The Tracking Machine in Your Pocket
Your smartphone is the most powerful tracking device ever built, and you carry it everywhere. It knows where you sleep, where you work, where you worship, who you spend time with, what you search for late at night, and how long you stand in front of a store before walking in. It knows all of this because it is constantly collecting data—and a lot of that data is being sent to companies you have never heard of.
Most people understand, at a general level, that apps collect some data. But the scale, the specificity, and the sheer number of companies involved are far beyond what most people realize.
How Your Phone Tracks You
Your Advertising ID
Every smartphone has a unique identifier assigned to it for advertising purposes. On iPhones it is called the IDFA. On Android it is called the GAID. This ID works like a digital name tag that follows you across every app you use. When an app sends data about your activity to third parties, it attaches your advertising ID so all of your activity across all of your apps can be linked together into a single profile.
GPS, Wi-Fi, Bluetooth, and Cell Towers
Your phone pinpoints your location through multiple methods, and turning off one does not necessarily stop the others. GPS uses satellite signals. Wi-Fi networks triangulate your position. Bluetooth beacons in stores track your movement through physical spaces. Cell tower connections estimate your location. Even with GPS off, companies can figure out where you are with surprising accuracy.
Apps That Share Your Data Behind Your Back
Many apps contain hidden third-party code from data collection companies. When you use one of these apps, your data—location, device info, usage patterns—gets sent not just to the app you downloaded, but also to these outside companies you never agreed to share anything with. One piece of tracking code can be embedded in hundreds of different apps, which means a single data company can be collecting information from millions of people simultaneously through apps those people use for completely unrelated purposes.
The app developers include this tracking code because the data companies pay them for it. The more users the app has, the more data it feeds to the collector, and the more money the developer gets. Your data is being sold as a side hustle by the apps you trust.
Photo Metadata
When you take a photo, your phone embeds hidden data in the image file: exact GPS coordinates, date, time, device model. When you upload that photo to social media or send it through an app, that hidden data can be harvested. Some platforms strip it out, but many do not.
Real Cases That Should Concern You
Gravy Analytics (2025)
A data breach at Gravy Analytics revealed that thousands of popular apps—including Flightradar24, Grindr, and Tinder—had been quietly collecting users' precise location data through embedded tracking code. The users of these apps had no idea their location was being harvested by a company they had never heard of.
General Motors and OnStar (2025)
The FTC found that General Motors and its OnStar system had been monitoring and selling drivers' precise location data and driving behavior, sometimes recording data as often as every three seconds. This data was sold to consumer reporting agencies and other companies. If you drove a GM vehicle, your car was a tracking device.
Mobilewalla (2025)
The FTC took action against Mobilewalla after the company collected over 500 million unique consumer identifiers with precise, non-anonymized location data. They created audience segments by analyzing where people physically went—including targeting pregnant women based on visits to pregnancy centers—and sold that data to advertisers and other brokers.
X-Mode Social (2024)
The FTC acted against this company for tracking app users' visits to deeply sensitive locations: family planning centers, religious institutions, union offices, schools, domestic violence shelters, and immigrant services. The location data was collected through apps that users had downloaded for completely unrelated purposes. The people being tracked had no idea.
Social Media Apps Are Among the Worst
Meta's apps—Facebook, Instagram, Messenger, WhatsApp—use GPS, Wi-Fi, Bluetooth, and cell tower data to track your location. If you have given these apps "always allow" location permission, they track you even when the app is not open. They combine this with photo metadata, post content, and data from across all their platforms to build a continuous timeline of your physical movements.
Think about what this means: these companies are not just tracking where you are right now. They are building a history of everywhere you have been, and using it to predict where you will go next. Your physical movements reveal your habits, relationships, health conditions, political activities, and vulnerabilities. Unlike a password, you cannot change your physical location. That is exactly why location data is so valuable to the companies that collect it.
How To Take Back Control
Audit Your App Permissions
Go into your phone settings right now and check which apps have access to your location, microphone, camera, contacts, and storage. For each one, ask: does this app actually need this? Set location to "While Using" or "Never" whenever possible. Never leave any app set to "Always Allow" unless you have a specific, ongoing need.
Reset Your Advertising ID
On Android: Settings → Google → Ads → opt out of ad personalization. On iPhone: Settings → Privacy & Security → Apple Advertising → turn off personalized ads. On iPhone you can also use App Tracking Transparency to deny individual apps the ability to track you.
Turn Off Wi-Fi and Bluetooth When Not Needed
Your phone constantly broadcasts Wi-Fi and Bluetooth signals that stores, malls, and public spaces use to track your movement. Turning them off when you are not using them prevents this passive tracking.
Use a VPN
A VPN encrypts your internet traffic and masks your IP address, making it harder for websites and apps to determine your location and track your activity. Not bulletproof, but a meaningful layer of protection.
Switch to Privacy-Respecting Apps
Use Brave or Firefox instead of Chrome. Use Signal for messaging. Use DuckDuckGo for search. Every app you switch to a privacy-respecting alternative is one fewer pipeline sending your data to trackers and brokers.
Be Skeptical of Free Apps
When an app is free, your data is almost always the payment. Before downloading, check what permissions it requests. If a simple utility app wants access to your location, contacts, and microphone, that is a red flag. The app's real business is your data, not the utility it advertises.
The bottom line: Your phone does not have to be a surveillance device. With the right settings and habits, you can use it fully while dramatically reducing how much of your life is being collected and sold. The key is being intentional about what you share.