This is why location tracking is an absolute privacy nightmare

Location sharing on Android
Location sharing on Android (Image credit: Harish Jonnalagadda / Android Central)

I write a lot of words about location tracking and how it fits into our lives. Sometimes it can be a useful tool, but most of my words are about how bad it is and why tools that try to manage it are so important. Most times, someone asks me why it matters if an app knows where they are when they are using it.

I get it. For a lot of us, it's nice that we can see what's on clearance at Target if we have the app installed and then use it to find the closest location. Or Dick's Sporting Goods, or PetSmart or whatever store. It also can be nice for an app like Strava to map your rides or for Google Maps to show you where you have been. But like most things, if you give an inch, the app takes a mile.

Location tracking can be a good feature, but most of the time it's not.

Consider this article from the Financial Post. It's about the ways an app — in this case, the Tim Hortons app (opens in new tab) — can bundle all of your location data into one place to paint a very detailed picture of where, when and how you live your life.

That's not even the worst part. Tim Hortons might make good coffee, but the company isn't exactly known for its technological prowess. For things like in-app location monitoring, it uses outside partners to keep tabs on you. The partners specialize in what they do, in this case keeping close tabs on you, so it's very likely that other companies that realize the need to have a good smartphone app hire them as well.

This creates a scenario where multiple companies have access to detailed location data even if you've never installed their apps. In the Financial Post article, it's explained that Tim Hortons, Popeye's Chicken, and Burger King, which are owned by the same parent company, Restaurant Brands International, use a service branded as Radar Labs to ping the author's phone for its location every two to three minutes. We can't say for sure that Radar Labs is doing the right thing with our location data, but there is a very good chance that other apps from other brands use the service. This means that Radar Labs has even more data.

Remember to uninstall all those food delivery apps once we can leave our homes.

This is extremely relevant right now when most of us are ordering takeout from restaurants or food delivery services while we're stuck at home. If you don't let an app know your location, you can't use it to order food. And even if the app promises that it only uses location tracking while you're in it, the FP story shows that it can be misleading as the author was tracked even while on vacation in Morocco, well outside any area that Tim Hortons serves.

This is a privacy nightmare. There is no reason whatsoever that Tim Hortons — or Pizza Hut, or Facebook, or even Google Maps — needs to know where you are using exact longitude and latitude coordinates along with a time stamp. As we see from FP, this data can be parsed to "know" where you live, where you work, when you go to a baseball game, and even when you spend money with competing services.

Google needs to crack down on this, but Google is also a company that also tracks your location and serve ads, so...

This is why it's so important for you to clamp down on location access, and why Android 10's management of how it can be used by apps that you're not actively using is so important. Android 11 is going to make it even better by implementing one-time location permissions.

Bluetooth beacon-based tracking and your carrier's ability to know where you are at all times (and sell that information) is bad enough. Making a choice to let Tim Hortons or Popeye's Chicken follow you around all day and take detailed notes is just too much. When you see that notification asking for permission, think long and hard — and maybe delete the app.

Jerry Hildenbrand
Senior Editor — Google Ecosystem

Jerry is an amateur woodworker and struggling shade tree mechanic. There's nothing he can't take apart, but many things he can't reassemble. You'll find him writing and speaking his loud opinion on Android Central and occasionally on Twitter.

  • I keep location history off from google itself and only allow while in use apps that i want and deny any other. Also like you said Jerry no need to have apps install that you only use ever so often. Always uninstall apps you don't use.
  • I understand that people have privacy concerns, even though people can't seem to agree as to what privacy really means. I fail to see exactly why it is bad that taco bell knows my location at any given time, other than how dare they know that information. I'm in no way saying that they need to know this information, I just don't understand why people think the sky is falling if they do. I highly doubt a fast food store is going to send a hit man after you if you fail to report an pay for that extra item that they accidentally gave you. Convenience usually comes with some sort of sacrifice, in this case, knowing your location could possibly place that new Tim Hortons a block away instead of 2 miles away.
  • I actually completely and totally agree with you. I mean, I don't want to sound wierd but I really don't care that Google knows where I am at all the time.
  • You say that but when a Burger King tank comes your house to take you down because you're eating Nacho Fries instead of a Whopper, don't come crying to me.
  • I agree. You're right, they don't need to know, but t don't really care if they know. If anything, I feel like it could benefit in the end. With all of this location data out there, if I "fit the description", I should be able to get my hands on something that shows exactly where I was and for how long. More likely to benefit me than harm me.
  • It's sort of creepy that they have all this information about me but I don't know why that's particularly bad. If someone can explain how these companies having my location data harms me or the people around me then it would be more of a concern.
  • There's tracking and there's tracking. They're about to start testing a new app in Canada which doesn't tie itself to your identity - it generates a unique number which logs time/location and acts as sort of a Geiger counter if you've been near someone who has since tested positive. The code is on GitHub and so far the privacy people say it's good. Obviously time will tell but contact tracing is, apart from best practices, the best defense until a vaccine is develop.
  • "...but contact tracing is, apart from best practices, the best defense until a vaccine is develop." Yeah right and it is people like yourself that believe this stuff and who the author is trying to educate, no one, nothing, no how is anonymous anymore. None of this invasion of privacy routine will end well...then again who cares...right?
  • Sign into Google wave goodbye to privacy! 2 choices: be paranoid, or accept it!
    Seriously who really thinks anything is private or secure on the WORLD WIDE WEB? Personally I don't give it a second thought, not because I want my identity stealing or my accounts hacking but simply because I don't want to live in fear of 'what might happen'. If this attitude comes across as carefree or arrogant it's not meant to but I choose not to live my life in constant fear of things that may never happen (though admittedly could). I don't allow everything on my phone but mostly the convenience of typing in find this or that store or business near me and getting local results is more of a benefit than having to type in every specific detail to find what I'm looking for. Yeah I admit the internet has made us lazy but boy is it convenient when you looking for something.
  • Luckily I use /e/ from e foundation, which is ungoogled android and doesn't share data with Google. It also uses Mozilla location services instead of Google location services, and protects my data private. It is a must for everyone.
  • You substituted Google with Mozilla, so Mozilla knows all your location info. What's changed? Nothing.
  • You don't have to send data to Mozilla and Google has too many ways to track you.
  • "Android 11 is going to make it even better" - Great, but my Android devices are on v8 to v10, and unlikely to make it to v11.
  • This is exactly why I order things through websites and not through the app.
  • The app permission improvements in Android 11 is welcome, but I'll be on Android 9 for at least two more years. Big, big mobile improvements are about three years away (Eg. Six camera patent reported elsewhere). I don't want multiple apps pinging my location & keeping my phone busy, and a free coffee every 7 trips or so to Tim Hortons? I can't be bothered, so I don't use loyalty apps. Airmiles & grocery store loyalty physical cards are the extent to my data sharing. I do leave Google Maps location and timeline active. The history, all neatly organizationed by day and month act like a automatic daily journal for me. Sound crazy? Of course not. Google maps replaced the telephone directory for businesses, linked to your contacts you get map directions quickly (turn by turn directions to my watch), the list goes on and on. I also accept Google reads my emails, knows my contacts, saved browsing autofill passwords, etc.... Being online provides so much convenience, I'm not a criminal, so I have nothing to hide. Nobody at Google cares about my location patterns, they just want to sell me stuff... But I turned off ads personally tailored for me, because I don't value the marketing. Where I do draw the line is I won't share mobile phone diagnostic data with either my mobile manufacturer or Google, nor will I keep an 'open microphone' on via personal assistants like Siri, Alexa, and whatever Google calls their service. Where I believe the financial threat exists is buying online. The websites that take your information are not secure and credit card theft is a huge problem. I recommend using a bank card you load up with cash... Or pay very close attention to your credit card when it nears expiry... That's a very common time credit card theft occurs... You may have been compromised a year or two earlier, but they thiefs will hold onto your info and strike late.... I've talked to my credit card security team about it...
  • This is why I use Apple Pay. Apple doesn't share my credit card number with the business I am buying from. I am assuming Google Pay is the same way. But I agree that is a bigger issue with me than my location data. However if I knew exactly what these companies knew about me I might change my mind.
  • I avoid all those individual apps for retailers, but I do keep Google location tracking on most of the time. Or at least I used to before the pandemic. It helped me track work mileage and site visit sequence.
  • I don't allow the likes of Facebook, Instagram or Twitter to track my location and I would rather Google didn't track my location either but there's no point in turning it off because Google still tracks you anyway which isn't fair, at least Apple doesn't do this when you turn off location services on iPhone and iOS.
  • Google solved this issue in the latest Android versions by allowing you to set location only when the app is in use. And YES you do want Popeye's to know where you live if you are trying to get them to deliver to you or show you the nearest store while driving. I think the problem with privacy is too many people don't control their devices and prefer their devices control them instead!