Your phone is likely selling your location information to the highest bidder. But there are steps you can take to help prevent that.
The issue has been raised in Congress in recent weeks. In mid-June, a group of Democratic senators introduced legislation, called the Health and Location Data Protection Act, that seeks to ban data brokers from sharing the location and health data they collect. Although banning the sharing of health data seems pretty self-explanatory—and it’s frankly shocking to learn that there are no protections against its sale already—location-data collection has long been an issue that has flown under many people’s radar.
In a statement to Motherboard, Senator Elizabeth Warren (D-Massachusetts) said the bill “will ban brokers from selling Americans’ location and health data, rein in giant data brokers, and set some long overdue rules of the road for this $200 billion industry.”
The bill would handcuff the practice of selling location data significantly, and though it’s hard to imagine that the bill is going anywhere because of that, its introduction does mark the perfect opportunity to take a closer look at why location data is important in the first place—and what you can do to protect yourself regardless. (Let’s set aside the importance of health data for another day.)
What is location access, and how is it used?
A lot of apps, from weather apps to coupon apps, request location access on your phone. When you give an app permission to access your location, it uses your phone’s GPS signal and satellites to pinpoint where you are, with varying degrees of specificity. Once you’ve granted access, the apps typically share that data with third parties, which in this case usually means members of a complex industry known as data brokers. These data brokers may pay app developers cash for installing their code in an app, or they may pull data from behavioral-advertising auctions. The location data may then be purchased or leaked to anyone, including law enforcement and, well, newspapers. Over the past few years, we’ve seen such data get used in surprising and unsettling ways:
Time and time again, we’ve seen companies collect and share location data with countless third parties until they’re called out for doing so. This freewheeling sharing of data is also central to the concerns over how prosecutors may collect data in states where abortion becomes illegal. All of this is why it’s worth taking a minute to look through your phone and revoke location-access permissions in apps that don’t need it.
How do you turn location access off?
Some apps, such as GPS navigation apps, will not work without access to your location. But others, such as weather apps, can be set to “coarse [or approximate] location,” which doesn’t send your specific location; alternatively, you can disable location access entirely and just type in a zip code. Many apps, such as games, real estate apps, and others, don’t need access to your location at all to function. Here’s how to check which apps have access to your location:
- On Android: Open Settings > Privacy > Permission Manager > Location
- On iPhone: Open Settings > Privacy > Location Services
Location data from apps is just one part of the location data that a company might collect. As you’ve likely seen in countless movies, your phone pings mobile cell towers throughout the day to function. Law enforcement has been known to fake these types of towers to collect location data directly using so-called StingRays. There’s no way to stop this type of tracking and still have a functioning phone. And although cell carriers have been fined for selling location information, it’s unclear whether they continue to do so. Your phone also broadcasts some information that other parties can use to track your location: They can find you over Wi-Fi and Bluetooth through your phone’s MAC address, though such addresses are now randomized on both Android and iOS, which makes it difficult (but not impossible) to track a device over time.
One privacy tip: Clean up the rest of your permissions
App permissions can get out of hand over time, so I find it useful to go in every few months and confirm that apps aren’t overreaching. This is easy to do and takes only a few seconds. Let’s start by navigating to the permissions page on your phone:
- On Android: Open Settings > Privacy > Permission Manager
- On iPhone: Open Settings > Privacy
Once there, scroll through each section and keep an eye out for any app permissions that seem out of place. Some of these permissions are self-explanatory, such as a photo app needing access to your photos or the camera, but some can be a little stranger, like an app asking for access to your contacts or calendar. If one of these permissions doesn’t make sense to you, disable that access. If the app continues to work as before, you’re good to go, but if not, you can always go in and reenable that permission.
Other privacy news we’re watching
🍪 Firefox recently enabled its “total cookie protection” feature by default in its web browser. This new feature attempts to lock down potential online tracking by assigning any cookies that a website deposits in your web browser into a “cookie jar,” where they can’t communicate with one another. Theoretically this move should make third-party tracking more difficult. This update comes paired with the news that upcoming changes to the Google Chrome browser may break ad blockers.
🚗 Modern cars have about as much technology as a smartphone—which means they’re collecting nearly the same amount of data, but likely without your realizing the depth of it all. The Drive looked at some car makers’ data practices, and—surprise!—it’s pretty terrible, with many manufacturers sharing data with third parties and collecting mountains of it themselves. And unlike with a smartphone, where you at least have the illusion of control over your data, you have almost no control over what a car collects, or where it goes.
💸 No platform seems to be safe from crypto scammers these days. The FBI says that fraud on LinkedIn is up, with that professional-networking platform joining the likes of Instagram, Facebook, WhatsApp, and Twitter. The FTC offers a few tips to avoid these types of scams; in particular, the agency notes that no legitimate business ever requires cryptocurrency, and only scammers guarantee profits.
This article was edited by Jason Chen.