Not Every App Needs To Know Where You Are.

Open your phone’s settings right now and look at which apps have been granted access to your location. Most people who do this for the first time are surprised. Not by one or two apps — by the number. A flashlight app. A recipe app. A game. A shopping app that could function perfectly without knowing where you are. All of them, quietly, have been tracking your movements.

Location data is one of the most valuable categories of personal information that exists. It tells a story about you that no other single data type can match — where you live, where you work, where you go for medical appointments, where you worship, who you spend time with, what your daily routine looks like, and where you are right now. Individually, a single location data point is trivial. Accumulated over weeks and months, it is a precise and intimate biography of your life.

The obvious reason an app requests location access is functionality. Maps need your location to give directions. Weather apps need it to show local forecasts. Ride-sharing apps need it to find your pickup point. In these cases the request is legitimate and the relationship between location data and the service provided is clear.

The less obvious reason is monetization. Location data is extraordinarily valuable to advertisers, data brokers, and a range of commercial entities whose business depends on knowing where people go and what that reveals about their behavior, preferences, and identity. Many apps that have no functional reason to know your location request it anyway — because the data they collect can be sold, shared, or used to build advertising profiles that generate revenue independent of whatever the app nominally does.

A flashlight app does not need your GPS coordinates to turn on your phone’s torch. A recipe app does not need to know which neighborhood you live in to show you how to make pasta. A game does not need your precise location to let you play it. When apps like these request location access, the purpose is not to serve you better. The purpose is data collection.

Location data collected by apps does not typically stay within the app. It flows to a broader ecosystem of data brokers, advertising networks, and analytics companies through embedded software development kits — pieces of code that app developers include in their products, often in exchange for revenue, that collect and transmit location data to third parties.

In 2024, the Federal Trade Commission took action against X-Mode Social, a company that tracked mobile app users’ visits to sensitive locations — including family planning clinics, religious institutions, union offices, schools, and domestic violence shelters — and sold that data to commercial clients and government contractors. The company operated through apps that users had downloaded for entirely unrelated purposes. The users had no idea their visits to these locations were being recorded and sold.

In January 2025, the FTC issued a final order against Mobilewalla, another data broker, prohibiting them from selling location data associated with sensitive locations. A parallel action against Kochava, also a data broker, alleged that the company collected precise geolocation data revealing visits to sensitive locations and sold it without adequate consent.

These enforcement actions confirm what privacy researchers have documented for years: the market for location data is large, largely unregulated outside a handful of US states, and actively includes data about visits to locations that most people would consider deeply private.

The commercial market for location data has a second, less visible customer: government agencies and law enforcement.

In 2025, Google provided location data belonging to a user to US Immigration and Customs Enforcement without giving the user the opportunity to challenge the request — breaking what had been a nearly decade-long practice of notifying users before complying with government demands for their data. The data was provided in response to a subpoena.

Law enforcement agencies in multiple countries have used commercial location data — purchased from data brokers rather than obtained through formal legal processes — to track individuals without obtaining a warrant. This practice, sometimes called a geofence warrant or a reverse location search, allows authorities to identify everyone who was present at a specific location during a specific time window, using data that was originally collected for advertising purposes.

The location data your apps collect, sold through data brokers to commercial entities, can end up in the hands of government agencies through channels that may not require judicial oversight. This is not a theoretical risk. It is a documented practice.

This is one of the most straightforward privacy improvements you can make — and it costs nothing and takes minutes.

Audit your location permissions today. On iPhone go to Settings, Privacy and Security, Location Services. On Android go to Settings, Location, App Permissions. You will see every app that has location access and the level of access granted — Always, While Using, or Never. Go through the list and ask yourself whether each app genuinely needs location access to function.

Revoke location access from every app that does not need it. Games, utilities, shopping apps, social media apps, productivity tools — if the core function of the app does not require knowing where you are, deny it. You can always grant access temporarily if a specific feature requires it.

Change Always to While Using wherever possible. For apps that do genuinely need location access — maps, navigation, local services — change the setting from Always to While Using the App. This means the app can only access your location when it is open and visible on screen, not running in the background tracking your movements continuously.

Disable precise location where approximate is sufficient. Both iOS and Android allow you to share approximate location rather than precise GPS coordinates with individual apps. A weather app does not need to know your exact address — it needs to know your general area. Use the approximate option wherever it is offered.

Turn off location services entirely when not in use. If you are not actively using an app that requires location, consider turning off location services at the system level from your quick settings panel. This takes one tap and eliminates all background location collection until you re-enable it.

Be cautious about new app permissions requests. When you install a new app and it immediately requests location access before you have even used it, that is a signal worth paying attention to. Ask yourself why a freshly installed app needs your location before you have had any interaction with it.

Your phone knows everywhere you have been. The question is how many other people know that too — and what they are doing with it.