.)
The Location Data Industry: Collectors, Buyers, Sellers, and Aggregators
The Markup identified 47 players in the location data industry
Created by Joel Eastwood and Gabe Hongsdusit. Source: The Markup. (See our data, including extended company responses, on GitHub.).
Created by Joel Eastwood and Gabe Hongsdusit. Source: The Markup. (See our data, including extended company responses, on GitHub.).
And yet the most important piece of the puzzle remains elusive: Which apps are selling user location data into this market? 
Most of these companies refused to tell us where they get their data—except Foursquare, which disclosed to us that “a considerable portion” of its location data comes from its own apps, such as Swarm, CityGuide, and Rewards. 
Most other companies appear to rely on a shadowy pipeline that starts when you give permission to an app to use your location data. That app might have a legitimate reason to need your data, but it might also have language in its privacy policy that allows it to share that data with third parties. 
“When the app asks for location, in the moment, because maybe you click the button to find stuff near you and you get a permission dialog, you might reasonably infer that ‘Oh, that’s to service that request to provide that functionality,’ but there’s no guarantee of that,” Serge Egelman, a researcher at UC Berkeley’s ​​International Computer Science Institute and chief technology officer of AppCensus, which audits apps for privacy violations, told The Markup. 
Yiannis Tsiounis, the CEO of the location analytics firm Advan Research, told The Markup that his company buys from aggregators that collect the data from thousands of apps—but would not say which apps. “Everybody sells to everybody else,” he said.
Occasionally, an intrepid reporter will be able to identify an app that is selling into these marketplaces. Last year, Vice reporter Joseph Cox found that the U.S. military was buying location data from a broker, X-Mode (now Outlogic), that sourced its data from apps including a Muslim prayer app called MuslimPro. (After the Vice story broke, MuslimPro said it would no longer share user location data with X-Mode.) 
In 2018, a New York Times team led by Jennifer Valentino-DeVries tested and was able to identify several apps, including The Weather Channel and theScore, a sports app, that were passing location data on to location data tracking companies. The apps said that the data sharing was disclosed in their privacy policies.
Earlier this year, journalists used commercial location data to identify a Catholic priest who was visiting gay bars while using a gay hookup app. The priest then resigned from his post. It is not clear whether the journalists purchased the location data or obtained it in some other way.
The Wall Street Journal reporter Byron Tau has also been diligently tracking military use of cellphone location data. Last year, he and Michelle Hackman reported that the Department of Homeland Security was using location data from Venntel for immigration and border enforcement. Earlier this year, Byron reported that the Defense Intelligence Agency was using commercial databases to monitor U.S. cellphone locations without a warrant
Sen. Ron Wyden has introduced legislation, the Fourth Amendment Is Not For Sale Act, that would prohibit law enforcement and intelligence agencies from buying commercial data about Americans without court oversight—closing what he called a “legal loophole.” Congress has not acted on the bill as of yet.
Google and Apple have tried in the past to crack down on apps in their apps stores that send information to location data brokers. Last year, for instance, Google and Apple both said they would ban apps that included code from certain location data brokers from their app stores. But earlier this year, researchers found hundreds of apps in the Android app store that still contained the location tracking codes. 
The researchers also found that location tracking was booming across the board. They found location tracking code in 450 apps, including 64 dating apps and 42 messaging apps. And despite the furor over the use of location data from the Muslim prayer app disclosed by Vice, they found location tracking code in another 10 Muslim religious and cultural apps. 
Of course, all this tracking of our movements is legal. The location data brokers we identified all freely advertise their wares, and many of them are registered as data brokers in California and/or Vermont—the two states that require data brokers to identify themselves.
And the data broker industry is a powerful political force. As investigative data journalist Maddy Varner and reporter Alfred Ng revealed earlier this year, data brokers spent nearly as much lobbying Congress as Big Tech did in 2020. Maddy and Alfred identified 25 data brokers who spent $29 million on federal lobbying in 2020, compared with $19 million spent by Facebook, $18 million by Amazon, and $8 million by Google. 
Still, we plan to keep shining a light on this little-known industry. If you have any insights to share about the location data tracking industry, please send them along to Jon Keegan at keegan@themarkup.org.
As always, thanks for reading.
Best,
Julia Angwin
Editor-in-Chief
The Markup
 
From The Markup
 
There’s a Multibillion-Dollar Market for Your Phone’s Location Data
What’s Missing from the Infrastructure Bill’s $65 Billion Broadband Plan?
Germany’s Far-Right Political Party, the AfD, Is Dominating Facebook This Election
P.S. For more from Julia Angwin and Hello World, look here. To receive the latest from our Citizen Browser project, sign up here, and so you can keep up on all the news from The Markup, sign up here, and we’ll email you every time we publish about the ways powerful actors are using technology to change society, usually two to three times a week.
This email doesn't track you when you open it or click on any links. To learn more read our Privacy Policy.
In order to unsubscribe, click here.
If you were forwarded this newsletter and you like it, you can subscribe here.
The Markup - The Markup P.O. Box 1103 N.Y., N.Y. 10159