The Privacy Illusion: How Current Location Sharing Apps Put Your Data at Risk

For millions of families, location sharing apps offer the promise of safety: tracking loved ones, monitoring driving habits, and staying connected in an unpredictable world. But beneath the surface of convenience lies a darker truth—one that reveals how your most sensitive data, including precise location information, can be commodified, shared, and potentially weaponized against you.

This isn’t just about losing privacy; it’s about exposing yourself and your family to risks that not all users fully understand.

A History of Selling Out Users

In December 2021, an investigation by The Markup uncovered that Life360 had been selling precise location data to a host of third-party data brokers, including X-Mode, Cuebiq, and SafeGraph. These brokers, in turn, resold the data to whoever could pay—including advertisers, government agencies, and contractors linked to national security operations.

Life360 touted that this data was anonymized, but experts and researchers overwhelmingly agree: anonymized location data is a myth. With enough context, individual identities can easily be reconstructed by cross-referencing other datasets. A routine commute, a child’s school drop-off, or even a visit to a medical clinic could expose deeply personal details about users.

Even more troubling is that Life360 had no control (or apparent interest in controlling) how brokers handled this sensitive information after selling it. These third-party brokers were free to resell location data to other companies or individuals, meaning that the trail of your movements could end up in the hands of unknown and potentially malicious actors.

A hypothetical scenario of the above would look like this: Someone gains access to your precise location data through a third-party broker. With this information, they could study your daily patterns and routines—when you leave for work, when your children are dropped off at school, and when your house is most likely to be empty. Let’s say you’re using a location-sharing app to monitor your teenager’s driving habits. The app tracks when they leave home and arrive at their part-time job. Now, they cross-reference this location data with public social media posts or other datasets. They can identify your teenager’s place of work, deduce their work schedule, and even track their route home. They know where you live, so they could also target your home network and if not properly locked down, could exploit it and all devices that connect to it. This leaves your family vulnerable to stalking, theft, or worse. In this hypothetical, the data meant to ensure your family’s safety becomes the very tool that endangers them. This example underscores the importance of understanding how your data is shared and who can access it.

The Damage Control Pivot

After public backlash, Life360 announced it would stop selling precise location data to data brokers. But this wasn’t a full stop. Instead, the company shifted its business model, continuing to sell location data to “partners” it claimed were directly tied to app features.

One such partner is Arity, a subsidiary of Allstate Insurance, which powers driving-related features like crash detection and driving analysis. Life360 asserts that its contracts prohibit partners like Arity from reselling data. Yet no independent audits or proof of these contractual obligations have been shared. This means users are left with little more than Life360’s word—a flimsy assurance given the company’s track record.

Without transparency, there’s no way to confirm whether Arity, or any other partner, abides by these restrictions. In the absence of accountability, Arity could theoretically resell the data to brokers or other entities, putting users right back in the position they were before Life360’s so-called pivot.

The Consequences of Data Exposure

For families using Life360 to protect children or track valuable items with Tile, these risks are far from theoretical. By collecting such granular data, Life360 (and any company they share data with) creates a detailed map of your life:

• Patterns of Life: Where you live, work, and relax; where your children go to school; your routines, including when you’re home or away.

• Sensitive Locations: Visits to reproductive health clinics, domestic violence shelters, places of worship, or protests—information that could expose users to stigma, harm, or worse.

• Valuable Targets: Using Tile to track high-value items like vehicles or jewelry makes it easier for malicious actors to target and steal from you.

What makes these risks even more alarming is the potential for this data to be used against you in ways you might not foresee. A malicious actor with access to detailed location data could target your family, invade your privacy, or even plan crimes based on your patterns of movement. These concerns are not hypothetical—they’re the logical outcome of poorly managed and widely shared location data.

The Pervasive Privacy Problem in Location Sharing Apps

The invasive practices of Life360 are not an isolated case. The vast majority of location-sharing apps available on Google and Apple app stores have privacy policies that are equally alarming. These apps often collect and store users’ location data on their servers, a practice that is both unnecessary and dangerous. Take Family360 for example, their app store listings state "Data Not Collected", a lie easily revealed when reading their privacy policy listed on their website and linked on their app store listing where the following quote was pulled: "We may also share location information with third parties for advertising, research and analytic purposes. If you want to opt-out of the collection of your location data, please adjust your settings in your mobile device to limit the app's access to your location data."

Location-sharing apps do not need to retain users’ location data on their servers to function effectively. Instead, this data is collected and stored because it is profitable for these companies to sell or leverage it for advertising purposes. This approach prioritizes corporate profits over user privacy and security. Worse, the storage of this data creates an attractive target for hackers and other malicious actors. It's a deliberate, profit-driven choice that puts users’ sensitive data at risk while promising them safety and security.

The takeaway is clear: Users must be meticulous when choosing apps and ensure they prioritize services that are designed to function without retaining sensitive data unnecessarily, and that offer transparency.

The Increasing Erosion of Privacy Rights

Companies like Life360 serve as stark reminders that our most sensitive information—our movements, habits, and personal lives—can be commodified without our full understanding or consent.

Legislation around data privacy is struggling to keep up with the rapid pace of technological advancements, leaving consumers increasingly exposed. The responsibility, then, falls on individuals to scrutinize the apps and services they use. Now more than ever, we must demand transparency, security, and accountability from the companies we entrust with our data.

It’s critical to recognize that choosing the right tools and platforms isn’t just a matter of convenience; it’s a matter of protecting ourselves and our loved ones.

Grid: A Secure Alternative

If Life360 and companies like them are the cautionary tale, Grid is the solution. Built on the principle that privacy and security are inseparable, Grid ensures that your data works for you—and only you.

• End-to-End Encryption: Unlike Life360, Grid encrypts your location data from start to finish. Not even Grid can access your information, ensuring it remains private even in the event of a breach.

• User-Centric Groups: Add users securely via QR codes or usernames, and set expiration times for groups to ensure no lingering access.

• Future-Ready Features: Grid’s current focus is private location sharing, but robust features like an SOS mode are already in the pipeline, further enhancing functionality without compromising security.

Grid is designed to protect your most sensitive data from corporate greed and third-party misuse. It recognizes that the real value of location-sharing apps lies in their ability to provide safety without exposing users to new dangers.

How Grid Stands Apart

Grid’s commitment to privacy and security continues with its choice of map provider. Currently, Grid hosts ProtoMaps (a lightweight, open source map solution) in Cloudflare creating a privacy-first map service designed to ensure that your data remains secure. By self-hosting it in Cloudflare (a trustworthy cloud services company with a robust privacy policy), Grid is able to provide users with a map service that does not track your activity or store information about the tiles (the specific sections of the map you view) that you access, making it an ideal choice for users who prioritize privacy.

Grid’s Vision for the Future of Mapping

Grid’s ultimate goal is to build its own robust, self-hosted map server. This server would combine the privacy of ProtoMaps with the visual quality and features of major map providers like Apple and Google. What would this mean for you as a user?

• No Tile Tracking: Unlike Apple or Google Maps, Grid’s self-hosted map server would not collect or track the tiles you view. This ensures complete privacy for every map interaction.

• Enhanced Features: As Grid’s map server grows, it will deliver an experience that competes with the detail and ease of use offered by larger providers—without compromising user data.

For now, our ProtoMaps + Cloudflare blend offers a secure, privacy-first option that aligns with Grid’s core principles. As Grid evolves, we’ll provide users with the choice to prioritize either privacy or convenience, with the long-term vision of offering the best of both worlds.

The Bottom Line

Grid offers a better path forward—one where your data belongs to you alone. Because at the end of the day, your safety should never come at the cost of your privacy. We’re here to help you be hard to track.