Your mobile browsers could be sharing your location data.
To understand the extent of location tracking in mobile browsers, cybersecurity firm Surfshark has analysed 15 popular applications and discovered that more than half of them gather location data.
Four of them – Yandex, Phoenix, Microsoft Edge, and Aloha – collect precise location data, with the latter two stating they even share this data with third-parties.
“Your browser maps your daily routine and weekend plans before you’ve shared them with anyone,” says Justas Pukys, senior product manager at Surfshark. “This location tracking is a profit-driven exploitation of personal habits rather than a technical necessity for the browser to function.”
Researchers found that seven browsers do not collect location data at the app level, indicating that location tracking is a choice, not a technical requirement. Privacy-branded browsers, including DuckDuckGo, Brave, Tor, and Ecosia, together with Samsung Internet, UC Browser, and Mi Browser, declare no app-level location data collection in their Google Play Data Safety disclosures.
The remaining eight of 15 browsers are collecting location data.
Four declare collecting approximate location: Chrome, Safari, Opera, and Firefox. Another four declare collecting both approximate and precise location: Edge, Aloha, Yandex, and Phoenix. This difference matters because it shows that precise location collection is not the industry standard – even among browsers that do collect location data.
Pukys notes that websites can obtain one-time location access via the browser when necessary, eliminating the need for the browser application itself to harvest such data.
He further explains that people must understand the risks of location tracking across various applications, including in mobile browsers, where such data is unnecessary. By opting for approximate location settings or using less intrusive apps, individuals can reduce the risks of their weekly routines being exposed to malicious entities and constant surveillance.
Most location-collecting browsers keep this data internal, but Microsoft Edge and Aloha do not.
Both browsers declare that they share location data with third-parties. Because Edge and Aloha are also among the minority of browsers that collect precise location data, this external sharing raises privacy risks.
If we look at the declared purposes of other browsers that collect location data, Pukys says, we can see a wide spectrum of intent. Safari limits its collection strictly to personalising the user experience, while Opera relies on it exclusively for advertising and marketing. Phoenix collects location data for two purposes: “App functionality” and “Personalisation”. Meanwhile, Chrome, Firefox, and Yandex process location data for five distinct purposes: “Personalisation”; “Advertising or marketing”; “App functionality”; “Analytics”; and “Fraud prevention, security, and compliance”.