Are your apps spying on you? I did the work and here's what you need to know right now
We hear about the dangers of malicious app developers all the time, but have you ever wondered how many of those are true? Well, I'll be your mythbuster, so let's settle things.
I don’t know about you but I sure have lost count of how many times I've installed an app, only to be hit with the "Allow location access?" pop-up before I can even explore the interface?
And sometimes it makes sense – I mean, Google Maps can't guide you anywhere without knowing where you are. But other times? A shopping app? A camera filter? Why exactly do they need to know where you are standing?
Some of what I found matched the official story. But a lot of it didn't.
What do the privacy policies say?
Those long, boring policies we usually just click “Agree” on actually hide a lot – especially when it comes to how companies handle your data. More often than not, it turns out we agreed to things we might not really agree with once we find out later. So, I read every privacy policy for the apps I chose for this article.
Some confirmed what I saw during testing. Others… well, let's just say "transparent" isn't the word I'd use. Most policies acknowledged collecting location data, but rarely gave a precise explanation.
Social media
TikTok always knows where you are. | Image credit – PhoneArena
After digging through hundreds of pages of privacy policies, one thing becomes clear: TikTok and Instagram use vague lines like "to improve your experience" or "for personalization." Both also admit they may share location with "service providers" – which can include advertisers and analytics firms.
Both social media giants gather location data even if you've turned off Location Services on your device. This includes tracking your IP address to get a rough idea of where you are. In Meta's case, the company can also use your IP address to pinpoint your specific location if it deems it necessary to protect your safety or the safety of others.
And of course, both companies assure us that our location data is safe and used only to help improve our experience. But history tells a slightly different story. Both Meta and TikTok have faced multiple controversies and lawsuits over how they handle location data.
Earlier this year, Meta got hit with a class-action lawsuit in California, alleging it collected location data through tracking software hidden in thousands of mobile apps. The claim? Meta used a “software development kit” to access devices without permission and gather precise geolocation data, then allegedly monetized it.
TikTok hasn’t escaped scrutiny either. Concerns mainly revolve around its parent company, ByteDance, and the potential for the Chinese government to access Americans’ sensitive data, including location info.
This worry was central in debates over a law that could have effectively banned TikTok in the US. TikTok has also faced a lawsuit claiming it collected location data from visitors to websites even if they didn’t have a TikTok account.
So, yeah, privacy policies don’t always tell the whole picture.
Navigation
Maps needs your location to work as intended. | Image credit – PhoneArena
I use Google Maps every time I travel, so it was naturally one of the first apps on my list. Plus, it’s also the most popular navigation app in the world.
Google Maps is more direct, stating that location is needed for navigation and may be used to improve Google's services. Actually, if you turn on "Web & App Activity" in your Google Account, Google saves your location and activity data – even when you're not using the app – to offer features like recommendations and live traffic.
That all came to light in 2022, when several state attorneys general – including the one from Washington, D.C. – reached a $9.5 million settlement with Google. The lawsuit claimed Google misled users about location tracking, continuing to collect location data through features like “Web & App Activity” (which is on by default) even when people thought they’d shut it off by disabling “Location History.”
Google says it doesn't sell your personal info but shares it with partners, your work or school admin, or when required by law. It also shares anonymous location info for research and trends. So, yeah – don’t be shocked if you land in LA and suddenly your feed is flooded with ads for a trip to Universal Studios.
Google Maps asks for precise location right away and may request background access for navigation. You can still search and browse maps without granting location access, but features like turn-by-turn directions won't work.
Shopping
Amazon and Temu have a long list of how they use your location, but you can opt out in both apps. | Images by PhoneArena
Next up, let’s talk about shopping apps, since more and more of us are buying things online. Back in the day, you could just walk into a store, grab what you needed, and leave without the owner having any clue where you lived. Now? Yeah, that’s not how it works anymore. I guess more online shops know where I live than my friends at this point.
Amazon doesn't sell your personal info but shares it with affiliates, service providers (logistics, marketing, analytics), and third parties when required by law or business needs. Their AWS Location Service anonymizes data and doesn't use it for ads or analytics.
Temu asks for an approximate location on launch or while browsing promos – also a foreground request and not needed for basic shopping. The company always collects approximate location via IP and can get precise GPS only if you allow it. Like any e-commerce site, it collects your shipping address and may infer location from your browsing and purchases.
Temu says it uses location data for deliveries, personalized ads, and service improvements. It claims it doesn't sell personal info. Temu's been under scrutiny for alleged excessive data collection beyond location, with concerns about privacy, Chinese government access, and transparency. And the EU is investigating its compliance with digital laws.
However, the company claims location is only used where absolutely necessary (like address completion in some regions), always with user consent, and features are inactive where not needed.
Globally, location permissions are strictly limited to specific functionalities, such as address completion in regions where formal postal systems may require GPS supplementation (e.g., parts of the Middle East). Even in these cases, explicit user permission is required, and the feature is inactive in other markets. This approach aligns with our principle of implementing location services only when absolutely necessary to ensure service quality, and always with clear user consent. Our privacy policy provides full transparency about these practices across all markets.
– Temu, August 2025
Meanwhile, Shein, another really popular app in the US, mentions location only in the context of delivery or deals; it does not explicitly say if it shares it for ads. When you install the app, it does not ask you to agree to any privacy policies, but asks you to choose where you are located.
Again, like most of the others, Shein collects location data inferred from your IP address to "tailor your experience in terms of displaying the appropriate local website, language, or user experience." But if this is the whole story, I couldn’t find out (for now).
Weather
As soon as you install the AccuWeather app, it asks for location access right away. If you don't allow location tracking – even in the background – you might miss out on some features, like the widget not updating properly. AccuWeather also mentions that if you agree, your location data could be shared with third parties, including advertisers.
If you want AccuWeather to work properly, location access is a must. | Images by PhoneArena
Following a complaint from EPIC, AccuWeather adjusted some of its practices and is now more upfront about selling user data to advertisers. Users can also choose to opt out of advertising and other non-essential uses of their device information, and they can delete any data AccuWeather has collected about their device.
Games
You need to have location enabled to play the game. | Image by Pokémon Go blog
Pokémon Go (by Niantic) is up-front: it uses your location for gameplay and may share it with partners.
Our Services include location based games whose core feature is to provide an experience tied to your real world location, so we need to know where you are to operate these apps and games for you, and to plan the location of in-game or in-app resources. We identify your location using a variety of technologies, including GOS, the WiFi points you are accessing the Service through and mobile/cell tower triangulation.
– Niantic, 2025
The difference here is that with Pokémon Go, players knowingly hand over their location data as part of the gameplay. But that doesn’t mean there haven’t been privacy concerns – especially in the early days.
Back in 2016, shortly after its launch, a class-action lawsuit was filed against Niantic by homeowners who argued that the game encouraged trespassing. The complaint stated that Niantic placed “PokéStops” and “Pokémon Gyms” on or right next to private property without the owners’ consent. This led to situations where players would knock on doors, wander into yards, and gather in front of houses just to catch Pokémon.
The case eventually ended in a settlement. As part of the agreement, Niantic had to create a stronger system that allowed property owners to request the removal of PokéStops and Gyms from their land. The company also added in-game warnings reminding players to respect private property and be aware of their surroundings.
Bottom line: Across the board, I noticed that the more ad-driven the app (think TikTok and Instagram), the less direct the explanation. And while some are more open than others, the "Data Safety" sections in the Google Play Store are often more readable than the policies themselves.
Talking to developers
Not a huge crowd jumped in, but a few did share their perspective. One developer explained that sometimes location permissions have nothing to do with tracking you. For instance, older versions of Android required location access just to scan for Bluetooth devices.
Technically, you could figure out someone’s location from the unique IDs those devices broadcast, so Android treated it as a location request – even if the app didn’t care about your real-world whereabouts. Google has loosened that rule since, but you’ll still find apps that have to ask for location just to make Bluetooth work.
Other than that, I don't pull location unless the app actually uses it in the functionality provided to the user. But you'll find plenty of others who are eager to collect this data, or they'll muddy the waters by using it for app functionality and then also collecting it for their own benefit.
– WestonP, Reddit, August 2025
What does it all mean for you?
Here's what I've learned: location access isn't inherently bad, but you should never assume an app's request is purely functional.
If you must grant it, always go for "While using the app" and choose an approximate location when possible. Apps that truly need background or precise location (navigation, AR gaming) will make it obvious.
Don't be afraid to deny location entirely – in my testing, Amazon, Temu, Shein, TikTok, Instagram, and even AccuWeather still worked fine without it. If an app breaks without location but doesn't clearly explain why, that's a red flag.
Use your phone's permissions manager to review and revoke access. I found several apps still had background access after I stopped using them – likely because I had allowed it once.
Finally, when you read a privacy policy, skip the fluff and look for:
- Is location tied to specific features or vaguely to "personalization"?
- Is sharing with third parties mentioned?
- Is there an opt-out?
You don't have to be paranoid. But you do have to be intentional.
Here’s what you need to know about your most-used apps
Here's what I found when I put these apps through my little location test:
- TikTok – Requests precise, foreground location for features like local content discovery and tagging. Works fine without it, but nags you occasionally.
- Instagram – Similar to TikTok, uses precise location for location tags and nearby content. Fully functional without it.
- Google Maps – As expected, demands precise location upfront. Works for searches without it, but navigation is impossible.
- Amazon – Asks for approximate location in foreground to tailor local deals and delivery estimates. Optional.
- Temu – Foreground, approximate location, mostly for address completion in certain markets. Per their team, it's inactive where not needed.
- Shein – Similar to Temu, for local offers and shipping estimates.
- AccuWeather – Wants precise location at launch, but manual entry works fine – you just lose hyperlocal updates.
- Pokémon Go – Non-negotiable. Needs both foreground and background access; the game doesn't function without it.
Patterns emerged fast: navigation, and AR-based games demand location as core functionality. Shopping and social media apps? Mostly optional – but they still ask. And a few apps, like TikTok, seemed particularly persistent in re-prompting me if I initially denied access.
So, in the end...
Not all location tracking is sinister. Sometimes it is the only way an app can work. But my testing showed that in many cases, it's simply the default – and the benefits go more to the company than to you.
The key is knowing when location access is genuinely essential and when it's just another data point to be mined. Android now gives you more control than ever – use it.
Your phone will happily hand over your whereabouts 24/7 if you let it. The decision to allow it? That's still yours.
FCC OKs Cingular\'s purchase of AT&T Wireless
Things that are NOT allowed:
To help keep our community safe and free from spam, we apply temporary limits to newly created accounts: