Having a smartphone is like having a local map, a world atlas, and the yellow pages (and a lot more) all in your pocket. With just a couple of taps (or voice commands), you can find information on the places around you and directions to just about anywhere.
But that kind of location information goes both ways. Your phone knows where you are, and so your cellular carrier knows, too. Wherever you go, if your phone is with you, your carrier knows about it. Even if you have the GPS on your phone turned off, your carrier knows your location based on the cellular towers your phone is accessing.
Don't want to be tracked? Unfortunately, there's not much to do about it if you want the convenience of a smartphone — or even an ordinary cellular phone — in your pocket. We count on our carriers to keep that location data private, but they haven't been doing a very good job.
That's because they've handed access to your location information over to a third-party company called LocationSmart that sells real-time location information to businesses. The company brags that it can locate over 95% of cellular subscribers in the U.S. in real time. There's no hacking involved and your phone doesn't need to be infected by a virus or have malware installed. LocationSmart gets the data directly — and legally — from your cellular carrier. Even if you're diligent about keeping your phone free of malware and avoid letting apps have access to your location information, your cellular carrier and companies like LocationSmart that provide opt-in location data for services like roadside assistance can access it.
While LocationSmart claims to only share your information with your consent, there was a problem: until recently, the company was providing access to real-time location data online. While that could have let hackers get to it, what actually happened is worse. According to Krebs on Security, "anyone with a modicum of knowledge about how Web sites work could abuse the LocationSmart demo site to figure out how to conduct mobile number location lookups at will, all without ever having to supply a password or other credentials." That meant that a tech-savvy person who went looking could find out exactly where you were at that moment, without doing so much as entering a password — much less getting consent.
The FCC is currently investigating LocationSmart and the company's demo has been taken offline. And, worst of all, there's no way for you to prevent your data from being shared in the future. Cellular carriers don't give you the option to opt out of location tracking or having your data in a pool that can be accessed by third parties.
For now, you just have to trust that your cellular carrier is doing everything it can to keep your personal information secure — and that whoever they might be selling information to is doing the same. But considering the frequency of data breaches, we won't be holding our breath.
Updated on 6/5/2018 with information from a LocationSmart representative.
[Image credit: identifying person concept via BigStockPhoto]
