[Update: Carriers Respond] T-Mobile, Sprint, and AT&T are accused of selling your phone’s location data
With everyone moving to an online world, a new industry has formed into what many have called “big data.” This type of information can be anything from application usage, browser history, location information, and more. This, combined with the rise of the smartphone, has made it even easier for companies to make money from this data as well. A new report just came out this week that accuses three of the four major wireless carriers in the United States (Sprint, T-Mobile, and AT&T) of selling smartphone location data.
Collecting location data isn’t anything new when it comes to Android. Late last year it was revealed that Google is collecting information about where you are (using the Android software) even when the user has switched off the Location Services option. This is troubling information for anyone who values their privacy and the company may end up facing a class-action lawsuit over those exact practices. The most recent report about location data isn’t about Google though. Instead, it’s from the majority of the major wireless carriers in the United States.
Motherboard recently reported on a story about a person who gave a bounty hunter $300 in order to locate a smartphone they had lost. The bounty hunter told the customer they were able to do this thanks to geolocation services from these major wireless carriers. This type of information is only meant to be used by authorized personnel (such as the police), but it looks like many bounty hunters have been able to obtain this type of information thanks to some shady services.
All it took was for the person to give the bounty hunter money to pay for the service and the phone number of the device they needed to locate. The bounty hunter sent the phone number to their contact and returned to the customer with a Google Maps screenshot showing the phones approximate location. While it seems that it’s not technically the wireless carries that are giving away this information, Motherboard showed how they were able to get phone location data with only a phone number. The data trickled down from T-Mobile through various other sources, as shown below.
T-Mobile -> Zumigo -> microbilt -> Bail Bond Company -> Bail industry source -> Motherboard
Update 1: T-Mobile, Sprint, and AT&T Respond
T-Mobile CEO John Legere has responded to the claims on Twitter. He states that the company is in the process of shutting down the sale of location data to third-parties, and will finish doing so in March of 2019.
Actually I've already spoken about this, but Ill tell you too. We are in full swing of ending it and will be completely done in March, as promised. We're doing this right and shutting them down one by one, so customers who use this for safety services can make other arrangements.
— John Legere (@JohnLegere) January 10, 2019
AT&T issued the following statement to CNET:
“Last year we stopped most location aggregation services while maintaining some that protect our customers, such as roadside assistance and fraud prevention. In light of recent reports about the misuse of location services, we have decided to eliminate all location aggregation services – even those with clear consumer benefits.” AT&T spokesperson in a statement sent to CNET
AT&T further states that sales of location data will cease entirely in March.
Lastly, Sprint told The Verge that the company won’t share geo-location data except for valid law enforcement requests. The company states they are immediately ending their relationships with Zumigo and Microbilt after the two companies were found to be misusing Sprint’s customers’ location data.