How to Protect Your Location Data: Lessons from the FTC vs. Kochava Settlement

Introduction

In a landmark move, the Federal Trade Commission (FTC) reached a settlement with data broker Kochava and its subsidiary Collective Data Solutions (CDS), effectively banning them from selling precise location data without consumers' explicit consent. This case highlights the vulnerability of the geolocation information collected from hundreds of millions of mobile devices. While the FTC action targets Kochava, the underlying issue affects everyone: your phone constantly broadcasts where you are, and that data can be sold to advertisers, insurers, or even stalkers. This step-by-step guide will show you how to take control of your location privacy, using the Kochava case as a cautionary tale. By following these steps, you can reduce the risk of your location data being harvested and sold without your knowledge.

How to Protect Your Location Data: Lessons from the FTC vs. Kochava Settlement — Source: www.bleepingcomputer.com

What You Need

A smartphone (Android or iOS) with internet access
Basic knowledge of your phone’s settings menu
Approximately 15–30 minutes of time
(Optional) A computer with a browser to check data broker opt-out websites

Numbered Steps

Step 1: Understand How Location Data Is Collected

Before you can protect your data, you need to know the sources. Location data can come from:

GPS, Wi-Fi, and cellular triangulation
Apps that request location permissions (e.g., maps, weather, social media)
Third-party SDKs embedded in apps that collect data for advertising or analytics
Your mobile network operator who knows your tower connections

The FTC’s case against Kochava involved the sale of such precise data—often accurate to within a few meters—without meaningful consent. In many cases, users didn’t realize that an app’s “Use your location” setting allowed brokers to sell that data to anyone.

Step 2: Audit Your App Permissions

Go through every app on your phone and check its location access. Here’s how:

On Android: Go to Settings → Location → App permissions. Review each app. Set to “Allow only while using the app” or “Deny” for apps that don’t need location (e.g., a calculator).
On iOS: Go to Settings → Privacy & Security → Location Services. Toggle off for apps where location is not essential. For others, choose “While Using” or “Ask Next Time”.

Pay special attention to apps from data-hungry companies: social media, weather, flashlight, or game apps that ask for “precise” location.

Step 3: Disable Background Location Tracking

Many apps collect location data even when you’re not actively using them. This background tracking is often what data brokers like Kochava exploit. Turn it off:

On both platforms, when setting an app’s location permission, choose “While Using the App” rather than “Always”.
Additionally, check for system-level tracking features: on Android, disable “Google Location Accuracy” (which uses Wi‑Fi and Bluetooth to improve location). On iPhone, turn off “Significant Locations” under System Services.

Step 4: Limit Ad ID and Tracking

Data brokers often use your device’s advertising identifier to tie location data back to you. Limit this:

Android: Go to Settings → Google → Ads → Delete advertising ID. Or, on newer versions, go to Settings → Privacy → Advertising → Opt out of Ads Personalization.
iOS: Go to Settings → Privacy & Security → Tracking → Turn off “Allow Apps to Request to Track”. This effectively resets your IDFA (Identifier for Advertisers).

Step 5: Opt Out of Data Broker Services

Even after controlling app permissions, your data may already be in the hands of brokers. The FTC settlement sends a signal, but many other data brokers still operate. You can opt out directly:

Visit the Tips section for a list of major brokers (Kochava, Acxiom, Oracle, etc.) and use their opt-out pages.
Use a privacy tool like DeleteMe or Incogni that automates opt-out requests.
For location-specific opt-outs: Some brokers, including Kochava, offer a “Request to Opt Out” form. Search for “Kochava opt out” or “Collective Data Solutions opt out”.

Note: Opt-out may not remove data already sold, but it prevents future collection and sale.

Step 6: Use a VPN or Mock Location

A VPN can mask your IP address but not precise GPS. For real protection, consider:

Using a VPN with a strict no-logs policy to hide your approximate location.
On Android, you can enable “Mock location” under Developer Options to feed fake coordinates to apps. However, this may break some services.
On iPhone, no built-in mock location exists, but you can disable location entirely unless needed.

Step 7: Review Your Mobile Carrier’s Privacy Settings

Your carrier knows your movements via tower triangulation. Many sell aggregated or even personal location data. Check your account settings:

Log into your carrier’s website (e.g., Verizon, AT&T, T‑Mobile) and look for “Privacy” or “Marketing preferences”.
Opt out of “Customer Proprietary Network Information” (CPNI) sharing and any location-based advertising programs.

Step 8: Stay Informed About Legal Actions

The FTC’s ban on Kochava is just one case. Follow privacy news to learn about new data broker regulations. Subscribe to the FTC’s email alerts or follow organizations like the Electronic Frontier Foundation (EFF). Understanding the legal landscape helps you anticipate new threats and protections.

Tips for Ongoing Protection

Review permissions monthly: New apps you install may default to “Always” location. Make it a habit to check.
Be wary of free apps: They often monetize your location data. Remember: if the product is free, you are the product.
Use browser privacy features: In Chrome or Safari, disable “Give websites access to my location”. Many websites try to grab your location for tracking.
Consider a privacy-focused phone: GrapheneOS or /e/OS limit telemetry and location sharing.
Support stronger laws: The Kochava case shows the power of enforcement. Advocate for federal privacy legislation in your country.
Don’t rely solely on one step: Layered protections (permission control + opt-out + VPN) offer the best defense.

By taking these steps, you can significantly reduce the amount of precise location data that ends up in the hands of brokers like Kochava. The FTC’s action is a reminder that your mobile location is a valuable commodity—and it’s worth protecting.