Are your apps spying on you? I did the work and here's what you need to know right now

Phone Arena

a day ago

I don't know about you but I sure have lost count of how many times I've installed an app, only to be hit with the "Allow location access?" pop-up before I can even explore the interface?
And sometimes it makes sense – I mean, Google Maps can't guide you anywhere without knowing where you are. But other times? A shopping app? A camera filter? Why exactly do they need to know where you are standing?
So I decided to find out. I picked some of the most-used Android apps, spread across weather, navigation, shopping, social media and gaming. I installed each one on a test device (I used the Galaxy S24 Plus for the purpose), noted when and how they requested my location (foreground, background, precise, approximate), and checked if the app actually worked without it. Then I read their privacy policies – every line – and reached out to developers for answers.
And while not all location tracking is shady, the difference between "necessary" and "nice-to-have" is a lot murkier than you'd think.
Some of what I found matched the official story. But a lot of it didn't.
Those long, boring policies we usually just click 'Agree' on actually hide a lot – especially when it comes to how companies handle your data. More often than not, it turns out we agreed to things we might not really agree with once we find out later. So, I read every privacy policy for the apps I chose for this article. Some confirmed what I saw during testing. Others… well, let's just say "transparent" isn't the word I'd use. Most policies acknowledged collecting location data, but rarely gave a precise explanation.
TikTok always knows where you are. | Image credit – PhoneArena
After digging through hundreds of pages of privacy policies, one thing becomes clear: TikTok and Instagram use vague lines like "to improve your experience" or "for personalization." Both also admit they may share location with "service providers" – which can include advertisers and analytics firms.
Both social media giants gather location data even if you've turned off Location Services on your device. This includes tracking your IP address to get a rough idea of where you are. In Meta's case, the company can also use your IP address to pinpoint your specific location if it deems it necessary to protect your safety or the safety of others.
So what does that mean in real life? Basically, Meta is saying, 'We might figure out where you are if there's a risk to you or someone else.' For example, if someone reports harassment or threats, location info could help Meta respond or block the offender. Or if there's a serious real-world danger, like someone trying to harm themselves or someone else, knowing your location could allow Meta to alert authorities or provide support resources.
And of course, both companies assure us that our location data is safe and used only to help improve our experience. But history tells a slightly different story. Both Meta and TikTok have faced multiple controversies and lawsuits over how they handle location data.
Earlier this year, Meta got hit with a class-action lawsuit in California, alleging it collected location data through tracking software hidden in thousands of mobile apps. The claim? Meta used a 'software development kit' to access devices without permission and gather precise geolocation data, then allegedly monetized it.
TikTok hasn't escaped scrutiny either. Concerns mainly revolve around its parent company, ByteDance, and the potential for the Chinese government to access Americans' sensitive data, including location info.
This worry was central in debates over a law that could have effectively banned TikTok in the US. TikTok has also faced a lawsuit claiming it collected location data from visitors to websites even if they didn't have a TikTok account.
So, yeah, privacy policies don't always tell the whole picture. Navigation
Maps needs your location to work as intended. | Image credit – PhoneArena
I use Google Maps every time I travel, so it was naturally one of the first apps on my list. Plus, it's also the most popular navigation app in the world.
Google Maps is more direct, stating that location is needed for navigation and may be used to improve Google's services. Actually, if you turn on "Web & App Activity" in your Google Account, Google saves your location and activity data – even when you're not using the app – to offer features like recommendations and live traffic.
That all came to light in 2022, when several state attorneys general – including the one from Washington, D.C. – reached a $9.5 million settlement with Google. The lawsuit claimed Google misled users about location tracking, continuing to collect location data through features like 'Web & App Activity' (which is on by default) even when people thought they'd shut it off by disabling 'Location History.'
Google says it doesn't sell your personal info but shares it with partners, your work or school admin, or when required by law. It also shares anonymous location info for research and trends. So, yeah – don't be shocked if you land in LA and suddenly your feed is flooded with ads for a trip to Universal Studios.
You can manage location permissions on your device and in your Google Account. Location History is off by default but can be turned on, edited, or auto-deleted. Starting late 2024, most Location History data will be stored on your device, limiting web access. Google Maps asks for precise location right away and may request background access for navigation. You can still search and browse maps without granting location access, but features like turn-by-turn directions won't work.
Amazon and Temu have a long list of how they use your location, but you can opt out in both apps. | Images by PhoneArena
Next up, let's talk about shopping apps, since more and more of us are buying things online. Back in the day, you could just walk into a store, grab what you needed, and leave without the owner having any clue where you lived. Now? Yeah, that's not how it works anymore. I guess more online shops know where I live than my friends at this point. Amazon asks for an approximate location when you check delivery options or local deals. This is a foreground request and not mandatory – the app works fine without it, but you might miss some local perks. Across its services (shopping app, Alexa, Ring, Kindle), Amazon collects location data from GPS, WiFi, Bluetooth, your IP address, and delivery addresses. It uses this info for order delivery, personalized ads, local content, fraud prevention, and improving services.
You control location access mainly through your device settings, and Amazon apps also offer some location-related settings (like default shipping address or device location in Alexa).
Amazon doesn't sell your personal info but shares it with affiliates, service providers (logistics, marketing, analytics), and third parties when required by law or business needs. Their AWS Location Service anonymizes data and doesn't use it for ads or analytics.
Temu asks for an approximate location on launch or while browsing promos – also a foreground request and not needed for basic shopping. The company always collects approximate location via IP and can get precise GPS only if you allow it. Like any e-commerce site, it collects your shipping address and may infer location from your browsing and purchases.
Temu says it uses location data for deliveries, personalized ads, and service improvements. It claims it doesn't sell personal info. Temu's been under scrutiny for alleged excessive data collection beyond location, with concerns about privacy, Chinese government access, and transparency. And the EU is investigating its compliance with digital laws.
However, the company claims location is only used where absolutely necessary (like address completion in some regions), always with user consent, and features are inactive where not needed.
– Temu, August 2025 You can manage location permissions through your device settings, but full control over data use is limited.
Meanwhile, Shein , another really popular app in the US, mentions location only in the context of delivery or deals; it does not explicitly say if it shares it for ads. When you install the app, it does not ask you to agree to any privacy policies, but asks you to choose where you are located. Again, like most of the others, Shein collects location data inferred from your IP address to "tailor your experience in terms of displaying the appropriate local website, language, or user experience." But if this is the whole story, I couldn't find out (for now).Then I moved on to weather apps, because checking the forecast is something most of us do daily, right? Enter AccuWeather .
As soon as you install the AccuWeather app, it asks for location access right away. If you don't allow location tracking – even in the background – you might miss out on some features, like the widget not updating properly. AccuWeather also mentions that if you agree, your location data could be shared with third parties, including advertisers.
If you want AccuWeather to work properly, location access is a must. | Images by PhoneArena And that's where it gets a bit concerning again. None of the apps on my list actually name these third parties or give concrete examples. They also don't seem very eager to answer when asked. I reached out to all of them requesting at least one example, and… well, let's just say I'm still waiting for a quote to use.
In the past, AccuWeather has faced criticism. Privacy groups sued the company after it was discovered to be collecting location data in ways users didn't expect and passing it to third parties.
Following a complaint from EPIC, AccuWeather adjusted some of its practices and is now more upfront about selling user data to advertisers. Users can also choose to opt out of advertising and other non-essential uses of their device information, and they can delete any data AccuWeather has collected about their device.
You need to have location enabled to play the game. | Image by Pokémon Go blog And, of course, no list about location data would be complete without including at least one game. For this category, I'm going with Pokémon Go – and you can probably already guess why. This game quite literally can't function without knowing where you are. And even after all these years, it's still going strong, with around 60 million monthly active players.
Pokémon Go (by Niantic) is up-front: it uses your location for gameplay and may share it with partners.
– Niantic, 2025 And location data is shared a lot, even with other players. However, the company says it shares de-identified data with third parties for performance, industry and market analysis. So not absolutely everyone has access to it, but still, if you want to play Pokémon Go, be ready for many to know where you are.
The difference here is that with Pokémon Go, players knowingly hand over their location data as part of the gameplay. But that doesn't mean there haven't been privacy concerns – especially in the early days.
Back in 2016, shortly after its launch, a class-action lawsuit was filed against Niantic by homeowners who argued that the game encouraged trespassing. The complaint stated that Niantic placed 'PokéStops' and 'Pokémon Gyms' on or right next to private property without the owners' consent. This led to situations where players would knock on doors, wander into yards, and gather in front of houses just to catch Pokémon.
The case eventually ended in a settlement. As part of the agreement, Niantic had to create a stronger system that allowed property owners to request the removal of PokéStops and Gyms from their land. The company also added in-game warnings reminding players to respect private property and be aware of their surroundings.
Bottom line: Across the board, I noticed that the more ad-driven the app (think TikTok and Instagram), the less direct the explanation. And while some are more open than others, the "Data Safety" sections in the Google Play Store are often more readable than the policies themselves. When the big companies wouldn't give me straight answers, I wasn't about to drop it. I figured, fine – if they won't talk, I'll ask the people who actually build these apps. So, I went straight to Reddit and put the question to Android developers.
Not a huge crowd jumped in, but a few did share their perspective. One developer explained that sometimes location permissions have nothing to do with tracking you. For instance, older versions of Android required location access just to scan for Bluetooth devices.
Technically, you could figure out someone's location from the unique IDs those devices broadcast, so Android treated it as a location request – even if the app didn't care about your real-world whereabouts. Google has loosened that rule since, but you'll still find apps that have to ask for location just to make Bluetooth work.
– WestonP, Reddit, August 2025 So, no – not every location request is about tracking. You'll never see 'Bluetooth scanning' listed in a privacy policy, but developers know these quirks better than anyone. And now you do, too. What does it all mean for you?
Here's what I've learned: location access isn't inherently bad, but you should never assume an app's request is purely functional.
If you must grant it, always go for "While using the app" and choose an approximate location when possible. Apps that truly need background or precise location (navigation, AR gaming) will make it obvious.
Don't be afraid to deny location entirely – in my testing, Amazon, Temu, Shein, TikTok, Instagram, and even AccuWeather still worked fine without it. If an app breaks without location but doesn't clearly explain why, that's a red flag. Use your phone's permissions manager to review and revoke access. I found several apps still had background access after I stopped using them – likely because I had allowed it once.
Finally, when you read a privacy policy, skip the fluff and look for:
Is location tied to specific features or vaguely to "personalization"?
Is sharing with third parties mentioned?
Is there an opt-out?
You don't have to be paranoid. But you do have to be intentional. Here's what I found when I put these apps through my little location test: TikTok – Requests precise, foreground location for features like local content discovery and tagging. Works fine without it, but nags you occasionally.
– Requests precise, foreground location for features like local content discovery and tagging. Works fine without it, but nags you occasionally. Instagram – Similar to TikTok, uses precise location for location tags and nearby content. Fully functional without it.
– Similar to TikTok, uses precise location for location tags and nearby content. Fully functional without it. Google Maps – As expected, demands precise location upfront. Works for searches without it, but navigation is impossible.
– As expected, demands precise location upfront. Works for searches without it, but navigation is impossible. Amazon – Asks for approximate location in foreground to tailor local deals and delivery estimates. Optional.
– Asks for approximate location in foreground to tailor local deals and delivery estimates. Optional. Temu – Foreground, approximate location, mostly for address completion in certain markets. Per their team, it's inactive where not needed.
– Foreground, approximate location, mostly for address completion in certain markets. Per their team, it's inactive where not needed. Shein – Similar to Temu, for local offers and shipping estimates.
– Similar to Temu, for local offers and shipping estimates. AccuWeather – Wants precise location at launch, but manual entry works fine – you just lose hyperlocal updates.
– Wants precise location at launch, but manual entry works fine – you just lose hyperlocal updates. Pokémon Go – Non-negotiable. Needs both foreground and background access; the game doesn't function without it.
Patterns emerged fast: navigation, and AR-based games demand location as core functionality. Shopping and social media apps? Mostly optional – but they still ask. And a few apps, like TikTok, seemed particularly persistent in re-prompting me if I initially denied access. Not all location tracking is sinister. Sometimes it is the only way an app can work. But my testing showed that in many cases, it's simply the default – and the benefits go more to the company than to you.
The key is knowing when location access is genuinely essential and when it's just another data point to be mined. Android now gives you more control than ever – use it.
Your phone will happily hand over your whereabouts 24/7 if you let it. The decision to allow it? That's still yours. Get 50% off – try it for 3 months today!
We may earn a commission if you make a purchase Check Out The Offer