A question mark in a ball (datacurious logo)


Cassia Artanegara
January 28, 2021

Is my phone collecting my location once, while in use, or all the time?

Illustration for undefined

It’s probably not news to you that our phones can track our locations and share them with third parties. But what exact information about our location is being tracked and shared, and what does that information reveal about us and our lives?

Basically, there are three different types of mobile location tracking:

Single location data points

Single location data point is one-time access, right now. When an app has permission to collect your data just once, it can get precise GPS coordinates for where your device is at that moment, like this:

In this example, a single data point, Point A, could reveal that Jane’s phone (and since most of us are glued to our phones, we can assume Jane herself) was at GPS coordinate 38.8976997, -77.0365532 on January 4, 2021 at 10:28 AM. The app might be able to infer the location and why Jane was there, but the app won’t know the significance of the location: Does Jane live there or nearby, is she on vacation from out of town, or is she in the midst of an out-of-the-ordinary trip? In other words, a limited amount of information is available based on one location point and timestamp.

The implications of single location data points depend on where you were, which app you were using, and how you feel about creating a record that you visited the location. Were you at a grocery store? Were you where you work? Were you at a health clinic? Were you at your house? Which app were you using? Do you want that app to have a record that you were at that place? Everything depends on how you feel letting your app know where you were for a single moment in time. Sometimes it feels fine, sometimes it’s kinda weird.

One-off traces

A one-off trace doesn’t sound exactly like its “one-off” name would imply. One-off traces poll and record your phone’s location over a finite period of time while the app is actively being used (in the foreground, that is: the app that you have open at the moment). An example would be a running app that tracks Jane’s location while she’s out on a run, like this:

Some mobile devices use a blue bar at the top of the screen to communicate that a one-off trace is happening over a period of time. With this information, whoever collected the data would know the route Jane followed, how long it took her to complete this route (and could further deduce perhaps, the mode of her transportation), whether the speed at which she completed it was slower or faster than the average speed of completion, etc. Through one-off traces, apps can learn quite a bit about your habits and the areas you frequent (“ooh! Jane goes for one-hour runs in Alameda two days a week!”), and use that information to make inferences about who you are (“she must live near Alameda and want to see targeted ads about restaurants there”).

Persistent location tracking

When an app has permission to collect your device’s location at any time, for some apps, this means all the time—and that’s persistent location tracking (Unlike one-off tracing, this one’s name is pretty straightforward.) A report by the New York Times discovered that some apps poll location data as often as every 2 seconds (totaling 172,800 collection points over the course of just one day!). If you carry your phone with you at all times and an app has access to this permission, it can sample your location at any time until you revoke it. And because persistent tracking occurs all the time, location can be tracked whether or not the app is in use—so you might not even expect or realize your location is being tracked in the background.

Let’s say Jane allowed Facebook to persistently track her location. After awhile, Facebook would be able to build a map of the routes she frequently follows (demonstrated by the white lines in the diagram below; the more opaque the line, the more frequently she travels along that route). If her location was polled while she was on the trip from the previous example, Facebook would be able to compare that location to her normal trip patterns, and determine that that location was outside her normal location habits:

A wealth of data points might come together over time to contextualize each point within a narrative about that person: in a one off trace, Jane’s two mile trip appears to be an innocuous trip around the city. Add in the rest of the data points and that particular trip suddenly stands out against the pattern of Jane’s location habits.

Layering in even the simplest of data from a user’s location history — in this case, categorizing the trips into ones that occurred on the weekend and ones that occurred on a weekday — provides even more context for Jane’s unusual trip. What could have possibly led Jane to travel so far from her normal weekday paths? A motivated analyst could combine this information with publicly available information, like the businesses and destinations in that area that were open at the time she made her trip, to guess that she went to an oncologist appointment — information that could be quite dangerous in the hands of the wrong people.

Yeah...It can be disconcerting to think that this background information is being collected and used without our knowledge. So be judicious about which apps you allow access to your location and ask yourself, “Is it actually helpful for this app to know where I am? What value do I get out of it?” And every few months, take a moment to inventory which apps are tracking your location in single location data points, one-off traces, and persistent tracking. Here are some tips on how to do that, for Android and iOS.

What do you want to know about data, privacy, or technology?

Data Curious is a public resource supported by Good Research LLC in collaboration with the Center for Digital Civil Society at University of San Diego.

To contact us, send us an email at hello@datacurious.org.

AboutPrivacy Policy