Why Location-Sharing Apps Are a Privacy Problem (And What to Do Instead)
Your location data is collected, sold, and used in ways you've never agreed to. Here's what's actually happening — and practical alternatives.
Most people think of location sharing as a straightforward trade-off: you give an app access to your GPS position, and in return you get useful features — finding friends nearby, tracking a delivery, getting navigation directions. The exchange seems fair and bounded.
It isn't. The actual scope of what happens to your location data is far broader, and the downstream uses are often things you would never knowingly agree to.
How Location Data Is Collected
Location data enters the digital ecosystem through several channels, and most of them are invisible to users.
Direct collection by apps. The most obvious channel: apps you've granted location permission to. The problem is that many apps request location access for features you rarely use, and then continue collecting even when you're not actively using the app. A weather app that asked for your location once in 2022 may have been logging your movements every day since.
SDKs embedded in other apps. This is the less visible channel. Many apps include third-party analytics or advertising SDKs that independently collect location data. The app developer may not even fully understand what data the SDK is harvesting. From the perspective of the SDK vendor, your location data is being collected from hundreds or thousands of different apps simultaneously.
Wi-Fi and Bluetooth signals. Even without GPS, your location can be triangulated using nearby Wi-Fi access points and Bluetooth beacons. Retail stores, airports, and other venues routinely deploy hardware specifically to capture this data from passing devices.
IP address geolocation. Every time your device connects to the internet, your approximate location can be inferred from your IP address. This is less precise than GPS but good enough to identify your city, neighborhood, or ISP.
What Happens to Your Location Data
Once collected, location data flows through a supply chain that most users never see.
Data brokers. Companies like Veraset, SafeGraph, and X-Mode (now Outlogic) aggregate location data from multiple sources and sell it as a packaged product. Their customers include retailers analyzing foot traffic, hedge funds tracking store visits to predict earnings, and political campaigns profiling voters. Individual records in these datasets are supposed to be anonymized, but academic research has repeatedly demonstrated that a handful of location data points is enough to uniquely identify most individuals — even without names or device identifiers attached.
Law enforcement. Law enforcement agencies have used geofence warrants to compel technology companies to hand over the identities of all devices present in a given area during a given time window. This means if you attended a protest, visited a medical clinic, or were simply near a crime scene, there is a plausible mechanism for your presence to be identified from your device's location history. Google alone received thousands of geofence warrant requests in recent years.
Insurance and financial services. There are documented cases of insurers using location data to assess behavioral risk — for example, inferring health conditions from visits to specific types of medical facilities, or driving habits from GPS traces. The line between what is permissible and what consumers would consent to if they understood it is frequently blurred.
Targeted advertising. At the more mundane end, location data is used to serve location-targeted ads. If your device was detected at a car dealership on Tuesday, expect to see car ads for the next several weeks. This is the stated purpose of much location-data collection — and it's the least alarming use on the list.
Why "Anonymous" Location Data Isn't Anonymous
The standard defense offered by data brokers and app developers is that location data is anonymized — stripped of names, email addresses, and other direct identifiers before being sold or shared.
Research has shown this protection is largely illusory. A 2013 study published in Nature found that just four spatiotemporal data points — four timestamped locations — were enough to uniquely identify 95% of individuals in a dataset of 1.5 million mobile phone records, even when all names and phone numbers had been removed. Subsequent research has only reinforced this finding.
The mechanism is intuitive once you think about it. If you know someone sleeps at a particular house (identifiable from their home address) and works at a particular office, those two locations alone are enough to identify them in any dataset, regardless of what name is attached to the record.
The Specific Problem With Social Location-Sharing Apps
Apps explicitly designed for location sharing — where the point is to share your position with other people — have a compound problem. Not only does the app have access to your location; it also has a social graph that maps your relationships. That combination is significantly more sensitive than either piece of data alone.
Consider what a continuous location feed plus a social graph reveals: who you spend time with, where you sleep, whether you're at home when you said you'd be at work, whether your relationship patterns are changing, what religious institutions or political gatherings you attend. The implications for domestic abuse situations, for people in sensitive professions, or for anyone with a stalker are severe.
There have been documented cases of domestic abusers using legitimate family-tracking apps to monitor partners. Life360, in particular, has faced criticism both for its data-sharing practices with third parties and for its use as a surveillance tool within relationships.
What to Do Instead
This doesn't mean abandoning digital coordination. It means being more deliberate about the tools you choose and the permissions you grant.
- Audit your location permissions. On iOS: Settings → Privacy & Security → Location Services. On Android: Settings → Location → App permissions. Revoke access for any app that doesn't need your location to function, and change any remaining "Always" permissions to "While using."
- Distinguish between live location and future plans. Live GPS sharing is almost never necessary for coordination. Sharing where you plan to be achieves the same social goal — making plans with people — without exposing your real-time movements.
- Choose apps that don't monetize location data. Look for apps that are explicit about their business model. An app funded by subscriptions or a freemium tier has less incentive to sell your data than one dependent on advertising revenue.
- Read privacy policies — or at least the key sections. Most privacy policies aren't designed to be read, but the data sharing section will tell you whether your data is sold to or shared with third parties. That single paragraph is usually the most important one.
- Use Signal for sensitive coordination. For communication that should be private — sensitive meeting times, location details — Signal provides end-to-end encrypted messaging that doesn't store metadata on its servers.
- Prefer future-intent coordination tools. Apps like Droozi are designed around sharing where you plan to be rather than where you are. This provides the coordination utility of location sharing without the continuous surveillance.
The Bigger Picture
Location data is among the most sensitive categories of personal information — more revealing than most people appreciate, and harder to protect than most people realize. The infrastructure for collecting, aggregating, and selling it is mature, well-funded, and largely invisible to the people it affects.
The good news is that the coordination problem location-sharing apps claim to solve doesn't actually require live location tracking. Sharing your future plans — where you'll be and when — is enough to organize meetups, coordinate group travel, and stay connected with a dispersed network. You can get all the social utility without the surveillance.
Privacy-conscious alternatives exist. Using them is increasingly practical. The main barrier is habit and inertia — not any genuine trade-off between privacy and functionality.
Try it for free
Ready to plan meetups without sharing your location?
Download Droozi and drop your first future pin in under a minute.