Smartphone location data can be used to identify and track anyone

In today’s smartphone economy, hiding your location has become a major challenge.

At any moment, someone knows where you are, or have been, and they might even be able to work out where you will go next.

The work of government? Google? Advertising companies? Or perhaps Facebook, which this week was hauled up by US Senators who think the company is tracking smartphone users locations despite having apparently promised not to?

While these might be tracking your location, according to the New York Times Privacy Project it’s the entities nobody has heard of that should perhaps worry us more.

Its researchers know this, they say, because earlier this year the NYT’s Privacy Project got its hands on a large data set leaked to it by unnamed sources from a “data location company.”

The data contains 50 billion location pings generated by the smartphones of 12 million Americans in cities including New York, Washington, New York, San Francisco, and Los Angeles during 2016 and 2017.

This looks like a first. To date, almost all that is known about how location data is collected and used is based on the capabilities of the technology and inferences made from the business models of the companies concerned.

The research demonstrates what’s really going in new detail. One way to understand it is to view the visuals generated by the NYT to explore the deeper patterns it can be coaxed into revealing.

For instance, the activity map showing a “senior Defense Department official and his wife” as they attended the Women’s March in 2017.

In another example, the researchers were able to pick on a random smartphone spotted in Central Park and track the owner’s entire movement history across New York over a period of up to two years.

Following the movements of defence officials, police officers, lawyers? No problem. They even traced smartphone pings from workers inside the Pentagon.

One search turned up more than a dozen people visiting the Playboy Mansion, some overnight. Without much effort we spotted visitors to the estates of Johnny Depp, Tiger Woods and Arnold Schwarzenegger, connecting the devices’ owners to the residences indefinitely.


Takeaway number one is that very few people realise how much can be inferred about someone, including people that hackers might be very interested in, simply by noticing the location of their smartphone through time.

A second is that this data doesn’t appear to be as anonymous as companies claim. Indeed, if this evidence is held across large numbers of smartphone users, one might even conclude that the anonymity defence is somewhere between evasion and an outright lie.

The company whose data was studied isn’t named but the NYT offers a list of companies which it says are in the same location data business. The data is collected using GPS, but also via other sources such as Bluetooth beacons (small sensors hidden in stores and malls) and, presumably, Wi-FI and cell base station proximity.

Some companies say they don’t sell data but because there’s little regulation to stand in the way of this beyond privacy policies few read it’s impossible to be sure – the data is privately collected and, in the US at least, private property.

Short of turning off a smartphone for long periods, or not carrying one, it’s probably impossible to stop all tracking, even using the facilities provided in mobile operating systems.

Similarly, turning off GPS, Wi-Fi, mobile data, Bluetooth, and NFC isn’t exactly going to make someone’s smartphone more useful.

But before people get to that stage, they need to know that location data has become the sort of problem that could define the next 10 years of privacy arguments.