Family safety app found to be selling precise location data on millions of individuals, including children
Life360, a popular family safety app used by over 33 million people worldwide, was found to be selling data on the precise locations of children and other family members to data brokers, who then sell the information to "virtually anyone who wants to buy it."
Two former employees of Life360 and two individuals formerly employed by data brokers revealed that the app "acts as a firehose of data
" for information brokers in an industry which has "few safeguards to prevent the misuse of sensitive information."
When confronted with the evidence, Life360 founder and CEO Chris Hulls indicated that he had no problems with his business model, saying: "We see data as an important part of our business model that allows us to keep the core Life360 services free for the majority of our users, including features that have improved driver safety and saved numerous lives."
Selling data has become a crucial component of the company's revenue, which jumped from $693,000 in 2016 to $16 million in 2020. Life360 reported a loss of $16.3 million in 2020, but financial disclosures showed they made $16 million selling user location data, making up a bulk of their revenue.
According to a former X-Mode engineer, the raw location data from Life360 that his previous company gained was one of the most valuable sources there is as it included precise data. The former Cuebiq employee added that the company wouldn't be able to run marketing campaigns without Life360's "constant flow of location data."
The company claimed that it maintains "industry best practices
" and does not sell data on users below 13 in accordance with the Children's Online Privacy Protection Rule (COPPA). However, they did admit to disclosing information from younger children to third parties as needed.
Data brokers purchase information from Life360
Data broker companies purchase data from companies like Life360 and supply "data and insights" to other industry players and customers, which include hedge funds and advertising agencies. (Related: Tech companies roll out wearable child tracking devices to 'normalize' intrusive surveillance for new generation
While Cuebiq only provides access to aggregated data through its "workbench" tool, the tool itself uses raw location data from Life360. The Centers for Disease and Control Prevention,
for instance, has been using the data to track "mobility trends" during the Wuhan coronavirus (COVID-19) pandemic.
Cuebiq spokesman Bill Daddi said in an email: "The CDC only exports aggregate, privacy-safe analytics for research purposes, which completely anonymizes any individual user data. Cuebiq does not sell data to law enforcement agencies or provide raw data feeds to government partners (unlike others, such as X-Mode and SafeGraph)."
Life360 noted that it has policies against selling or marketing data to any government agencies that may use the information for law enforcement purposes in 2020. Hulls said that they do not believe it is appropriate for government agencies to attempt to obtain data in the commercial market to bypass an individual's right to due process. He added that the policy extends to data brokers, although they did not detail how this is enforced.
Two former Life360 employees said that the company's data security precautions are shady, and location histories can be traced back to individuals by failing to hash data or reduce the precision of the location data to preserve privacy.
Life360 is expanding into other "digital safety" products that include data breach alerts, credit monitoring and identity-theft protection features. It also acquired companies that allow it to expand tracking and potentially harvest data
. In 2019, for instance, Life360 acquired ZenScreen, a screen-time monitor for families. In April, it acquired Jiobit, a wearable location device company that focuses on the whereabouts of younger children, pets and seniors.
Hulls made clear that he has no plans to sell data from Jiobit devices or its digital safety services.
"I'm sure there are lots of families who do find very real comfort in an application like this, and that’s valid. That doesn’t mean that there aren’t ways that other people are harmed with this data," said Justin Sherman, a cyber policy fellow at the Duke Tech Policy Lab.
Read more news related to surveillance at PrivacyWatch.news