They Know Where You Sleep, Work, Worship, and Seek Medical Care
Gravy Analytics collects more than 17 billion location signals from around a billion mobile devices daily. X-Mode ingested more than 10 billion location data points before the FTC banned them from selling sensitive data. Near Intelligence, now bankrupt, licensed location data to an anti-abortion group that targeted ads at visitors to 600 Planned Parenthood clinics. [1] [2] [3]
The global data broker market hit $278 billion in 2024 and is projected to exceed $512 billion by 2033. Your phone's location history is for sale, to advertisers, data brokers, law enforcement, and anyone willing to pay.
The Major Players
Gravy Analytics / Venntel
- Scale: 17+ billion signals daily from ~1 billion devices
- FTC Action: December 2024 ban on selling cellphone location data for sensitive categories
- Government Ties: Venntel subsidiary has million-dollar contracts with DHS through Customs and Border Protection
- January 2025 Breach: 17 terabytes of sensitive location data exposed from thousands of apps including Tinder, Grindr, Candy Crush [4]
X-Mode Social / Outlogic
- Scale: Self-described as second largest U.S. location data company
- Data: More than 10 billion location data points, 70% accurate within 20 meters
- FTC Action: January 2024, first ever prohibition on selling sensitive location data [2]
- Military Ties: U.S. military purchased access to X-Mode SDK embedded in apps targeting Muslims
- Pricing: "Cyber Security Location data" license: $240,000 per year
Near Intelligence (Bankrupt)
- Scale: Data representing 1.6 billion people across 44 countries
- Valuation: $1 billion via SPAC in 2021; filed Chapter 11 bankruptcy December 2023
- Controversy: Licensed location data to anti-abortion group Veritas Society to target ads at 600 Planned Parenthood clinics [3]
- Status: Bankruptcy proceedings continue into 2025; Senator Wyden urged FTC to ensure all data is destroyed, not sold
Babel Street / Locate X
- Product: Locate X tracks devices anywhere in the world with years of historical data
- Data Source: Purchases all data from Venntel
- Government Contracts:
- FBI: Contract worth up to $27 million for 5,000 licenses
- ICE: $6.5 million cap, extended with ~$3 million additional
- U.S. Special Operations Command and Defense Intelligence Agency
- Capabilities: Draw a polygon around any location, view time-lapse history, track individual mobile advertising IDs [5]
SafeGraph / Veraset
- Data: Veraset advertises dataset containing 10%+ of U.S. population from thousands of apps
- App Payments: Apps make $12,000 to $1 million per year sending location data to Veraset
- Government Sales: Illinois DOT paid $49,500 for two years of raw data (50+ million pings/day)
- Ban: Google banned SafeGraph from Android marketplace in 2021
- Commitment: Agreed to stop selling data from abortion clinics after Congressional pressure [6]
How They Get Your Location
SDKs in Apps
Software Development Kits (SDKs) are code libraries that app developers embed in their apps. When you grant location permission to a weather app, that SDK might be sending your coordinates to a data broker every few seconds. [7]
Accuracy levels:
- GPS: Within 4.9 meters
- WiFi: 10-100 meters
- Beacons: Within half a meter
- 5G Networks: Precise enough to track movement to locations as small as an ATM
Mobile SDKs contributed 36.19% of location data flows in 2024.
Bidstream Data
Every time an ad loads on your phone, information about you, including your location, is broadcast to dozens of advertising networks in milliseconds. This "bidstream" data is collected by brokers even when they don't win the ad auction. [8]
The accuracy is terrible, reports put it at less than 10%. But it's available in massive quantities, often collected without explicit consent.
In December 2024, the FTC issued its first ever prohibition on collecting consumer data from real-time bidding exchanges when it took action against Mobilewalla, which had collected 500+ million unique consumer advertising identifiers. [9]
Who Buys Your Location
Government Agencies
Federal agencies purchase cell phone location data without warrants, exploiting a constitutional loophole. Known buyers include: [10]
- IRS
- Department of Homeland Security
- ICE and CBP
- DEA
- FBI
- Secret Service
- Department of Defense
- CDC
The Treasury Inspector General found Venntel location data "not useful" for IRS investigations, but IRS lawyers claimed data from "marketers of information like Venntel is not subject to a warrant." [10]
Defense and Intelligence
Defense contractors purchased location data from Muslim prayer apps and dating apps. The U.S. military purchased access to X-Mode, whose SDK was embedded in apps targeting Muslims. U.S. Special Operations Command and Defense Intelligence Agency have contracts with Babel Street. [5]
Advertisers and Marketers
Marketing and advertising held 38.81% of the data broker market in 2024. Location data enables targeted advertising based on where you've been, visit a car dealership, see car ads everywhere. [11]
Other Data Brokers
Data brokers buy from each other. Near Intelligence's bankruptcy filings revealed "Data Monetization" agreements with X-Mode from 2017 through 2023. Babel Street purchases all its data from Venntel. The industry is an interconnected web of data sharing. [3]
FTC Enforcement Actions
2024-2025: The Crackdown Begins
X-Mode/Outlogic
January 2024
First ever prohibition on selling sensitive location data
InMarket
May 2024
Prohibited from selling precise location data (100M+ devices/year)
Mobilewalla
December 2024
First ban on collecting data from real-time bidding exchanges
Gravy/Venntel
December 2024
Ban on sensitive locations, but preserved "national security" access
These are the FTC's five major actions against location data brokers. The pattern: bans on selling data about sensitive locations like abortion clinics, churches, and military sites. But the Gravy Analytics/Venntel order specifically preserved access for "national security" and law enforcement. [1]
What "Sensitive Location" Means
The FTC's actions target tracking people to:
- Abortion clinics and reproductive health facilities
- Religious sites and places of worship
- LGBTQ+ venues and service offices
- Military installations
- Homeless shelters
- Addiction recovery facilities
- Schools and childcare centers
- Domestic violence shelters
The Kochava class action settlement in 2025 requires the company to implement features blocking data from healthcare facilities, schools, jails, religious establishments, and LGBTQ+ service offices. [12]
The Abortion Clinic Targeting
After Roe v. Wade was overturned, location data became a threat vector for reproductive healthcare. [13]
Near Intelligence and Veritas Society
The Wall Street Journal revealed in May 2023 that Near Intelligence licensed location data to anti-abortion group Veritas Society. Senator Wyden's investigation found the group ran a geofencing campaign targeting 600 Planned Parenthood clinics in 48 states. [3]
Near is now bankrupt. Senator Wyden urged the FTC to ensure the data is destroyed, not sold to another broker. The bankruptcy proceedings continue.
Locate X Tracking
Babel Street's Locate X tool can track smartphone devices with precision. Privacy advocates warn it could be used to identify abortion clinic visitors by drawing a digital polygon around a clinic and tracking everyone who enters. [5]
Legal Protections
In August 2024, the Fifth Circuit Court of Appeals held that geofence warrants are "categorically prohibited by the Fourth Amendment", a significant protection, but one that doesn't stop commercial data purchases. [13]
California's AB 45 broadly outlaws geofencing near family planning and healthcare centers for tracking, data collection, or targeted ads. It includes a private right of action. [13]
The January 2025 Gravy Analytics Breach
In January 2025, hackers breached Gravy Analytics, exposing 17 terabytes of sensitive location data. Affected apps included Tinder, Grindr, Candy Crush, Temple Run, and Subway Surfers. The dataset contained 380 million location data points from 137 countries. Approximately 20 million people in Britain alone used affected apps. [4]
Apps like Hornet stated they couldn't explain how users' data ended up with data brokers, they claim they don't share actual location data with third parties. The breach revealed how opaque the data broker ecosystem really is.
How to Reduce Your Exposure
Limit Location Permissions
- Review all apps: Check which apps have location access in your phone settings
- Choose "While Using": Never grant "Always" permission unless absolutely necessary
- Deny when possible: Most apps don't actually need your location
- Check background refresh: Some apps track location even when closed
Use Universal Opt-Out Mechanisms
Starting July 1, 2025, multiple states (California, Colorado, Connecticut, Delaware, Montana, Nebraska, New Hampshire, New Jersey, Oregon, Texas) require businesses to honor Universal Opt-Out Mechanisms. [14]
- Global Privacy Control (GPC): Browser extension that signals opt-out preferences
- Brave browser: Has GPC built in
- Mozilla Firefox: Supports GPC
Exercise Your Rights
Under current laws, you have:
- Right to access: Request what location data is collected about you
- Right to deletion: Direct companies to delete your location data
- Right to opt-out: Restrict companies from selling your data
DataPurge makes exercising these rights easy, it generates legally-backed deletion requests citing applicable privacy laws and sends them for free with one click.
Life360, for example, received 3,608,554 opt-out requests in 2024, less than 5% of its 83+ million users. Most people don't know they can opt out. [15]
Understand Limitations
Even with all precautions:
- Apps can use server-to-server data sharing to bypass SDK restrictions
- Your carrier still knows your location from cell tower connections
- Some data collection happens before you can opt out
- Data already collected and sold is nearly impossible to recall
The Scale of the Problem
$278 Billion
Global data broker market in 2024
5,000
Estimated data brokers globally
77%
Of people believe government should need a warrant to buy location data (2020 poll)
0
Federal laws requiring warrants for government location data purchases
The Fourth Amendment Is Not For Sale Act has passed the House but not the Senate. Until comprehensive legislation passes, the loophole remains: what the government can't legally collect directly, it can purchase from commercial brokers. [10]
The Bottom Line
Location data brokers collect billions of signals daily from your phone. They sell this data to advertisers, other brokers, and government agencies. The FTC has started cracking down on sensitive location tracking, but enforcement is limited and the "national security" exception preserves government access.
The industry is worth nearly $300 billion. Your location history, where you sleep, work, worship, seek medical care, and spend your time, has been commodified without meaningful consent.
The reality:
- Your phone broadcasts your location to dozens of companies constantly
- Apps sell your data to brokers who sell to anyone willing to pay
- Government agencies buy location data to circumvent warrant requirements
- Sensitive locations are targeted including abortion clinics, mosques, and LGBTQ+ venues
You can limit exposure through permission management and opt-outs, but you can't fully escape. The infrastructure for mass location surveillance is built into the foundations of the mobile ecosystem. Until that changes, assume your movements are tracked, recorded, and for sale.
References
- FTC - Action Against Gravy Analytics, Venntel for Unlawfully Selling Location Data (December 2024)
- FTC - Order Prohibits X-Mode Social and Outlogic from Selling Sensitive Location Data (January 2024)
- The Markup - What Happens to Your Sensitive Data When a Data Broker Goes Bankrupt? (February 2024)
- Netzpolitik - Databroker Files: 40,000 apps behind location tracking
- EFF - How the Federal Government Buys Our Cell Phone Location Data
- EFF - SafeGraph's Disingenuous Claims About Location Data Mask a Dangerous Industry
- Adsquare - Bidstream vs. SDK: Different types of location data
- FTC - Unpacking Real Time Bidding through FTC's case on Mobilewalla (December 2024)
- FTC - Action Against Mobilewalla for Collecting and Selling Sensitive Location Data (December 2024)
- Brennan Center - Federal Agencies Are Secretly Buying Consumer Data
- Grand View Research - Data Broker Market Size And Share Report, 2033
- MediaPost - Kochava To Revise Privacy Practices To Settle Class-Action
- EFF - Location Data Tracks Abortion Clinic Visits. Here's What to Know (March 2024)
- Koley Jessen - Universal Opt-Out Mechanisms Explained
- The Markup - Life360 Is Selling Precise Location Data on Its Tens of Millions of Users