Tech Desk 
Jan 14, 2025
Your favourite apps, from Candy Crush to fitness trackers, might be putting your privacy at risk. A shocking leak from Gravy Analytics has exposed how thousands of popular apps may be secretly sharing sensitive location data through advertisements, without the knowledge of users or even developers.
Gravy Analytics allegedly gathers data through the advertising ecosystem, not directly from app developers. This means apps, including Candy Crush, Tinder, Subway Surfers, and MyFitnessPal, might unknowingly share user locations through ads.
However, this method, called real-time bidding (RTB), lets companies collect information during the ad placement process. Even developers are often unaware of these practices.
The leaked data includes millions of mobile phone coordinates from users in the US, Russia, and Europe. Some apps, like Call of Duty: Mobile, are listed in files dated 2024.
Experts warn this creates a serious privacy risk, especially since government agencies, such as the Federal Bureau of Investigation (FBI) and US Immigration and Customs Enforcement (ICE), have reportedly purchased this data through Gravy’s subsidiary, Venntel.
Apps like Muslim Pro and Grindr deny working with Gravy Analytics but admit to using ad networks to support free versions of their apps. Security researchers suggested the data is likely obtained through IP geolocation rather than direct GPS tracking, further complicating user awareness and control.
Most importantly, to protect yourself, consider blocking ads or limiting app permissions. The Federal Trade Commission (FTC) has already taken action against some data brokers, but the scale of RTB-based data collection remains a concern. Popular apps may unknowingly expose users, making it critical for everyone to stay informed.
