I left location services on for a sushi delivery app for over a year. Not because I ordered sushi that often. I just never went back into settings to turn it off. That app knew every gym visit, every late-night drive, every detour through a neighborhood I had no reason to be in. And it sent all of that somewhere. Probably multiple somewheres.
Here is the thing most people miss about location tracking: it is not a single event. It is a chain reaction. Your phone’s GPS chip wakes up, triangulates your position from satellite signals, packages those coordinates into a tidy data object, and hands it to whatever app asked. That app might use the data to show you a map. Or it might forward it to an advertising network, an analytics platform, three data brokers, and a “partner ecosystem” described in paragraph forty-seven of a privacy policy no human has ever finished reading.
I used to think location tracking was just bad. Period. Turn it all off, problem solved. I have since changed my mind, and that shift matters for everything I am about to explain.
The Permission Tap That Haunts You
When you first open a new app and it asks for location access, you are almost certainly in the middle of something. Setting up an account. Trying to get a thing done. The app developers know this. They time the permission request for the exact moment when you are least likely to think carefully and most likely to just tap “Allow” so the screen goes away.
That single tap is a standing invitation.
It tells the operating system: this app can know where I am. Depending on what you selected, it might mean only while the app is on screen, or it might mean always, constantly, even at three in the morning while the phone charges on your nightstand. The difference between those two options is enormous, but the permission dialog makes them feel like a minor detail. They are not. “Always” is surveillance. “While using” is a tool. The distinction between the two is the entire point of this article, because learning to manage that boundary is what separates someone who controls their location data from someone whose location data controls them.
Audit First, Then Decide
Before you change anything, look at what you have already granted. On Android, open Settings, then Privacy, then Permission Manager, then Location. On iOS, go to Settings, then Privacy and Security, then Location Services. Both platforms show every app with location access and the level each one holds.
I found a calculator app with location permissions on my phone once. A calculator. I still cannot figure out what possible use a calculator has for knowing I was at a gas station in New Jersey. Right next to it in the list was a QR code scanner I downloaded at a restaurant eight months ago, opened exactly once, and apparently gave permission to track me indefinitely. The worst part was the shopping apps — four of them, all set to “Always,” all collecting location data around the clock for reasons their privacy policies describe only as “improving your experience.”
For each app, ask one question: does this app need my location to do the thing I actually use it for? A weather app might, though honestly you could just type your city name. A navigation app or a location-sharing tool designed for group coordination absolutely does. A flashlight app does not. A calculator does not. A game where you match colored candies does not.
Revoke anything that fails that test. For apps that pass, set them to “While Using” instead of “Always.” This is the single most impactful thing you can do.
The background location problem
This is where tracking gets genuinely creepy. The “Always” or “Allow all the time” permission lets apps monitor your location when you are not looking at them. When the phone is in your pocket. When you are asleep. When you have not opened the app in weeks. The app just quietly pings your GPS chip, collects coordinates, and phones home with them. You never see it happen.
Very few apps legitimately need this. Navigation apps that give turn-by-turn directions while your screen is off are one honest use case, because the whole point is that you are driving and cannot stare at your phone. A convoy app that keeps your group synced across different vehicles on a road trip needs background access to function, and that is a fair trade. You get real-time group awareness; the app gets your location while you are actively using it for that purpose. That is consent with a clear reason. A food delivery app pinging your coordinates every few minutes to spam you with “Hungry? There is a burger place nearby!” notifications is not the same thing. Not even close.
Both Android and iOS now show indicators when an app accesses your location. On Android, watch for a small icon in the status bar. On iOS, look for the blue arrow. If you see those indicators light up when you have not opened the relevant app, that is background tracking happening in real time, and you should shut it down immediately.
Going Deeper: Spoofing and VPNs
If you want more control, there are additional layers available.
Android has a developer option called “Select mock location app” that lets a spoofing tool override your GPS coordinates entirely. It feeds fake location data to every app on the device. This exists mainly for developers testing location-based features, but privacy-minded users sometimes run it to give untrusted apps garbage coordinates. If a sketchy app thinks you are in the middle of the Atlantic Ocean, it cannot sell your real location to anyone.
VPNs work differently. A VPN will not fake your GPS, but it hides your IP address, which is the fallback method apps and websites use to estimate where you are when they do not have GPS permission. By routing your traffic through a server elsewhere, you make IP-based geolocation point to the wrong place. It is not a complete shield, but it closes one of the side doors that trackers use when the front door is locked.
A word of realism, though. A truly determined tracker with access to your Wi-Fi network name, nearby Bluetooth beacons, and cell tower data can still approximate your location without GPS. The goal here is not perfect invisibility. It is raising the cost and effort required for casual, bulk data collection. You are not trying to hide from intelligence agencies. You are trying to stop a candy-matching game from building a profile of your daily commute.
Where I landed on this
I resisted this conclusion for a while, but location tracking is not inherently evil. I kept looking for a reason to say “just turn it all off” because that is simpler advice, but it does not hold up. When I use a cross-platform navigation app on a road trip with friends, I want everyone’s live location visible. That is the whole point — the location sharing is the feature, not some side effect being exploited. But when a social media app silently logs every coffee shop I visit to serve me targeted ads? That is extraction disguised as a feature. Same technology, completely different relationship.
It comes down to whether the app is honest about what it is doing. Can you see the value you get back? Can you shut it off when you are done? If yes, it is a tool. If not, it is tracking.
Make This a Habit, Not a One-Time Fix
New apps ask for permissions when you install them. Existing apps sometimes request new permissions after updates. The permission landscape on your phone is not static; it drifts toward more access over time unless you actively push back.
I cannot stress this enough: do not just set and forget.
Set a recurring reminder to audit your location permissions every few months. Both platforms now send occasional notifications about apps using background location, but those are easy to dismiss without acting on them. Do not just dismiss them. Tap through. Check the list. Revoke what does not belong.
A manual audit takes two minutes. That is two minutes to decide who gets to know where you were last Tuesday at noon. Two minutes to take that decision back from apps that never should have had it in the first place.