How Location Data from Your Phone Could Expose Military Troops

US Central Command has confirmed that hostile foreign actors used commercial location data to track and target American military personnel overseas, according to documents released by Senator Ron Wyden. This marks the first official acknowledgment that enemies have successfully weaponized the data broker industry—the largely unregulated market of companies that buy and sell information about where your phone goes—against active US forces in combat zones.

The confirmation came through letters between Wyden and the Pentagon, detailing how adversaries purchased commercially available location data to surveil and potentially attack servicemembers. It's an evolution of how open-source intelligence works: instead of relying on spies or expensive surveillance satellites, hostile actors are tapping into the same advertising technology infrastructure that advertisers use to target you with ads.

Real-World Targeting Has Already Happened

This isn't theoretical. In 2016, a US defense contractor ran an exercise using nothing but commercially available location data and managed to track special operations forces from their US home base all the way to a staging area in Syria. The exercise showed how advertising identifiers and location signals—the kind routinely collected by apps on your phone and sold by data brokers—could expose sensitive military movements.

Central Command's new confirmation indicates that what was a proof-of-concept in 2016 has now become an actual threat. The command received what it called "multiple threat reports" showing that adversaries are actively purchasing commercial location datasets and using them to surveil and target US troops.

There's an important historical point here: the US government itself, including the Pentagon and intelligence agencies, has purchased commercial location data without warrants for years. That precedent made it clear to everyone—including hostile nations—that this kind of data was accessible and useful for intelligence purposes.

What Congress and the Pentagon Are Doing About It

A bipartisan group of lawmakers has sent formal recommendations to the Pentagon on how to reduce this threat. The suggestions include turning off advertising identifiers on military-issued phones, automatically disabling location sharing on smartphones deployed in conflict zones, and telling military personnel to use privacy-focused web browsers instead of Google Chrome.

Senator Wyden has gone further, calling the advertising technology industry itself a national security threat. His position reflects a growing view in Congress that data brokers, which were originally built to help advertisers target consumers, have become a tool for foreign spy agencies and hostile groups to wage asymmetric warfare—attacks that don't require matching military strength, just clever exploitation of civilian infrastructure.

The FBI has also weighed in with civilian advice: use ad blockers to reduce how much data companies collect about you through websites and apps. This guidance underscores that federal agencies see the advertising system as a real privacy and security risk.

How Your Phone Becomes an Intelligence Asset

The targeting works because modern mobile apps routinely collect location data, device identifiers, and behavioral information, then sell it through a complex chain of brokers and ad networks. Over time, these datasets get combined and enriched with information from multiple sources, creating a detailed map of where you go and what you do—intelligence that can rival what traditional spy agencies collect.

Think of it this way: every time an app sends your location back to its servers (which happens constantly), that information gets packaged and sold. Because your phone's advertising identifier stays the same across most apps, companies can track your movements across many different applications. When you combine location data with these persistent identifiers, you can follow someone's pattern of movement over weeks or months.

The data broker ecosystem operates with very little regulation, which means hostile nation-states and terrorist groups can buy datasets through middlemen, hiding who they really are while getting access to intelligence-grade information.

The progression from smartphone location services to military targeting follows a familiar pattern in technology: what starts as a commercial convenience eventually becomes a security vulnerability. We've seen this pattern repeatedly—from early internet protocols designed without security in mind, to cloud infrastructure hastily adapted for military use. The difference this time is that the vulnerability isn't being exploited by a clever hacker in a garage; it's being weaponized by foreign governments.

What Congress Is Investigating

Multiple congressional committees have opened investigations into how digital advertising and data brokers pose national security risks. The Senate Armed Services Committee has held hearings specifically on how data brokers threaten military security. The Senate Intelligence Committee has reviewed how commercial data could be exploited by adversaries. The Senate's Emerging Threats and Capabilities subcommittee has looked at how hostile actors are using commercial data and what the US military can do about it.

These oversight efforts signal that lawmakers are taking the threat seriously and beginning to see advertising technology as a national security issue, not just a privacy annoyance.

The Operational Security Problem

The Pentagon now has to rethink how to protect troops in a world where their phones are constantly broadcasting their location. Traditional military security practices—the ones designed to prevent spies from tracking soldiers—weren't built for a threat where adversaries don't need human agents or expensive surveillance equipment. They just need to buy a dataset.

Modern military personnel carry commercial smartphones that constantly send location information to advertising networks. Apps that use location features—navigation, weather, social media—create a trail of breadcrumbs that adversaries can follow. Unlike traditional spy methods, this surveillance is persistent, automated, and inexpensive.

Here's what's worth considering: the threat landscape has fundamentally shifted. A decade ago, this kind of location-based targeting required a nation-state with significant technical resources. Today, any hostile group with a budget can buy access to the same data. The tools for surveillance have been democratized and commercialized, and deployed forces now operate in an environment saturated with data collection designed for advertising, not security.

The Pentagon's confirmation makes clear that adversaries aren't just theoretically capable of exploiting commercial location data—they're doing it now, in active conflict zones. Moving forward, the challenge is figuring out how to protect military operations in an environment where information about movement and location is constantly being collected and sold, all by design.