How to Stop Apps From Tracking Your Location

How Phones Track You Even When GPS Is Off

Your phone recorded where you slept last night, what time you left your house this morning, the route you took to work, every stop you made along the way, and how long you spent at each one. It did this silently, in the background, without showing you any notification or asking for any confirmation. And it has been doing this for months or years, depending on when you set up your phone and which settings you accepted during the initial setup process.

Most people assume that location tracking is a GPS thing. Turn off GPS and the tracking stops. That is not how it works. GPS is only one of several methods your phone uses to figure out where you are, and it is not even the most commonly used one. There are at least four other location tracking technologies active on a modern smartphone, and they work independently of GPS. Even if you switch off the GPS toggle in your settings, your phone can still determine your position with varying degrees of accuracy using these other methods.

Cell tower triangulation is the oldest and most basic form of mobile location tracking. Every mobile phone, whether it is a Rs 5,000 budget phone or a Rs 1,50,000 flagship, needs to connect to nearby cell towers to make calls and use mobile data. Your phone is always connected to at least one tower, and it regularly communicates with several towers in your area. By measuring the signal strength and timing from multiple towers, your approximate position can be calculated. The accuracy depends on how many towers are nearby. In dense urban areas like Mumbai, Delhi, or Bangalore where towers are closely spaced, triangulation can place you within about 100 to 300 metres. In rural areas where towers are spread out, the accuracy drops to one or two kilometres. Your mobile carrier always has this data. It is generated as a basic function of how cellular networks operate. You cannot turn it off without putting your phone in aeroplane mode, because your phone needs tower connections to function as a phone.

Wi-Fi positioning is the method that surprises most people. Google and Apple have spent years building massive databases of Wi-Fi router locations. When Google Street View cars drove through cities, they were not just taking photographs. They were also recording the unique identifiers (called MAC addresses) of every Wi-Fi router they passed, along with the GPS coordinates of where they detected each one. Apple does something similar using data collected from iPhones. The result is that both companies have a map of millions upon millions of Wi-Fi access points worldwide.

When your phone scans for nearby Wi-Fi networks, which it does constantly in the background, it picks up the identifiers of routers in your vicinity. It sends these identifiers to Google or Apple's servers, which look up the known positions of those routers and calculate your location based on which ones your phone can see and how strong the signals are. In a city like Delhi or Hyderabad where Wi-Fi routers are densely packed, this method can place you within 10 to 20 metres. That is accurate enough to know which shop you are standing in inside a market.

The particularly concerning part about Wi-Fi positioning is that on many Android phones, Wi-Fi scanning remains active even when you have turned Wi-Fi off in your quick settings panel. The phone keeps scanning for networks in the background to improve location accuracy. This is controlled by a separate setting called "Wi-Fi scanning" that most people do not know exists. We will cover how to find and disable it in the next section.

Bluetooth beacons are small, low-power transmitters installed in physical locations. Retail stores, shopping malls, airports, and even some public transit stations use them. When your phone's Bluetooth picks up the signal from a beacon, the associated app or service knows you are in that specific location. In India, you will find them in many large retail chains and malls. That notification you get when you walk past a particular store in Phoenix Marketcity or Ambience Mall is triggered by a Bluetooth beacon. These beacons can track your movement within a building with accuracy down to a few metres, essentially following you from store to store, floor to floor. Similar to Wi-Fi scanning, Bluetooth scanning can remain active on Android phones even when Bluetooth itself is toggled off in your settings. It runs as a background service for location improvement.

Your IP address is assigned by your internet service provider and contains information about your general location. Every website you visit and every app that connects to the internet can see your IP address. For most connections, this reveals your city and sometimes your specific neighbourhood or area. It is the least accurate of the tracking methods, but it is always on whenever you are connected to the internet, and there is no setting on your phone that hides it. The only way to mask your IP address is to use a VPN, which routes your traffic through a server in a different location.

When all of these methods work together, your phone has a very precise and continuous record of your movements throughout the day. Apps that have location permission can access this combined data. The average Indian smartphone has 40 to 80 apps installed, and many of them request location access during installation without clearly explaining why they need it. Food delivery apps, payment apps, shopping apps, social media apps, weather apps, news apps, and even utility apps like calculators and flashlights sometimes request location permission. Most people tap "Allow" during setup and never revisit it.

The result is that dozens of companies are collecting your location data continuously, and most of it is being used for advertising, analytics, and profiling that you never agreed to in any meaningful way. The permission screens on phones technically count as consent, but when the average person does not understand what they are consenting to and the default is designed to extract maximum data, calling it informed consent is a stretch.

Fixing Permissions on Android and iOS

The good thing about location tracking is that most of it can be controlled through settings that are already on your phone. You do not need to install any special software or pay for any service. The controls exist. They are just buried under several layers of menus, and the default configuration is always set to maximum data collection. Going through these settings takes about fifteen to twenty minutes, and it is worth doing carefully rather than rushing through it.

Android 12, 13, 14, and 15

On Android 12 and newer versions (this includes Android 13, 14, and 15, which are the versions currently running on most recently purchased phones in India), go to Settings > Location > App location permissions. This screen shows you every app on your phone grouped by the level of location access each one has. The groups are: "Allowed all the time," "Allowed only while in use," "Ask every time," and "Not allowed."

Your target is to get the "Allowed all the time" category down to two apps or fewer. The only apps that genuinely need constant background location access are Find My Device (so you can locate your phone if it is lost or stolen) and possibly one personal safety or emergency app if you use one. Every other app can function on "Allowed only while in use" or "Not allowed."

Go through each app in the "Allowed all the time" list and change it to either "Allowed only while in use" or "Not allowed." For each app, ask yourself a simple question: does this app actually stop working if I remove location access? In most cases, the answer is no. Shopping apps like Amazon, Flipkart, and Myntra do not need GPS to show you products. You can type your delivery address manually. Payment apps like PhonePe, Google Pay, and Paytm do not need GPS either. UPI transactions work based on your phone number and UPI ID, not your geographical coordinates. Social media apps like Instagram, Twitter, and Facebook work perfectly well without location access. You just lose the ability to tag your current location on posts, which, as discussed in other articles, you should not be doing anyway.

Try the most aggressive approach first. Deny location entirely. Then use the app normally for a day or two. If something genuinely breaks, which is rare, you can change it to "While in use." If the app shows a popup requesting location and you do not think it needs it, deny it and keep using the app. Most of these requests are for data collection, not for any feature you actually need.

Starting with Android 12, there is also a toggle for precise versus approximate location. Precise location uses GPS and Wi-Fi positioning to pin your coordinates down to within a few metres. Approximate location gives the app a general area of about 3 square kilometres. Weather apps only need to know your city or district to give accurate forecasts, so approximate location is more than sufficient. News apps that show local news can work on approximate location. Food delivery apps need precise location only when you are actively placing an order and want the app to detect your address, so you can grant precise access temporarily and switch back afterward.

Two settings on Android that most people miss entirely:

• Wi-Fi scanning: Found at Settings > Location > Location services (the exact path may vary slightly on Samsung, Xiaomi, Realme, and Oppo phones). This setting allows your phone to scan for Wi-Fi networks even when Wi-Fi is turned off, purely for the purpose of improving location accuracy. Turn it off. Your maps and navigation will still work when you actually need them, they will just use GPS instead of the combination of GPS and Wi-Fi.
• Bluetooth scanning: Found in the same Location services section. Same concept as Wi-Fi scanning. Your phone scans for Bluetooth devices in the background to improve location accuracy. Turn it off. Your Bluetooth headphones and speakers will still connect normally when Bluetooth is on. This setting only affects background scanning for location purposes.

A third thing specific to Indian users: phones from Xiaomi (including Redmi and Poco sub-brands), Realme, Oppo, and Vivo have additional data-sharing settings hidden under names like "User Experience Program," "Send usage data," or "Help improve product." These settings are separate from the standard Android location permissions and can send location and usage data to the phone manufacturer's servers in addition to whatever Google collects. The exact location of these settings varies by brand and MIUI/ColorOS/FuntouchOS version, but they are usually found under Settings > Additional settings or Settings > Privacy. Find them and turn them off. On Xiaomi phones running MIUI 14 or 15, go to Settings > Additional settings > Authorization & Revocation and review what is enabled there as well.

iOS 17 and iOS 18 (iPhone)

On iPhone, go to Settings > Privacy & Security > Location Services. You will see a list of every app with its current location access level shown in grey text beneath the app name.

The same principle applies here. Set most apps to "Never" or "While Using the App." iOS gives you an additional option called "Ask Next Time Or When I Share," which means the app will prompt you each time it wants location access. This is a good middle-ground option for apps you rarely use but occasionally need location for, like a travel booking app.

For each app, you will also see a "Precise Location" toggle. When this is on, the app gets your coordinates down to a few metres. When it is off, the app receives an approximate location covering roughly 25 square kilometres. Turn off Precise Location for every app that does not genuinely need metre-level accuracy. Weather apps, news apps, social media apps, shopping apps, and most other categories work perfectly well with approximate location.

Scroll to the very bottom of the Location Services screen and tap "System Services." This section controls Apple's own location data collection, and several items are enabled by default:

• Significant Locations: Your iPhone records the places you visit most frequently and how long you spend at each one. Apple says this is used to personalise Maps, Calendar, and Photos. Turn it off. You can view (and be alarmed by) the data it has already collected by tapping on the option before disabling it.
• iPhone Analytics: Sends diagnostic and location data to Apple. Turn it off.
• Routing & Traffic / Improve Maps: Shares your travel routes and traffic data with Apple to improve their Maps service. Turn it off.
• HomeKit: If you do not use Apple's smart home system, turn this off.
• Location-Based Apple Ads: Uses your location to serve targeted advertisements in Apple apps. Turn it off.
• Location-Based Suggestions: Uses your location to suggest nearby businesses and information. Turn it off if you want to minimise tracking.

After adjusting System Services, go to Settings > Privacy & Security > App Privacy Report and enable it if it is not already on. This feature, available on iOS 15.2 and later, gives you a detailed report of which apps accessed your location, camera, microphone, and contacts over the past seven days, along with the number of times each access occurred and when. Check this report once a week. It is the fastest way to spot apps that are accessing your location far more often than their function would require. If a notes app or a calculator has accessed your location dozens of times in a week, that app is collecting data it has no business collecting, and you should either revoke its access or uninstall it entirely.

Deleting Google and Apple's Location History

Fixing your app permissions stops future tracking by individual apps, but it does not address the location data that Google and Apple have already collected about you at the operating system level. Both companies have their own location history features that run independently of any third-party app, and both store detailed records of your movements over extended periods. Cleaning this up is a separate step, and it is one that makes a significant difference to your overall privacy.

If you use an Android phone, start by opening timeline.google.com in a browser on your computer. Sign in with the same Google account that is linked to your phone. What you will see is a day-by-day, map-based record of everywhere you have been for as long as your phone has had Location History enabled. Every restaurant you visited. Every hospital trip. Every temple, mosque, church, or gurudwara. Every late-night drive. Every trip out of the city. Every visit to a specific address. All of it timestamped, with routes drawn on a map and duration recorded.

Most Indian Android users have had this feature running since the day they first set up their Google account on their phone. When you buy a new phone and go through the setup process, you are shown several screens asking you to enable various Google services. Location History is one of them. The button to accept is prominently placed. The button to skip or customise is smaller and less visible. Most people tap through these screens quickly, and Location History gets enabled by default on budget phones from Xiaomi, Realme, Samsung, Vivo, and Oppo that come with Google services pre-installed.

This data has several implications. It can be accessed by law enforcement through a legal request to Google. It could be exposed in a data breach. Google uses it for ad targeting, building a profile of your daily routines, your preferred businesses, your travel patterns, and your social connections (based on which addresses you visit regularly). The level of detail is often more complete than what you could reconstruct from your own memory. I have heard from people who checked their Timeline and found records of trips they had completely forgotten about.

To delete this data and stop future collection, follow these steps:

• Go to myaccount.google.com/activitycontrols in your browser. Find the "Location History" section and turn it off. This stops Google from recording your location going forward.
• Go to timeline.google.com, click the settings gear icon, and select "Delete all Location History." Google will ask you to confirm. Do it. This removes the stored records.
• While you are in Activity Controls, set the auto-delete option to 3 months. This way, if Location History gets accidentally re-enabled (which can happen after a phone reset or Google account update), any data collected will be automatically deleted after three months instead of being stored indefinitely.
• Still on the Activity Controls page, find "Web & App Activity." This is a separate setting from Location History, and it is the one most people miss. Even with Location History turned off, Google continues to log location data through your Google searches, Google Maps usage, and app interactions if Web & App Activity is enabled. Basically, when you search for "restaurants near me" or use Google Maps for directions, that location data gets stored under Web & App Activity instead of Location History. You can either pause Web & App Activity entirely or, if you want to keep search history, uncheck the sub-option that says "Include Chrome history and activity from sites, apps, and devices that use Google services."
• Visit myactivity.google.com and review what is stored there. You can delete individual items or use the "Delete activity by" option to clear everything from a specific time period. I recommend deleting everything and starting fresh.
• On your phone, go to Settings > Location and look for "Google Location Accuracy" (sometimes called "Google Location Services" depending on your phone brand). When this is on, Google uses a combination of GPS, Wi-Fi, Bluetooth, and cell towers to determine your location. When it is off, your phone relies on GPS only. Turning this off reduces accuracy for maps and navigation, but it also significantly reduces the amount of location data that gets sent to Google. If you only use maps occasionally for driving directions, turning off Google Location Accuracy and relying on GPS alone is a reasonable trade-off.

For iPhone users, Apple collects less location data than Google by default, but the collection is not zero. Go to Settings > Privacy & Security > Location Services > System Services > Significant Locations. You will see a list of places Apple has recorded as your most visited locations, with dates and visit counts. Clear this history and turn the feature off. Apple says this data stays on your device and is not sent to their servers, but given that iCloud backups can include this data, and those backups are stored on Apple's servers, the claim is not as airtight as it sounds.

Apple Maps does not maintain a visible timeline the way Google does, but it does use your location history for personalised suggestions. To limit this, go to Settings > Privacy & Security > Location Services > System Services and turn off Location-Based Suggestions and Location-Based Apple Ads.

One point that is worth addressing: fake GPS apps. These apps, which spoof your phone's GPS coordinates to make it appear as though you are in a different location, are popular in India. People use them for various reasons. But a 2024 analysis of the top fake GPS apps on the Google Play Store found that over 30 percent of them contained embedded tracking code or data harvesting components. Basically, you would be installing an app to hide your location from one set of companies while giving your real location (and often much more data) to another set of unknown developers. The fake GPS app itself becomes the privacy problem. A poorly made flashlight app that reads your location is bad. A fake GPS app from an unknown developer that has deep system access and sends data to unidentified servers is considerably worse.

A related question people often ask is whether a VPN hides their location from apps. The answer is: partially. A VPN masks your IP address, which means websites and apps that determine your location from your IP will see the VPN server's location instead of your real one. But a VPN does not affect GPS, Wi-Fi positioning, cell tower triangulation, or Bluetooth beacon detection. If an app has location permission and uses GPS or Wi-Fi positioning, a VPN will not hide your actual location from that app. The VPN and the phone's location settings address different layers of the problem. You need both if you want a more complete solution, but the phone's permission settings are the more impactful of the two for most people.

The controls to limit location tracking exist on every Android phone and every iPhone sold in India. They are built into the operating system. Most people simply do not know the settings are there, or they accepted the defaults during phone setup and never went back to change them. The steps described above take about fifteen to twenty minutes for the initial setup. After that, a quick review every month or two is enough to catch any settings that may have been reset by a system update or a new app installation. It is a small time investment for a meaningful reduction in how much of your daily movement is being recorded and stored by companies you may not even realise are collecting it.