Your Phone Logged 68,000 Location Points Last Year. You Didn't Approve Any of Them.
The weather app knows where you slept last night. So does everyone who paid for the data.
Between midnight and 6 AM last night, your phone sat on your nightstand with the screen dark. During those six hours, apps you have not opened in months were logging your coordinates. GPS pinging satellites. Wi-Fi triangulating your position from nearby routers. Cell radios registering your location from tower signals. By the time your alarm went off, your phone had narrowed your position to within about three meters, close enough to identify which room of your house you were standing in.
Researchers have measured this kind of output: roughly 68,000 location data points per device over a single year. That was a controlled academic study with informed consent forms and ethics review.
Your phone runs the same operation. It skips the consent part.
How Your Phone Tracks You Every Few Minutes
The tracking is the business model.
Inside many of the apps on your phone, buried in code you never see, are software development kits from data brokers. Weather apps. Flashlight utilities. Games. Prayer apps. The app developer gets paid a small amount per user, sometimes fractions of a cent. In exchange, the SDK runs in the background, logging precise latitude and longitude coordinates tied to a timestamp and a Mobile Advertising ID. It runs whether the app is open or not.
The industry calls this consent. What actually happened is that someone tapped "Allow" on a permissions popup while trying to check the weather. The popup said "location services." Two words. From that moment forward, every movement they make feeds a data stream that a stranger can purchase.
This is a mature industry. It has conferences. It has trade publications. It has sales teams. Dozens of companies operate in this space, and their product is a map of everywhere you have been.
Why "Anonymized" Location Data Is a Fiction
The industry's defense is that the data is anonymized. Stripped of names. Identified only by device IDs.
In 2013, Yves-Alexandre de Montjoye and colleagues at MIT analyzed mobility data from 1.5 million phone users over 15 months. They found that four randomly chosen location and time data points were enough to uniquely identify 95 percent of individuals in the dataset.
Four points. A morning coffee shop, an office building, a gym, a home address. That is a Tuesday.
Human movement is habitual. People go to the same places at the same times. A continuous location trace leads to a home address within days. Cross reference that address with property records or voter registration files, both of which are public, and the "anonymous" data has a name attached to it. Anonymization is a sales pitch. Four data points and you are identified.
Who Buys Your Location Data and What They Use It For
In July 2021, a Catholic news outlet purchased commercially available location data on the open market. No warrant. No subpoena. No legal process of any kind. They identified a device that traveled regularly between the offices of the U.S. Conference of Catholic Bishops and gay bars. They cross referenced the movement pattern with a home address. They published a story identifying and outing Monsignor Jeffrey Burrill. His career ended within days.
The data was legal to buy. Legal to analyze. Legal to publish.
That same infrastructure has been used to geofence churches and match device IDs to voter rolls for political ad targeting. After the Supreme Court overturned Roe v. Wade, journalists purchased a week of location data for over 600 Planned Parenthood locations for $160, showing where visitors came from, how long they stayed, and where they went afterward. These are real events. The system that made them possible is still running.
The Other Side
The Federal Trade Commission has started treating the sale of precise location data as an unfair trade practice. In January 2024, the FTC permanently banned X-Mode Social from sharing sensitive location data. A handful of other enforcement actions followed. California passed a law creating a single deletion request system for data brokers. Apple and Google have both introduced features that let users limit cross app tracking.
These are real steps. They are also the equivalent of locking the front door while the weather app sends your coordinates out the window. The SDK sits inside the app. The operating system protections were built to stop apps from tracking you across other apps. They were never designed to stop an app from harvesting data through its own permissions and piping it to a third party. As long as an app can embed a data broker's code in exchange for a few cents per user, the pipeline stays open.
Facial recognition is already converging with location tracking. The systems being built now work without a device. The trajectory is a world where moving through public space generates a data trail whether you are carrying a phone or not.
The phone in your pocket is a surveillance device. The most profitable one ever built. And you bought it yourself.
There is a god in the Crushed Between mythology who feeds on the feeling of being watched. It does not surveil anyone directly. It built the systems, and the systems do the watching. Every ping from every pocket is a small act of worship. If the machinery described here sounds familiar in a way that feels mythological, the serialized fiction explores what it looks like when that worship reaches critical mass. Read the latest chapter on Substack.
This article is for informational purposes only and does not constitute medical, financial, or professional advice.