Your Location Data Is Being Sold To Government Agencies Worldwide

Sensationalistic title aside, this is today's reality. Every time you check the weather, play a game, connect to a VPN, or even open your email on your smartphone, you may be generating location data that will end up in the hands of military, intelligence, and law enforcement agencies around the world. This isn't tinfoil hat stuff - it's documented fact, revealed through government contracts, court documents, and data breaches.

Just how pervasive this industry is in the app marketplace was revealed in January 2025 when Gravy Analytics, who sells location data to government agencies through their subsidiary Venntel, experienced a massive data breach. The breach exposed 17 terabytes of sensitive location data collected from thousands of popular apps. Some of the apps mentioned are Tinder, Grindr, Candy Crush, Temple Run, Subway Surfers, Harry Potter: Puzzles & Spells, MyFitnessPal, My Period Calendar & Tracker, Tumblr, Yahoo Mail, Microsoft 365, Moovit, Flightradar24, as well as multiple muslim prayer apps, Christian Bible apps, and VPN apps.

This comprehensive data collection of locations enables detailed tracking of individuals' current locations, historical movements, and travel patterns. Through correlation across multiple data sources, it reveals social connections, meeting attendance, group affiliations, and detailed patterns of daily life. The integration of artificial intelligence allows for automated detection of unusual behaviors and potential autonomous response systems. The scale and sophistication of these capabilities, and their implications for personal privacy and autonomy, are deeply concerning, especially in a time when technology advances daily at an astounding rate.

Government Agencies Buying Your Location

The Defense Intelligence Agency acknowledged to Congress that it purchases commercially available smartphone location data to monitor specific individuals. The Department of Homeland Security, through Customs and Border Protection, maintains million-dollar contracts with location data broker Venntel, A Gravy Analytics subsidiary. The FBI, DEA, ICE, and even the IRS have similar agreements, all designed to access detailed location histories of devices across the country and beyond.

These agencies use commercial data to conduct surveillance that would typically require warrants if done through traditional means. Through data brokers, they can access historical location data, movement patterns, and real-time tracking information - all without judicial oversight.

The practice extends beyond U.S. borders. The Australian Defence Force incorporates commercial location data into its geospatial intelligence program. The UK's Defence Intelligence organization uses commercially acquired location data to establish patterns of movement around specific areas of interest. The Israeli military has integrated commercial data and AI analysis technologies into their operations through partnerships with major tech companies.

The Companies Behind the Surveillance

Near Intelligence stands out among location data providers, claiming over 1.6 billion active user IDs from 44 countries in an Aug 2023 interview with NewsDirect, Near Intelligence analyzes behavior and patterns around locations and connected devices.

Babel Street's Locate X product provides government clients with the ability to track devices anywhere in the world, maintaining years of historical location data allowing the ability to backtrace and recreate years of movements. Their contracts with U.S. Special Operations Command, the Defense Intelligence Agency, and other military organizations show the premium military agencies place on this capability.

Defense contractors have also entered this space. At the center of this data ecosystem sits Palantir Technologies. Their platform serves as a crucial integration point, combining commercial location data with other intelligence sources for military, intelligence, and law enforcement agencies worldwide. The platform transforms raw location data into actionable intelligence, enabling tracking and surveillance capabilities that would be difficult to achieve through traditional methods.

Military Usage of Commercial Data

One of the most striking examples of military use of commercial location data emerged in late 2020, when investigations revealed that U.S. Special Operations Command was purchasing location data from Muslim Pro, an app used by over 98 million Muslims worldwide for prayer times and religious purposes. The data, acquired through broker X-Mode Social, was being used in counterterrorism operations. Another religious app, Salaat First, with 10 million users, was discovered to be part of the same data collection network.

The Israeli military has significantly increased its use of advanced data analysis technology in military operations, integrating commercial data with AI systems to enhance targeting precision. Their partnerships with major tech companies enable sophisticated analysis of movement patterns and location histories.

The Australian Defence Force's GEOINT program demonstrates how commercial location data enhances traditional military intelligence. By combining commercial data with other intelligence sources, they can track movements and identify patterns that would be difficult to detect through conventional means.

China's policy of "military-civil fusion" aims to integrate civilian and military resources, potentially enabling the use of civilian data for military objectives. Given this, it is highly plausible that China may leverage commercially available location data for military purposes, although specific instances have not been publicly documented.

The Apps Collecting Your Data

The primary collection method involves Software Development Kits (SDKs) embedded in mobile apps. These SDKs, often marketed as advertising or analytics tools, contain sophisticated tracking capabilities. For example, X-Mode's SDK, found in over 400 apps, captures location data every 3-5 minutes when enabled (Both Apple and Google have since banned apps containing X-Mode's SDK, but others persist as shown with Gravy Analytics). Many of these apps' developers were unaware their users' data was ultimately flowing to government agencies.

How The System Works

The path your location data takes from your phone to government agencies is complex but documented. Apps containing tracking technology continuously collect location information as you use them. This data flows through broker networks to companies like Palantir, where it's processed and integrated with other intelligence sources.

Government agencies access this data in two ways: through direct purchases from brokers and through integrated systems provided by contractors. When the Department of Homeland Security wants to track movements across the border, they can access Venntel's data directly. When military intelligence needs to analyze patterns of movement, they can use Palantir's platform, which combines commercial location data with their existing intelligence sources.

Legal Implications and Privacy Concerns

The purchase of commercial location data has become a key method for government agencies to bypass traditional surveillance restrictions. In the United States, the Supreme Court's Carpenter decision requires law enforcement to obtain a warrant to track an individual's phone location. However, by purchasing this same information from commercial data brokers, agencies can access detailed location histories along with near real time location data without any judicial oversight.

The December 2024 FTC complaint against Gravy Analytics and Venntel brought this practice into sharp focus. An order was issued prohibiting Gravy Analytics and its subsidiary Venntel from unlawfully tracking and selling sensitive location data from users, including data about consumers’ visits to health-related locations and places of worship without verifiable consent (it will be in those click through "I agree" policies). However, the resulting finalized order in January 2025, while restricting commercial sales of location data without that verifiable consent, specifically preserved access for "national security" and law enforcement purposes.

Similar exceptions appeared in the FTC's action against X-Mode Social (now Outlogic). These "carve-outs" effectively codify the practice of using commercial data purchases to circumvent surveillance restrictions. The result is a legal framework where constitutional protections against surveillance can be bypassed through commercial transactions.

The Future of Commercial Surveillance

The evidence shows that commercial phone data has become fundamental to how government agencies conduct surveillance worldwide. What was once the domain of classified intelligence systems has been transformed by the commercial location data marketplace. Government agencies can now track individuals with unprecedented detail, all without the warrants or oversight traditionally required for such surveillance.

There are few explicit legal restrictions on U.S. government agencies purchasing commercially available data for surveillance purposes. However, some oversight mechanisms and legal frameworks provide limited protections:

• Fourth Amendment & Carpenter v. U.S. (2018) – The Supreme Court ruled that the government needs a warrant to obtain historical cell-site location data, but this does not clearly apply to commercially purchased data.
• Privacy Laws (ECPA, CCPA, GDPR) – The Electronic Communications Privacy Act (ECPA) limits government access to certain communications, but it doesn't regulate data brokers. The California Consumer Privacy Act (CCPA) and EU GDPR provide some consumer rights but do not directly restrict government purchases.
• Inspector General & Congressional Oversight – Agencies like the DOJ Inspector General and Congressional committees may investigate abuses, but enforcement varies.
• Executive Orders & Policies – EO 12333, issued under President Reagan, governs intelligence activities, and agencies like the DHS, FBI, and NSA have internal policies requiring legal review before purchasing data. However, these are often classified and subsequent ammendments have weakened it.
• Recent Legislative Efforts – Bills like the Fourth Amendment Is Not For Sale Act aim to close the loophole allowing government agencies to buy data without a warrant, but no such law has yet been passed.

The implications are profound. Commercial phone data has created a parallel surveillance system operating outside traditional legal frameworks. Through commercial purchases, government agencies have gained surveillance capabilities that would otherwise require judicial approval. As more apps collect location data and more brokers enter the marketplace, this system continues to expand, raising fundamental questions about privacy in a world where your location can be bought and sold without your knowledge or consent.

Published: Feb 19, 2025