Location data harvesting is a growing threat to privacy, and many popular apps are unknowingly caught up in the problem. This happens through real-time bidding (RTB), a process where companies compete to show ads in apps. Unfortunately, some bad actors use RTB to collect private information like a user’s location or IP address without their knowledge. Sources like Wired show that Gravy Analytics is a big player in this system, gathering data from many apps—including games, fitness trackers, religious apps, and even VPNs—without clear permission from users or app creators. This data is then sold to businesses and government agencies, putting users’ privacy at serious risk.
Even well-known apps like Candy Crush, Tinder, and Flightradar24 could unintentionally share user data just by showing ads. The privacy concerns are huge, as sensitive details about visits to health clinics, places of worship, or other personal locations can be tracked and sold. While some steps have been taken to regulate these practices, like FTC bans on certain data brokers, major flaws in the system remain. Big tech companies, app developers, and users often don’t realize how much data is being taken. To protect yourself, it’s more important than ever to understand which apps are affected and take action—whether it’s changing your settings, blocking ads, or uninstalling the app entirely.
20. Candy Crush
Candy Crush, with 3.6 billion downloads, stands as one of the largest potential sources of location data collection through advertising networks. The game appears in Gravy Analytics’ hacked files, suggesting users’ location data gets harvested through real-time bidding processes without direct knowledge of the game’s developers. You might open the app to match colorful candies, but advertising networks can simultaneously track your device’s location. The game’s massive user base makes it an especially valuable target for location data harvesting.
19. Tinder
Tinder, downloaded 530 million times, appears in the leaked Gravy Analytics files despite the company stating it has “no relationship with Gravy Analytics.” The dating app shows advertisements to users, which creates opportunities for location data collection through real-time bidding systems. You swipe through potential matches while advertising networks can potentially gather your precise location data. When asked about the data collection, Tinder reported having “no evidence that this data was obtained from the Tinder app.”
18. Grindr
Grindr, with 80.1 million downloads, appears in Gravy’s data despite the company’s strict stance against sharing user data. A Grindr spokesperson explicitly stated they “have not shared geolocation with ad partners for many years.” You use the app to connect with others, but the real-time bidding advertising system potentially enables location tracking without the company’s direct involvement.
17. Temple Run
Temple Run, reaching over 1 billion downloads across its series is another massive channel for location tracking through advertising networks. The endless runner game’s monetization through advertisements creates opportunities for location data collection via real-time bidding systems. The game series’ long-running popularity and high install base make it a significant source for potential location data gathering through the advertising ecosystem.
16. Subway Surfers
Subway Surfers, exceeding 4 billion downloads, represents one of the largest potential sources of advertising-based location tracking in mobile gaming. The endless runner game appears in Gravy’s leaked files, indicating user locations may be collected through its advertising system. You dodge trains and collect coins while advertising networks potentially track your physical location. The game’s broad global appeal – particularly to children – makes it valuable for large-scale location data gathering.
15. Harry Potter: Puzzles & Spells
Harry Potter: Puzzles & Spells has 15 million downloads putting in on the “smaller” end of the spectrum in our list of affected apps. Small comfort – only millions could have been affected instead of billions. The match-three puzzle game serves advertisements, creating opportunities for data harvesting through real-time bidding systems. The game’s connection to the Harry Potter franchise is particularly troubling since it’ll likely attract minors whose location data may be collected through its advertising system.
14. Moovit
Transit app Moovit appears in Gravy Analytics’ leaked surveillance materials while serving 1.5 billion users across 3,500 cities. The real-time bidding system potentially transforms each route search and bus schedule check into location data points. Security researchers identified public transportation apps as particularly valuable sources of movement patterns. Intel, Moovit’s parent company, has remained silent about its app’s appearance in location surveillance materials.
13. My Period Calendar & Tracker
Over 300 million women across 45 countries use My Period Calendar & Tracker, an app now implicated in Gravy’s data collection scheme. Despite the FTC’s explicit ban on gathering health-related location data, period tracking apps surface repeatedly in the leaked files. The advertising system potentially harvests location data through real-time bidding networks during each interaction. Privacy experts express particular concern about reproductive health data appearing in surveillance materials.
12. MyFitnessPal
Gravy Analytics’ leaked files reveal MyFitnessPal among apps feeding location data through advertising networks. With 250 million users across 120 countries, the fitness tracking platform creates a vast network of potential surveillance points. Each workout log and meal entry presents an opportunity for location data collection through the app’s advertising system.
11. Tumblr
The leaked Gravy Analytics files reveal Tumblr’s 153 million monthly visitors potentially feed location data through the platform’s advertising system. The social network’s appearance in surveillance materials demonstrates how casual blogging becomes a vector for tracking.
10. Yahoo Mail
Each Yahoo Mail login from its 225 million active users potentially triggers location tracking through advertising networks, according to Gravy’s leaked files. The ubiquitous email service appears alongside numerous communication apps in surveillance training materials.
9. Microsoft 365
Microsoft 365’s massive presence of 400 million paid seats makes its appearance in Gravy’s files especially significant for workplace privacy. The productivity suite’s advertising system potentially enables location harvesting through real-time bidding processes.
8. Flightradar24
Flight tracking service Flightradar24 confirmed displaying advertisements while denying any direct relationship with Gravy Analytics. The app, serving over 4 million users daily, creates opportunities for location data collection through real-time bidding systems. A company spokesperson acknowledged advertising helps “keep Flightradar24 free” but did not address questions about location data collection through advertising networks.
7. Call of Duty: Mobile
Call of Duty: Mobile has accumulated 1 billion downloads (specifically through its Season 5 iteration) which is, obviously, a major concern The game’s advertising system potentially enables location tracking through real-time bidding processes. The game’s presence in the leaked files demonstrates how even major gaming franchises can become unwitting channels for location data collection.
6. 9GAG
Both surveillance company Patternz and Gravy Analytics’ leaked files list 9GAG in their materials, suggesting widespread location tracking of its 99.6 million monthly visitors. The meme-sharing platform serves advertisements through real-time bidding networks, creating potential access points for location data collection. Your casual scrolling through viral content potentially generates precise location data for collection through these advertising systems.
5. Kik
The messaging platform Kik serves 300 million registered users while potentially exposing their location data through advertising networks. The app’s advertising system appears to feed location information into real-time bidding processes utilized by both Gravy Analytics and Patternz. Your private messages travel through an app that simultaneously enables location tracking through its advertising infrastructure.
4. FUTBIN
FUTBIN’s 55.4 million monthly visits generate potential location data points through sports app advertising systems, according to both Gravy Analytics and Patternz surveillance materials. The app’s documentation in multiple surveillance company materials suggests systematic data collection through advertising infrastructure.
3. CallApp
Surveillance training materials from both Gravy Analytics and Patternz explicitly name CallApp as a source of location data. The caller ID service reached over 100 million users by 2021, creating a vast network of devices potentially tracked through its advertising system. Your attempt to identify unknown callers potentially triggers real-time bidding processes that enable location tracking. The app’s repeated appearance in surveillance company documentation suggests its particular value to location data brokers.
2. Truecaller
Truecaller, amassing over 1 billion downloads, appears in both Gravy Analytics’ leaked files and Patternz’s training materials about location data collection. The caller ID app serves advertisements, which creates opportunities for location tracking through real-time bidding systems. You block spam calls while advertising networks potentially collect your location data. The app’s presence in multiple surveillance companies’ materials highlights how caller ID services can become vectors for location tracking.
1. King James Bible Verse+Audio (Ozion)
The Ozion version of the King James Bible Verse+Audio app has more than 100 million downloads, which makes the Gravy leak particularly problematic. Your private moments of scripture study and prayer have been turned into a method for tracking your location. The FTC specifically banned Gravy from selling data related to places of worship, making this app’s presence in their files particularly troubling.
