How Smartphone Location Data Is Putting US Military at Risk
The Pentagon has confirmed what it has suspected for years: foreign adversaries are buying information about where US military personnel are located, using the same smartphone tracking data that companies sell every day. A WIRED investigation published today shows that Central Command acknowledged receiving multiple reports of enemies exploiting commercial location data to track or watch American troops in overseas conflict zones.
The problem is more widespread than most people realize. The same data marketplace that US intelligence agencies use to buy location information has become accessible to hostile foreign governments trying to monitor American military bases and soldiers.
Warnings That Went Unheeded
Pentagon officials have been raising alarms about this threat for a decade. As early as 2016, a government technologist at a special operations command showed colleagues how easy it was to track phones from Fort Bragg and MacDill Air Force Base by buying publicly available location data. That data let them follow those phones all the way through Turkey into Syria.
By 2021, the Defense Intelligence Agency told Congress that it routinely purchases smartphone location data from commercial brokers—sometimes even data about Americans—without going to court for a warrant first. That admission revealed something uncomfortable: the Pentagon itself is part of the same data marketplace that adversaries are now using against US forces.
The Air Force issued internal guidance in 2022 warning that if America went to war with Russia, the Russians could buy location data to figure out where US military units were stationed. The National Security Agency has given military personnel advice on protecting themselves: avoid bringing phones to sensitive locations, and restart phones every week to disrupt tracking attempts.
How Easy Is It to Buy This Data?
Researchers at Duke University tested the market in 2023 with funding from the US Military Academy at West Point. The result was unsettling: they were able to buy location information on military personnel for as little as 12 cents per record. They found thousands of datasets specifically packaged and marketed to identify military people—with names like "Military Families Mailing List" and "Hard Core Military Families."
Working through a website based in Singapore, the researchers successfully purchased data that tracked movements around Fort Bragg, Quantico, and other military installations. The process took minimal effort. To someone outside the military, this might seem surprising. To anyone familiar with how the internet works, it confirms a suspicion that has lingered for years: sensitive information changes hands as casually as any other commodity.
The Advertising Side of the Problem
The investigation also uncovered something else troubling. Inside Google's advertising tools, there are marketing categories that specifically identify and target US government employees involved in defense decisions. This means advertisers—and potentially foreign intelligence services—can create campaigns that reach senior Pentagon officials based on their online activity.
This moves the threat beyond simple location tracking. If someone knows where you are and who you are, they can potentially send you false information or try to manipulate you through carefully targeted ads and online content.
What Makes This Different
In the early days of the commercial internet, intelligence agencies and the military struggled to protect themselves against new digital threats because the technology was changing faster than their security practices could adapt. We are seeing a similar situation now with smartphones and location data—except it is happening faster. The commercial data marketplace has developed so quickly that military security policies have struggled to keep up.
The Fundamental Problem
The Pentagon has rules about what devices soldiers can use and how to configure them safely. But those rules address only part of the problem. The real challenge is much bigger: companies that have nothing to do with the military buy and sell location data constantly, largely without oversight or regulation. A soldier can follow all the rules on their phone and still have their location sold to a foreign government.
Traditional military security planning assumed that sensitive location information was hard to get—that enemies needed specialized equipment and needed to be physically close to collect it. That assumption no longer holds true. Today, an adversary just needs money. They can buy access to millions of data points about where American troops are located, often with barely any effort to hide who they are.
What Happens Next
The Central Command confirmation signals that the Pentagon views this as a real and present danger, not a theoretical problem. For military planners responsible for protecting troops, this means rethinking how to keep personnel safe in an environment where location information is bought and sold like a commodity on the open market. The old methods of keeping secrets—compartmentalization, restricted communication, physical isolation—are not enough when location data is available to anyone with a credit card and an internet connection.
This does not mean military operations are helpless. But it does mean that force protection strategies now need to account for a new kind of threat: one that operates through civilian companies rather than through traditional spying.
