Location Tracking Privacy: Who Knows Where You Are

Your location is tracked continuously by your smartphone, the apps you use, the cell towers you connect to, the WiFi networks your device probes, and even Bluetooth beacons in retail stores. This location data is collected, sold, and shared across a vast ecosystem of data brokers, advertisers, and analytics companies. A 2024 investigation by the New York Times demonstrated that commercially available location data could track individual phones to specific homes, workplaces, churches, abortion clinics, and addiction treatment centers.

Who Tracks Your Location

Your phone’s operating system. Both iOS and Android collect location data for system services. Google’s Location History (now Timeline) records every place you visit. Apple collects “Significant Locations” locally on your device.

Apps. Weather apps, social media, dating apps, fitness trackers, navigation, photo apps, and even flashlight apps request location permissions. Many transmit your coordinates to third-party data brokers every few minutes. A 2018 New York Times investigation found that at least 75 companies received precise location data from apps on a single reporter’s phone.

Cell carriers. Your mobile carrier continuously knows your approximate location through cell tower connections. This data has been sold to third parties including bounty hunters and bail bond companies, prompting FCC enforcement actions.

WiFi and Bluetooth probing. Your phone constantly searches for known WiFi networks and Bluetooth devices, broadcasting unique identifiers. Retail analytics companies use this to track foot traffic, dwell time, and shopping patterns in stores.

Connected vehicles. Modern cars with built-in connectivity transmit location data to manufacturers and insurance companies.

Reducing Location Tracking

Review app permissions aggressively. On both iOS and Android, review which apps have location access. Set permissions to “While Using” rather than “Always.” Disable location access entirely for apps that do not need it. A news app does not need your precise location.

Disable advertising identifier. On iOS, go to Settings > Privacy > Tracking and disable “Allow Apps to Request to Track.” On Android, Settings > Privacy > Ads > Delete Advertising ID.

Disable WiFi and Bluetooth scanning. Both platforms use WiFi and Bluetooth scanning for location accuracy even when WiFi/Bluetooth is “off.” Disable this in Settings > Location > Scanning (Android) or turn off WiFi/Bluetooth entirely when not needed.

Review Google and Apple location settings. Turn off Google Location History in your Google account settings. On iOS, review Settings > Privacy > Location Services > System Services and disable unnecessary system-level location access.

Use a VPN to mask your IP-derived location from websites and services.

For more on the data ecosystem that monetizes your location, see our surveillance capitalism guide. To protect your mobile device comprehensively, explore our mobile device security checklist.

The Value of Location Data

Location data is among the most valuable categories of personal information because it reveals behavior that people rarely share voluntarily: medical visits, religious attendance, political activities, personal relationships, and daily routines. Data brokers sell location data packages that allow buyers to target advertising based on places visited, assess insurance risk based on driving behavior, and even identify individuals who attended specific events or protests.

The commercial value of location data creates strong incentives for collection that override user privacy preferences. Apps that appear to respect your settings may still infer approximate location from IP address, WiFi network names, or other contextual signals. The most effective protection is minimizing the number of apps with any form of location access and using a VPN to mask your IP-derived location.

Geofencing and Warrants

Law enforcement increasingly uses geofence warrants to identify all devices present in a specific location during a specific time period. Google revealed receiving over 10,000 geofence warrants annually. These warrants sweep in everyone present, not just suspects. Minimizing your location data reduces the likelihood of being caught in these digital dragnets for locations you happened to visit.