Verizon and AT&T to stop selling customers’ location to data brokers

Photo (c) metamorworks - Getty Images

The carriers responded to a security leak that allowed anyone to access geolocation data of any mobile user

On the heels of an investigation by Sen. Ron Wyden (D-Ore.) that uncovered a security leak exposing the location of cell phone users, Verizon and AT&T have pledged to stop selling their mobile customers’ location details to third-party data brokers -- or, as Wyden called them, "shady middlemen."

Both mobile phone companies made their pro-consumer protection move swiftly upon news that prison phone company Securus gave law enforcement agencies the all-clear to track phone calls.

Securus was buying its geolocation data from data aggregator LocationSmart, which turned out to be the source of the data leak.

It was computer security watcher Brian Krebs (KrebsOnSecurity) who reported that a "buggy component" on LocationSmart’s site allowed anyone to access the location of any AT&T, Sprint, T-Mobile, or Verizon phone without requiring a password or any other authentication. After Krebs alerted LocationSmart about the vulnerability, the company shut down the service.

What about Sprint and T-Mobile

Wyden praised Verizon and AT&T’s move, saying the companies did the "responsible" thing and "deserve credit for taking quick action to protect its customers’ privacy and security." However, the senator called out Sprint and T-Mobile for seeming "content to keep selling customers’ private information, American’s privacy be damned."

In responding to Wyden’s inquiry regarding data collection, both Sprint and T-Mobile went to great lengths to defend their position on purchasing location data, asserting they were doing everything necessary to protect the users’ data from being exploited.

Sprint reasoned that geolocation data could help everything from child safety to roadside assistance and workforce applications that allowed employees to check in and check out at job sites.

T-Mobile affirmed that its contracts with data brokers "have important provisions that serve to protect our customers’ information, including requiring service providers, via a location aggregator, to seek approval from T-Mobile for each data use, and requiring customer consent before location data is shared."

What can you do to protect your geolocation data?

A 2017 study by TheConversation illuminated the codependency mobile carriers and apps have on a user’s geolocation data, estimating that 70 percent of apps share a user’s data with a third-party source. While location is an important function of a maps app, most location-based data is designed to leverage sales and marketing opportunities.

With consumers increasingly using their mobile devices for all electronic transactions, including banking, there is growing concern about the security of mobile devices. Nonetheless, the most direct method to protect your location data from being shared across the internet is to simply block it.

To disable location reporting on an Android device, the steps are:

  1. Open the App Drawer and go to Settings.

  2. Scroll down and tap Location.

  3. Scroll down and tap Google Location Settings.

  4. Tap Location Reporting and Location History, and switch the slider to off for each one.

To disable location services on an Apple device, do the following:

  1. Open the Settings App.

  2. Scroll down to Privacy, and select Location Services.

  3. Disable all Location Services by swiping the slider at the top, or scroll down to disable location services for specific apps, including Google and Google Maps.

  4. Select System Services to deny location data from specific features, like location-based advertisements, turn off Frequent Locations, or disable the "Popular Near Me" feature.

Take an Identity Theft Quiz. Get matched with an Authorized Partner.