Imagine it is 7:00 am. Your alarm wakes you up, and half-asleep, you reach for your phone. Since then, the tracking of your activities has started.
Every day, while commuting to work, settling into your work desk, then going out for lunch or meetings, you click, tap, type, and swipe on your smartphone. All the time, companies are tracking you and targeting you with every new step you take.
However, none of them are voyeurs or hackers. But people who make money by paying minute attention to your every move, then firing ads, designed for those moments, only for you.
The dozens of apps on our smartphones, most of them are free. However, they ascertain our whereabouts based on our phones’ GPS and sell our geolocation data to digital marketers. Unlike conventional ads such as tv or prints, location-based marketing has the benefit of knowing where we are, with whom we are with, and whether their ads are working or not.
Geo Targeted mobile marketing is among the rapidly growing ads and one of the most controversial forms of advertising (1).
It has arisen because:
- More of use now use on-demand viewing and streaming serviced and watch far fewer tv ads
- Most of us always carry our phones
In short, digital marketers seized the opportunity to gather and sell our geolocation data – what we do, where we go, and what we may purchase.
In a recent study, Rick Ducey, a BIA Advisory Services’ digital strategy adviser (2), stated,
“Where you go is who you are.”
And if we take our time to think about it, even if we don’t share our address, profession, or what we purchased, most of this data can be gleaned from the places we frequently visit.
It can include our daily visits to the gym, our tall office tower, wandering into different stores on a break. Each of our pinpoints on the map of our days helps create a profile that these companies then use to serve us ads (3, 4).
Every smartphone has a GPS and WI-Fi chip installed. Our smartphones constantly ping the nearest cellular data tower.
And based on how long our phone has been still, digital marketers know where we sleep and where we most likely live.
And based on all our data, they can also infer our income level.
They know what apps we have on our phones, our recently viewed content, and they constantly share this information with marketing companies.
And those companies then pair data about our interests with income level and target us the minute if we look at our phones again.
For instance, if you live in a posh suburb, you may be targeted with luxury and premium products ads.
It is highly likely for your smartphone to send your precise location right now.
In short, their job is to turn your every doctor’s visit or shopping trip into “Big Data.”
The Location Data Industry
According to an estimate, the location data industry is worth 12 billion USD (5).
There are several players in this industry:
- Location intelligence companies
And all of them boast about the precision and scale of the data they have gathered.
Near, a location company calls itself “The World’s largest dataset of people’s behavior in the real world,” with data representing more than 1.6 billion people across 44 nations.
Another location firm, Mobilewalla, boasts “over 40 nations, more than 1.9 billion devices, 50 billion daily mobile signals, and over five years of data.” Another similar platform, X-Mode, claims to have data of over 25% of the adult US population a month.
The Markup found 47 companies that amass, sell, or trade the mobile phone location data to shed light on this industry (6).
Here is the list of 47 players in the location data industry found by The Markup:
- Amass Insights
- Amazon AWS Data Exchange
- Anomaly 6
- Babel Street
- Gravy Analytics
- Huq Industries
- InMarket NinthDecimal
- Kochava Collective
- Predik Data-Driven
- Reveal Mobile
- X-Mode (Outlogic)
While the study may not be comprehensive, it does paint a picture of the related businesses that do everything from offering code to app developers to monetize user data and offer analytics from more than 1.9 billion devices and database access to hundreds of millions of people worldwide (7, 8).
Notably, six of these companies have claimed to have over a billion devices data, and four claimed their data as the “most accurate” in the industry.
“There is not a lot of transparency but a complex, shadowy web of interactions between these businesses that are hard to untangle,” stated Justin Sherman from Duke Tech Policy Lab.
Sherman explained, “These companies operate on the fact that the general people and police in Washington and other regulatory offices are not paying attention to what they are doing.”
Occasionally, some stories get published on this industry’s invasions. Last year, Motherboard reported how X-Mode, a company collecting data via apps, collects data from Muslim prayer apps and sells it to military contractors (9). In 2020, the Wall Street Journal also reported how Venntel, a local data provider, sold users’ location data to federal officials for immigration enforcement (10).
Many companies promise data privacy as a center of their businesses and how they never sell users’ information. However, studies have proven how deceptive those claims can be (11).
In reality, it can not be easy to know how you are being tracked and your data being traded. Businesses often reveal little about which apps serve as the sources of data they collect, what that data includes, and how far it goes.
How They Get Your Data
The most common way these companies get your data is via YOU – the user. Often you start the location data pipeline when you allow an app to access your location data.
Of course, not all apps use your location data for malicious purposes. For instance, Google maps need to know where you are to give you the right direction towards your destination. Your food delivery app needs to know your location so they can deliver you your food.
The same goes for weather apps or how a video streaming service needs to know where you are located to ensure a license to stream certain shows in your nation or state.
But we can’t be sure which of these apps would end up selling your location data to companies that analyze your data and sell your insights. For instance, companies like Advan Research or Adsquare purchase or gather location data from applications to aggregate it with other data sources.
Then real estate companies or businesses related to retail or hedge funds may use the data for their advertising, investment strategizing, analytics, or any other marketing purpose.
“When an app asks for location, there is usually never a disclosure that states the data would be limited to a certain purpose,” stated Serge Egelman, a researcher at UC Berkeley’s International Computer Science Institute and AppCensus CTO (12).
According to The MarkUp, they asked a spokesperson from all 47 companies on their list where they obtained the location data.
Companies like Cuebiq and Adsquare told The Markup that they don’t disclose what apps they publicly obtain location data for a competitive advantage. However, they stated that their process of getting location data was transparent and with users’ consent. (It is worth highlighting here that most users don’t read privacy policies.)
The CEO of a location analytics firm, Advan Research, Yiannis Tsiounis (13), stated his companies purchase it from location data aggregators who collect the data from thousands of apps. But again, he also didn’t disclose which ones.
There is only one company, Foursquare, whose spokesperson, Ashley Dawkins, named any specific apps, Foursquare’s own products like Rewards, CityGuide, and Swarm as a source of its location data trove.
Notably, Foursquare also makes a free SDK, software development kit, a set of prebuild tools developers can use to create their apps. There are chances to track the location of users via any apps that use the kit.
According to Foursquare, its Pilgrim SDK is used in multiple apps, including GasBuddy, Flipp, and Checkout 51 (14). There has been no response from GasBuddy, Flipp, and Checkout 51 to requests from The Markup. However, they have disclosed in their privacy policies that they share location information with the company.
As per a search on Mighty Signal, a platform that tracks and analyzes SDKs in apps, FourSquar’s Pilgrim SDK is in 26 Android apps (15).
The way Foursquare obtains location data via an embedded SDK is a common practice in the industry. Out of the 47 companies identified by The Markup, at least 12 advertised SDKs to app developers that can send them location data for services or monetary benefits.
Placer.ai claims that it does foot traffic analysis in its marketing, and its SDK is installed in over 500 apps, with insights on over 20 million devices (16).
The Location Data Marketplace
Once your location data is collected from an app, it would enter the location data marketplace, where companies can repeatedly sell it. It can include anyone from data providers to aggregators that resells your information to multiple other businesses.
Your data can even end up in the hands of a “location intelligence” company that uses raw data to analyze foot traffic for any shopping area and its visitors’ demographics. Or a hedge fund that is looking to gain insights into how many people are visiting certain stores.
Some of these data marketplaces are part of well-known businesses such as Amazon’s AWS Data Exchange and Data Marketplace of Oracle, which lists and sells all kinds of data – not limited to only location data.
Oracle claims its listing as the “world’s most significant third-party data marketplace” for targeted ads. Whereas Amazon boasts that its listing “makes it easy for businesses to easily find, subscribe, and use third-party data in the cloud.”
Notably, both marketplaces feature listings of many of the location data companies examined by The Markup.
Claude Shy, Amazon’s spokesperson, stated that data providers have to explain how they have gained users’ consent for data and their monitoring process for people with the data they buy.
“Only qualified data providers can access AWS Data Exchange. And there is a rigorous application process for potential data providers,” affirmed Shy.
There is no comment from Oracle.
Companies like Narrative claimed that they only connect data sellers and buyers via their platform.
According to Nick Jordan, the CEO of Narrative, the company does not even look at the data itself. The website only lists location data providers like Complementics and SafeGraph with over two billion mobile ad IDs to purchase from (17).
“There are a number of companies that use our platform to obtain or monetize location data. However, we don’t have any rights to it. We don’t purchase or sell it,” elaborated Jordan.
All in all, the industry is massive. To give a sense of how big, consider this, Amass Insights has more than 320 location data providers listed on its directory, stated its CEO, Jordan Hauer.
He further added that while the company doesn’t directly collect or sell any data, hedge funds pay the company to guide them in numerous location data firms. “It is because the most inefficient part of the entire process is not delivering the data. It is finding the right data. You have to make sure that it is compliant, has value, and exactly what the provider claims it is.”
How These Companies Use Your Data?
As we mentioned earlier, there are plenty of buyers for location data. It can include investors gaining insights on market trends or track activities of their competitors, politicians for their campaigns, retail stores keeping tabs on their customers, law enforcement officials, and many others.
There are various examples of how businesses have used geolocation data for their benefit.
One example includes using location data from Thasos Group to measure the number of workers taking extra shifts at Tesla plants (18). Another example is how Burger King ran a promotion back in 2018, where it gave a Whopper for one cent if a customer’s phone was within 600 ft of a Mcdonald’s (19).
And the offerings are also diverse.
For instance, Advan Research uses historical geolocation data to tell its customers where their visitors come from and guess their race, income, and interest-based on where they have been.
“For example, we know the average income of certain neighborhoods via census data. However, there are two devices, one going to Walmart and Dollar General, and another visiting Tiffany’s and a BMW dealer, so they are probably better off financially,” said Tsiounis of Advan Research.
Others blend the location data with other information gathered from users’ online activities. Complementics, for example, offers location data in tandem with cross-device data for targeted ads (20).
Are There Any Limits to Who Can Purchase Your Data?
First of all, the prices of these datasets can be pretty steep.
X-Mode, now known as Outlogic, offers a location dataset license titled “Cyber Security Location Data” on Datarade for over 24k USD a year (21). The listing states, “Outlogic’s granular and accurate location data is collected directly from the GPS of a mobile phone.”
As of now, there are only limited, if any, rules limiting who can purchase your data.
Duke Tech Policy Lab’s Sherman published a report this August (22); it unveiled that data brokers advertise people’s location information based on their political beliefs and even data of people working for the US government and military.
“There is virtually nothing in the US preventing an American firm from selling data on two million service members to, let’s say, some Chinese company which is only a front for the Chinese government,” stated Sherman.
When it comes to the GDPR, General Data Protection Regulation of the European Union, it is comparatively stricter requirements for notifying users if their data is transferred or processed (23).
We believe it is unrealistic to expect consumers to hunt down companies and insist they delete their data. It is extremely challenging to do so.
So, Now What?
The two companies that are in the best position to control the location data industry, if you have not already guessed, are Apple and Google.
These companies have control over their respective app stores, hence potentially controlling the data market, stated Egelman from AppCensus.
While both Apple and Google have recently banned developers from using location-reporting SDKs (24), according to researchers, SDKs of companies are still making their way into Google Play Store (25).
There has been no response from Apple.
Scott Westover, a Google spokesperson, stated in an email, “The Google Play team is always working to strengthen privacy protection via both policy and product improvements. If we find apps or SDK providers violating our policies, we take action.”
“While the tech giants are moving in the right direction, they still need a real plan to protect users’ privacy and safety from these malicious apps,” stated Wyden.
Data privacy is also a key issue in India.
Till things get better, make sure to opt-out of app tracking altogether!