The privacy of location data is an open problem
A few years ago, a news article was published concerning the sale of location data by apps, despite the privacy policies of app stores. The first question you might ask yourself as a user is why services want to buy or collect your location data. The answer is simple: money. Companies can use your location data to target you with ads or even sell it to other companies. This is not only a privacy issue but also a security issue.
Imagine this, you use your favorite fitness application to track your running sessions. The app collects your location data to show you your running route. Suddenly, you start seeing advertisements for shops on your route. Other applications such as Amazon start to show you ads for running shoes. This is not a coincidence.
These types of issues are not new, but they are definitely not the most severe. Millions of users use Google Timeline which keeps track of your location over time. For you as a user, it offers the ability to see how busy a location is, when you last visited a certain point of interest, or track your walks through a city you visited. On the 14th of March, 2018 - a murder was committed without any witnesses in Phoenix, US. A short time later, police apprehended the suspect by making use of location data that Google provided.
In Europe, we have better protection against the misuse of location data and companies are required to provide clear privacy policies on how they use your data. It is one of the reasons why Google started to move location data locally to a smartphone. While this helps to ensure that location data cannot be (forcefully) requested or sold by third parties, it brings a wide range of other problems with it pertaining to the accessibility of the data. Google already has a large monopoly on location data and location insights through their mobile applications such as Google Maps or Waze. They provide a privacy policy that states how they use location data with one of the prominent statements being that they do not sell data. Despite this, they still collect a wide range of data that can be used to track you or your friends, family members, or colleagues.
Data includes expected information such as the IP address, GPS location data, and regular activity on Google Services. However, it goes a lot further with the collection of sensor data from your device, such as the accelerometer. Additionally, external information is collected, such as the Wi-Fi access points around you, Bluetooth-enabled devices, and cell towers. Internally, Google could potentially use this information to not only track yourself but also your friends, family members, or colleagues. For example, if your coworker uses a Bluetooth headset and you are in the same room, Google could potentially determine when your colleague is in the same room, even if they do not use Google's services.
Even unintentionally, location data can find its way to unwanted parties. In December of 2025, it became known that the location data, including personal information of 800,000 Volkswagens was available through an insecure endpoint.
I am investigating possible solutions to this problem. We are developing a system that allows users to control their location data. This system will allow users to decide who can access their location data and for what purpose. This way, users can still use their favorite fitness application without having to worry about their location data being sold to third parties. To further position this research, we are conducting a survey to understand how users feel about the current state of location data privacy and transparency.
If you have 15 minutes you can really help to make a difference in this investigation. The survey is available on Qualtrics till mid-February. Your answers will be anonymized and used to further develop the system.