How To Find Out Which Apps Are Selling Your Location Data?
Your phone knows where you sleep, work, pray, and visit the doctor. Many apps on your device collect this location information every day. They often sell it to third parties without you ever knowing.
The good news is that you can take control. Your phone has built in tools that show exactly which apps access your location. You can check what data apps collect before you install them. You can block trackers and delete identifiers that connect your data across companies.
This guide will walk you through every step. You will learn how to audit your apps, read privacy labels, disable ad tracking, and clean up your digital footprint. No technical skills are required. Let’s get started.
Key Takeaways
- Your phone gives you full visibility into which apps access your location. Both iPhone and Android have settings menus that list every app with location permission. You can see the exact access level each app has and revoke it instantly.
- App Store privacy labels reveal data collection before you install. Apple and Google require developers to disclose what data they collect and whether they share it with third parties. Check these labels before downloading any new app.
- Disabling your advertising ID stops cross-app tracking. The Identifier for Advertisers (IDFA) on iPhone and the Advertising ID on Android act as a bridge that connects your data across apps. Turn it off to break this chain.
- The FTC has taken action against major data brokers that sold location data from apps without proper consent. Knowing which companies are involved helps you understand the risk and avoid apps that feed data to them.
- You can use privacy focused alternatives for maps, browsers, and messaging. These apps respect your data and do not sell your location to third parties.
- Regular audits keep your privacy intact. Set a monthly reminder to review app permissions, delete unused apps, and check your privacy report. Small habits make a big difference.
1. Understand Why Apps Collect and Sell Your Location
Apps collect location data for two main reasons. The first reason is functional. Navigation apps need your location to give directions. Weather apps use it to show local forecasts. Ride sharing apps need it to send a driver.
The second reason is profit. Many free apps make money by collecting your data and selling it. They embed third party code called Software Development Kits (SDKs) inside the app. These SDKs broadcast your location to advertising networks and data brokers in real time. You never see this happen.
Data brokers like Acxiom, Experian, and Oracle data services buy this location information. They combine it with other data points like your browsing history, purchase records, and demographic details. The result is a detailed profile about your life. This profile reveals where you live, where you work, your daily routines, and the places you visit.
The FTC has documented alarming cases. In December 2024, the agency took action against Gravy Analytics and its subsidiary Venntel. These companies collected over 17 billion location signals from about a billion mobile devices every day. They used geofencing to identify people who visited medical facilities, religious organizations, and military installations. They sold this data without meaningful consent.
Pros of understanding this ecosystem: You gain awareness of the scale of the problem. You can make informed choices about which apps to trust.
Cons of the current system: The location data industry operates with little transparency. Most users never read privacy policies. The default settings usually favor data collection.
2. Audit Your Current App Location Permissions
The first practical step is to check which apps currently have access to your location. This takes less than five minutes.
On iPhone: Go to Settings, then tap Privacy & Security, then tap Location Services. You will see a complete list of every app that has ever requested your location. Each app shows its current permission level: Never, Ask Next Time, While Using the App, or Always. Next to each app name, a small arrow indicates whether the app has recently used your location. A purple arrow means the app used your location recently. A gray arrow means it used your location in the last 24 hours. A hollow arrow means the app uses a geofence.
On Android: Open the Settings app. Tap Location, then tap App location permissions. You will see a list of all apps sorted by permission level: Allowed all the time, Allowed only while in use, and Not allowed. Tap any app to change its permission.
Look for apps that say “Always” but do not need constant location access. A food delivery app does not need your location when you are not ordering. A social media app does not need to track you around the clock. Change these to “While Using the App” immediately. For apps you rarely use, set the permission to “Never” or “Ask Next Time.”
Pros of a manual audit: It is free, fast, and built into every phone. You do not need any extra software.
Cons of a manual audit: You must remember to do it regularly. Apps may request location again after updates. The list does not show which apps sell your data, only which ones access it.
3. Check App Store Privacy Labels Before You Install
Both Apple and Google now require developers to disclose their data collection practices. These disclosures appear on the app’s store page as Privacy Labels. You should read them before you ever tap the Install button.
On the Apple App Store: Search for any app and scroll down to the App Privacy section. You will see three categories: Data Used to Track You, Data Linked to You, and Data Not Linked to You. Tap “See Details” for a full breakdown. Look specifically for “Location” under any category. If you see “Precise Location” listed under “Data Used to Track You,” that app actively tracks your location across other apps and websites.
On Google Play Store: Open an app’s page and look for the Data safety section. Google shows what data the app collects and whether it is shared with third parties. Tap the arrow to expand the details. Check if location data appears under “Data shared” or “Data collected.”
Pay special attention to apps that collect location data for “Analytics” or “Advertising.” These are the categories most likely to feed your location to data brokers. If a calculator app or a flashlight app asks for location access, that is a clear red flag. Avoid these apps entirely.
Research by NSoft found that many popular apps collect far more data than they need. Apps like Candy Crush Saga, Duolingo, and Roblox collect location and device data. Meta apps including Facebook, Instagram, Messenger, and Threads share about 69 percent of collected data with third parties.
Pros of reading privacy labels: You get transparency before any data is collected. You can compare similar apps and choose the one with better privacy practices.
Cons of privacy labels: Companies self report this information. They may misclassify or omit certain data points. The labels do not tell you the names of the third parties receiving your data.
4. Enable and Use the App Privacy Report on iPhone
Apple introduced the App Privacy Report in iOS 15.2. This tool shows you exactly what your apps are doing in the background. It reveals which apps access your location, camera, microphone, and contacts. It also shows the web domains that apps contact without your knowledge.
To enable it, go to Settings, then tap Privacy & Security. Scroll down and tap App Privacy Report. Tap “Turn On App Privacy Report.” The report starts collecting data immediately. Over the next few days, check the report to see patterns emerge.
The report has several sections. Data & Sensor Access shows how many times each app accessed your location, photos, camera, microphone, and contacts in the past 7 days. Tap any app to see a timeline of access. If you see an app accessing your location at 3 AM when you are asleep, that app is likely collecting data in the background for sale.
App Network Activity shows the domains that apps contact. These are often advertising networks and analytics services. Look for domain names you do not recognize. Common tracking domains include names containing “analytics,” “track,” “ads,” or “metrics.” If a simple game contacts 20 different domains, many of those are likely data brokers or ad networks.
Most Contacted Domains lists the top domains across all your apps. This gives you a quick view of which tracking services are most active on your phone.
Pros of the App Privacy Report: It provides concrete evidence of tracking behavior. You see real data about your own device rather than general warnings.
Cons of the App Privacy Report: It only shows activity after you enable it. Past tracking is not visible. It requires basic interpretation skills to identify suspicious domains.
5. Deploy App Tracking Protection on Android
Android users do not have a built in equivalent of Apple’s App Privacy Report that blocks third party trackers. However, you can add this protection with privacy focused apps.
The DuckDuckGo browser for Android includes a feature called App Tracking Protection. This tool blocks third party trackers inside all your other apps, even when you are not actively using the DuckDuckGo browser. It works by creating a local VPN connection on your device. All app traffic passes through a filter that blocks known tracking domains.
To enable it, install the DuckDuckGo browser from the Google Play Store. Open the app, go to Settings, and toggle on App Tracking Protection. You will see a real time count of how many tracking attempts have been blocked. The report shows which apps tried to send data and which trackers were blocked.
The report is eye opening. Many users discover that a single app tries to contact dozens of tracking services every day. DuckDuckGo maintains a list of known trackers and updates it automatically.
Other Android tools can also help. The NetGuard firewall app lets you block internet access for specific apps entirely. The Exodus Privacy website allows you to search for any Android app and see a report of all embedded trackers before you install it.
Pros of App Tracking Protection: It works silently in the background. You get a clear report of blocked trackers. It works across all your apps without per app configuration.
Cons of App Tracking Protection: It uses a local VPN slot, so you cannot use a traditional VPN at the same time (unless you use a VPN that supports split tunneling). Some apps may behave differently if their trackers are blocked.
6. Delete or Reset Your Advertising Identifier
The advertising ID is the secret key that ties all your data together. On iPhone it is called the Identifier for Advertisers or IDFA. On Android it is called the Advertising ID or AAID. Every app on your phone can access this identifier by default. Data brokers use it to connect your location data from one app with your browsing data from another app. This creates a unified profile of your behavior.
Disabling this identifier is one of the most impactful privacy actions you can take. Facebook estimated that Apple’s App Tracking Transparency feature, which blocks IDFA access, would reduce the company’s sales by 10 billion dollars. That figure shows how valuable this identifier is to the tracking industry.
On iPhone: Go to Settings, then Privacy & Security, then Tracking. Turn off “Allow Apps to Request to Track.” This prevents any new app from asking for your IDFA. If you previously allowed some apps to track you, revoke those permissions individually. Also go to Settings, Privacy & Security, then Apple Advertising. Turn off “Personalized Ads” to disable Apple’s own ad targeting system.
On Android: Go to Settings, then Privacy, then Ads. Tap “Delete advertising ID.” Confirm the deletion. Your phone will generate a new identifier, but it will be a string of zeros that cannot be used for tracking. If your Android version does not show a delete option, go to Settings, Google, then Ads. Turn off “Opt out of Ads Personalization” and tap “Reset advertising ID.”
Pros of disabling the ad ID: It breaks the chain that data brokers use to connect your data across apps. It is a one time setting that protects you continuously.
Cons of disabling the ad ID: You will still see ads. They will just be less relevant to your interests. Some apps may show you more frequent ads to compensate for reduced targeting revenue.
7. Review and Remove Apps You No Longer Use
Every unused app on your phone is a potential data leak. Even if you have not opened an app in months, it may still collect location data in the background. Old apps also have outdated privacy policies that may have changed in ways you never noticed.
Set aside 10 minutes to scroll through your app drawer. Delete any app you have not used in the last 30 days. If you ever need the app again, you can reinstall it. The data collection stops the moment you delete the app.
Pay special attention to these categories: flashlight apps, QR code scanners, keyboard apps, weather apps from unknown developers, free games with ads, and calculator apps. These types of apps frequently request permissions they do not need. Their entire business model depends on collecting data and selling it.
If you cannot delete an app because you use it occasionally, consider using the web version instead. Many services like Facebook, Instagram, Uber, and Amazon work perfectly well in a mobile browser. Browser versions cannot access your location in the background. They cannot read your sensor data or contact list.
The mobile browser versions also collect less data. They cannot see what other apps you have installed. They cannot access your advertising ID. They cannot run in the background when you close the tab.
Pros of deleting unused apps: It frees up storage space. It reduces battery drain from background processes. It eliminates potential data leaks from apps you forgot about.
Cons of deleting apps: You lose offline access to some services. You may need to log in again if you reinstall. Some apps save data locally that you will lose upon deletion.
8. Read Privacy Policies for Location Sharing Clues
Privacy policies are long and boring. Most people skip them. But these documents contain the actual truth about what an app does with your location. You just need to know what to look for.
Search the privacy policy for specific keywords. Press Ctrl+F or use your browser’s “Find on Page” function to search for: “location,” “geolocation,” “precise location,” “third party,” “data broker,” “sell,” “share,” “advertising,” “analytics,” and “partners.”
Look for phrases like “we may share your information with our advertising partners” or “we may disclose your location data to third party service providers.” These phrases typically mean your location is being sold.
A legitimate privacy policy will clearly state what location data is collected, how it is used, and exactly who receives it. A vague policy that says “we may share data with affiliates and partners” without naming specific companies is a warning sign.
Some apps have separate pages for “Data Sharing” or “Cookie and Tracking Policies.” Check those pages as well. Some companies bury their data selling disclosures outside the main privacy policy.
Pros of reading privacy policies: You get the legally binding truth about data practices. You can identify specific data brokers that receive your information.
Cons of reading privacy policies: They are intentionally long and complex. Companies use legal language to obscure what they actually do. Policies change without notice.
9. Use Privacy Focused Alternatives for Essential Apps
You do not need to give up convenience to protect your location. Many privacy respecting alternatives exist for popular apps. These alternatives do not collect your data or sell it to brokers.
For maps, consider Organic Maps or OsmAnd instead of Google Maps. These apps use OpenStreetMap data and work fully offline. They do not track your location or share it with anyone. The trade off is that you may not get real time traffic data.
For messaging, use Signal instead of WhatsApp or Facebook Messenger. Signal encrypts everything end to end. It collects almost no metadata. It does not know your location. WhatsApp uses the same encryption protocol but collects more metadata and shares it with Meta.
For browsing, use Brave or Firefox Focus instead of Chrome. These browsers block trackers by default. They do not link your browsing to a persistent identity. Brave also blocks ads and tracking scripts automatically.
For email, Proton Mail or Tutanota offer encrypted email without scanning your messages for advertising data. Gmail reads every email you send and receive to build an advertising profile.
For search, use DuckDuckGo instead of Google. It does not store your search history or link searches to your identity.
Pros of privacy alternatives: You keep full functionality without sacrificing your data. Many of these apps are free and open source.
Cons of privacy alternatives: Some may have fewer features than mainstream apps. You may need to convince friends and family to switch messaging apps with you. Some services lack the network effects of larger platforms.
10. Block Trackers at the Network Level
You can add a second layer of protection by blocking trackers before they reach your apps. This works at the DNS level, meaning it filters all traffic leaving your device.
A DNS filter like NextDNS or AdGuard DNS lets you block connections to known tracking domains. You configure it once in your phone’s network settings. After that, every app on your device is prevented from contacting thousands of tracking servers. This includes location data brokers, ad networks, and analytics services.
To set up NextDNS, visit their website and create a free account. Choose the blocklists you want to enable. The “Ad & Tracker Blocklist” and “Native Tracking Protection” lists are good starting points. Then enter the custom DNS address into your phone’s network settings. The whole process takes about five minutes.
This method blocks tracking across all apps simultaneously. Even if an app tries to send your location to a data broker, the connection will fail. The app cannot bypass the DNS filter because it operates at the operating system level.
Pros of network level blocking: It covers all apps without per app configuration. It blocks trackers you did not know existed. It works on both WiFi and mobile data.
Cons of network level blocking: Some legitimate services may break if their tracking domains are also blocked. You may need to whitelist certain domains. It requires a small amount of technical setup.
11. Opt Out of Data Brokers That Hold Your Location History
Even after you secure your phone, data brokers may still hold years of your location history. These companies bought your data from apps long before you took action. You have the right to request that they delete it.
The California Consumer Privacy Act (CCPA) gives California residents the right to opt out of data sales. Many data brokers extend these rights to all US residents to simplify compliance. The California Privacy Protection Agency has a tool called the Data Broker Delete Request and Opt Out Platform or DROP. This tool lets you send deletion requests to multiple data brokers from one website.
Major data brokers to contact include Acxiom, Experian, Oracle, Epsilon, and CoreLogic. Each has a privacy page with opt out instructions. The process involves filling out a form with your name, email, and sometimes proof of identity.
The FTC also finalized orders against Gravy Analytics, Venntel, and Mobilewalla. These companies are now required to delete historic location data. If your location was in their databases, these FTC actions help protect you retroactively.
Pros of opting out of data brokers: It cleans up past data collection. It reduces the amount of information available about you on the open market.
Cons of the opt out process: It is time consuming. You must contact each broker individually. Some brokers make the process intentionally difficult. New brokers appear constantly. You need to repeat the process periodically.
12. Build Long Term Habits That Protect Your Location Privacy
Privacy is not a one time fix. It is an ongoing practice. Building a few simple habits will keep your location data protected over time.
First, set a monthly calendar reminder to audit your app permissions. It takes five minutes. Check your Location Services list. Revoke permissions from any app that does not need them. Delete apps you have not used.
Second, before installing any new app, spend 30 seconds reading the privacy label. If the app collects location data and you do not understand why, choose a different app. There is almost always a privacy respecting alternative.
Third, keep your operating system updated. Apple and Google regularly release updates that tighten privacy controls. Each update may introduce new tools, like the App Privacy Report on iPhone or the ability to delete your advertising ID on Android.
Fourth, teach your family and friends. Children’s apps are notorious for excessive data collection. Research by SafetyDetectives found that 70 percent of popular kids apps collect identifying information. More than half share that data with third parties. Help parents check their children’s app permissions.
Fifth, support stronger privacy laws. The FTC has taken action against data brokers, but regulatory enforcement can only do so much. Stronger state and federal privacy laws give you more rights and make it harder for companies to exploit your data.
Pros of building habits: Privacy becomes automatic rather than something you have to think about. Small consistent actions compound into strong protection.
Cons of the habit approach: It requires discipline. It is easy to forget and let permissions pile up over months. But a simple monthly reminder solves this problem.
FAQs
Can apps still track my location if I turn off GPS?
Yes. Even when GPS is disabled, apps can estimate your location using nearby WiFi networks and cell towers. They can also use Bluetooth beacons in stores and public spaces. Turning off GPS reduces precision but does not eliminate location tracking entirely. To fully stop location access, you must revoke the app’s permission in your phone’s settings.
Do paid apps sell my location data too?
Some do. Paying for an app does not guarantee that your data is safe. Always check the privacy label and policy even for paid apps. Some paid apps have subscription models that make money, but others may still collect and sell data as an additional revenue stream.
How do I know if a specific app has sold my location?
You usually cannot know for certain. Apps do not notify you when they sell your data. The best clues are the App Privacy Report on iPhone, which shows network activity, and the DuckDuckGo App Tracking Protection on Android, which shows blocked trackers. If you see an app contacting advertising or analytics domains, your data is likely being shared.
Does using a VPN stop apps from collecting my location?
No. A VPN hides your IP address and encrypts your internet traffic. It does not block GPS, WiFi based location, or Bluetooth tracking. Apps can still access your precise location through your phone’s hardware. However, a VPN with tracker blocking features like NetShield on Proton VPN can block connections to known tracking servers.
What are the most invasive apps I should avoid?
Research by NSoft and PCMag identified several categories of data hungry apps. Social media apps like Facebook, Instagram, Messenger, and Threads share about 69 percent of collected data with third parties. Google apps including Google Maps, Gmail, and Google Pay collect significant data. Weather apps, free games, and shopping apps like Amazon and Temu also collect extensive location data. Always check the privacy label before installing.
Can law enforcement access my location data from apps?
Yes. Location data sold to data brokers can be purchased by government agencies. The FTC complaint against Gravy Analytics noted that the company sold location data for government uses. Some data brokers have sold location information to law enforcement and military agencies without warrants. This is one reason why limiting data collection matters.
How often should I audit my app permissions?
Once a month is ideal. Set a recurring calendar reminder. A monthly audit takes about five minutes and ensures that no app has gained location access without your knowledge. Many apps request new permissions after updates, so regular checks catch these changes.
Hi, I’m Simmy — the creator and writer behind ScaleMyPic.com. I’m a tech enthusiast who loves breaking down complex products into simple, honest reviews and guides. My goal? To help you make smarter tech decisions without the confusion. Got a question? Feel free to reach out!
