How to Protect Your Privacy From Location Data Brokers

Every time you open a weather app, check a restaurant review, or simply leave Wi-Fi scanning enabled on your phone, your precise GPS coordinates may be harvested, packaged, and sold to advertisers, data analytics firms, and even government agencies. Location data brokers have turned your daily movements into a multi-billion-dollar commodity — and most people have no idea it is happening. Here is how the industry works and what you can do to reclaim your locational privacy.

What Are Location Data Brokers?

Location data brokers are companies that specialize in collecting, aggregating, and reselling geolocation information tied to mobile devices. Unlike traditional data brokers that traffic in names and addresses, location data brokers deal in movement patterns — where you sleep, where you work, what clinics you visit, which places of worship you attend, and where you travel on weekends.

Major players in this space include Venntel, Babel Street, Kochava, X-Mode (now Outlogic), Gravy Analytics, Placer.ai, SafeGraph, and Near Intelligence. These companies maintain databases containing billions of location pings collected from hundreds of millions of devices worldwide.

How Your Location Data Gets Collected

Location data enters the broker ecosystem through several channels, often without your meaningful awareness or consent:

• Mobile app permissions: Apps that request location access — including games, weather apps, navigation tools, and coupon apps — often share that data with third parties through embedded software development kits (SDKs).
• Advertising exchanges: When your phone loads an ad, a real-time bidding request is broadcast that can include your precise GPS coordinates. Data brokers tap into these ad exchanges to collect location signals at massive scale.
• SDK integrations: Companies like X-Mode and Kochava provide SDKs that app developers embed in exchange for revenue. The SDK silently collects and transmits location data in the background.
• Wi-Fi hotspot connections: When your phone scans for or connects to Wi-Fi networks, it reveals your location to the network operator. Some commercial Wi-Fi providers sell aggregated location analytics to brokers.

Why Location Data Is So Dangerous

Location data is among the most sensitive categories of personal information because it reveals behavior patterns that are impossible to infer from a name or email address alone:

• Health conditions: Repeated visits to an oncology clinic, a mental health provider, or an addiction treatment center.
• Religious practice: Regular attendance at a specific mosque, synagogue, church, or temple.
• Political activity: Presence at protests, political rallies, or campaign offices.
• Relationship patterns: Overnight stays at addresses that are not your registered home.
• Financial status: Visits to payday lenders, bankruptcy attorneys, or high-end shopping districts.

Even when location data is sold as "anonymized" or "de-identified," researchers have demonstrated repeatedly that a handful of location points are enough to uniquely re-identify an individual. Your home address and workplace alone form a near-unique signature.

Regulatory Actions So Far

Regulators are beginning to act, but enforcement remains limited. The Federal Trade Commission (FTC) moved to prohibit Kochava from selling sensitive location data — including data tied to reproductive health clinics, places of worship, and domestic violence shelters — without obtaining affirmative consent from consumers. This enforcement action was a landmark, but it addressed only one company in an industry with dozens of major players.

State-level privacy laws in California (CCPA/CPRA), Colorado, Connecticut, and Virginia provide some rights to opt out of the sale of personal information, including location data. However, exercising those rights requires knowing which brokers hold your data and submitting individual opt-out requests to each one.

How to Protect Yourself From Location Data Brokers

1. Audit and Restrict App Permissions

Go through every app on your phone and revoke location access for any app that does not genuinely require it to function. On both iOS and Android, you can set location access to "While Using the App" rather than "Always" for apps that do need it. Be especially aggressive with free apps, games, and utility apps — these are the most likely to monetize your location through embedded SDKs.

2. Disable Your Advertising ID

Your mobile advertising ID is the key that allows data brokers to link your location data across apps and over time. Disabling it significantly degrades their ability to build a profile on you.

• Apple (iOS): Go to Settings > Privacy & Security > Tracking and disable "Allow Apps to Request to Track." This effectively zeroes out your IDFA.
• Android: Go to Settings > Privacy > Ads and select "Delete advertising ID." On newer Android versions, this permanently removes the identifier rather than simply resetting it.

3. Turn Off Wi-Fi and Bluetooth Scanning

Even when Wi-Fi is turned off, many phones continue scanning for nearby networks in the background to improve location accuracy. This scanning leaks your position to network operators. Disable it under your phone's location or Wi-Fi settings — on Android, look for "Wi-Fi scanning" and "Bluetooth scanning" under Location > Location Services.

4. Use a VPN

A reputable VPN encrypts your internet traffic and masks your IP address, which is another signal that data brokers use to approximate your location. A VPN will not stop GPS-based tracking from apps you have granted location permission to, but it does eliminate IP-based geolocation — a common fallback when GPS data is unavailable.

5. Use Privacy-Focused Browsers

Switch to a browser that blocks third-party trackers and fingerprinting by default, such as Brave or Firefox with Enhanced Tracking Protection enabled. These browsers prevent advertising exchanges from collecting your location through web-based bidding requests.

6. Submit Opt-Out Requests to Known Location Data Brokers

Several major location data brokers offer opt-out mechanisms, though they are often buried deep in privacy policies. You can submit removal requests directly to companies like Kochava, Gravy Analytics, SafeGraph, Placer.ai, and Near Intelligence. Be prepared to provide identifying information to verify your identity — and be aware that data frequently reappears after removal because brokers re-ingest it from other sources in the ecosystem.

7. Disable Location Services When Not Actively Needed

The simplest and most effective measure is to turn off location services entirely when you are not actively using navigation or a location-dependent feature. On both iOS and Android, you can toggle location services off from the quick settings panel. This stops all apps and system services from accessing your GPS coordinates.

Building a Layered Defense

No single step eliminates location tracking entirely. The data broker ecosystem is too interconnected and too well-funded for any individual measure to be a complete solution. The most effective approach is a layered strategy: restrict app permissions, disable your advertising ID, use a VPN and privacy-focused browser, submit opt-out requests to known brokers, and pair those efforts with a service like PrivacyOn that handles ongoing monitoring and removal at scale.

Your physical movements are among the most intimate details of your life. Location data brokers have monetized those movements without meaningful consent — but the tools to push back are available, and using them consistently makes a real difference.