Nowadays, almost every app you download asks for location permissions, meaning it wants to track where you are and your movements. For an app like Google Maps, requesting location access makes perfect sense. It’s also reasonable for apps like Uber or DoorDash, which rely on location for their services. However, many apps that have nothing to do with location still ask for it, and we often grant these permissions without thinking twice. When you give an app access to your location, that data is stored and, in some cases, might even be sold. According to Texas Attorney General Ken Paxton, this practice is not uncommon. A recent lawsuit filed by Paxton alleges that the insurance company Allstate collected and sold the location data of 45 million Americans’ smartphones.
Enter the giveaway by signing up for my free newsletter.
Allstate was unlawfully collecting and stealing data
In a press release, Attorney General Paxton announced that he had sued Allstate and its subsidiary, Arity, for unlawfully collecting, using, and selling data about the location and movements of Texans’ cell phones. The data was gathered through secretly embedded software in mobile apps, such as Life360. “Allstate and other insurers then used the covertly obtained data to justify raising Texans’ insurance rates,” the press release stated.
The insurance provider allegedly collected trillions of miles’ worth of location data from more than 45 million Americans nationwide. The data was reportedly used to build the “world’s largest driving behavior database.” When customers sought a quote or renewed their coverage, Allstate and other insurance companies allegedly used the database to justify raising car insurance premiums.
Paxton claims the actions violated the Texas Data Privacy and Security Act. The lawsuit alleges customers were not clearly informed their data was being collected and did not consent to the practice.
“Our investigation revealed that Allstate and Arity paid mobile apps millions of dollars to install Allstate’s tracking software,” said Attorney General Paxton. “The personal data of millions of Americans was sold to insurance companies without their knowledge or consent in violation of the law. Texans deserve better and we will hold all these companies accountable.”
We reached out to Allstate and Arity for comments. A rep for the Allstate Corporation provided CyberGuy with this statement: “Arity helps consumers get the most accurate auto insurance price after they consent in a simple and transparent way that fully complies with all laws and regulations.”
MASSIVE SECURITY FLAW PUTS MOST POPULAR BROWSERS AT RISK ON MAC
Car manufacturers apparently do this all the time
Car manufacturers have also been accused of selling similar data to insurance companies. Last year, Paxton sued General Motors for allegedly collecting and selling the private driving data of more than 1.5 million Texans to insurance companies without their knowledge or consent. In addition to insurance companies, data brokers are frequent buyers of customer data. Critics say these brokers fail to adequately protect the information, leaving it vulnerable to hackers. Earlier this month, hackers claimed to have breached Gravy Analytics, a major location data broker and the parent company of Venntel, which is known for selling smartphone location data to U.S. government agencies.
HOW TO REMOVE YOUR PRIVATE DATA FROM THE INTERNET
5 ways to stay safe from unwanted tracking
1) Avoid installing the insurance company’s app: Many insurance companies encourage users to download their apps to “simplify” claims, payments, or policy management. However, these apps often collect and track your location data under the guise of improving their services. If the app is not absolutely essential, manage your account through the company’s website or contact customer service directly instead.
2) Don’t give location permissions unnecessarily: When an app requests location access, ask yourself whether it genuinely needs this information to function. For example, a weather app may need approximate location data, but a flashlight app does not. Always choose “Deny” or “Allow only while using the app” unless absolutely necessary. Most modern devices also allow you to provide an approximate location rather than a precise one, which is a safer option when location access is unavoidable.
3) Review and manage app permissions regularly: Over time, you may forget which apps have been granted permissions. Regularly go through your device’s app settings to check and adjust permissions. On most devices, you can access this under settings > privacy > app permissions (specific steps vary by operating system). Revoke access for any apps that don’t need it or seem suspicious.
4) Turn off location services when not in use: Keep location services off when you don’t need them. This reduces the chances of apps or devices tracking you passively in the background. For tasks like mapping or food delivery, turn location services on temporarily, then turn them off when you’re done. For added security, avoid connecting to public Wi-Fi networks, which can also be used to track your location indirectly.
5) Use privacy-focused tools and apps: Invest in tools designed to safeguard your privacy. Virtual private networks (VPNs) can mask your location online and prevent unwanted tracking while browsing. My top recommendations are Surfshark and ExpressVPN. Both are trusted VPN services that prioritize your privacy and security and are available on a wide range of platforms, including Mac, Windows, iOS, Android, and popular browsers.
Surfshark: Surfshark provides strong security features at an affordable price. Like ExpressVPN, Surfshark operates under a strict no-logs policy and uses advanced encryption to keep your data safe. One standout feature is Surfshark’s ability to support unlimited devices on a single account, making it ideal for families or users with multiple gadgets.
CYBERGUY DEALS:
- Save 81% now with CyberGuy’s exclusive offer – Get 3 extra months FREE with a 12-month plan. Try 30 days risk-free, for only $3.19 per month.
- Save 87% now with CyberGuy’s exclusive offer – Get 3 extra months FREE with a 24-month plan. Try 30 days risk-free, for only $2.19 per month.
ExpressVPN: ExpressVPN is known for its speed, reliability, and strong privacy features. It offers ultra-fast servers in 105 countries, supports P2P sharing, and allows up to 8 devices to connect simultaneously. Available on a wide range of devices, it features a simple setup that takes less than 2 minutes. ExpressVPN’s strict no-log policy ensures your data is never stored, and all servers run on RAM, so no user activity is saved. With 24/7 live customer support and a 30-day money-back guarantee, ExpressVPN is a top choice for privacy-conscious users.
CYBERGUY DEALS:
- Save 48% now with CyberGuy’s exclusive offer – you can get now up to 3 months FREE with a 12-month plan, for $6.67/month. Try 30 days risk-free.
- Save 61% now with CyberGuy’s exclusive offer – you can get now up to 4 months FREE with a 24-month plan, for $4.99/month. Try 30 days risk-free.
BEWARE OF ENCRYPTED PDFS AS THE LATEST TRICK TO DELIVER MALWARE TO YOU
Kurt’s key takeaway
If Allstate is indeed unlawfully collecting and selling people’s location data, Attorney General Paxton is right to hold them accountable by filing a lawsuit. In an era where cybercriminals exploit every opportunity to scam individuals, companies that fail to protect customer data are unacceptable and should face consequences. Data has become the new oil, and everyone seems eager to exploit it—often at the expense of ordinary people. Businesses that prioritize profits over privacy erode trust and put consumers at risk, making it crucial to enforce strict accountability for such practices.
Do you think companies like Allstate should be required to make their data practices crystal clear to customers? Let us know in the comments below.
FOR MORE OF MY SECURITY ALERTS, SUBSCRIBE TO MY FREE CYBERGUY REPORT NEWSLETTER HERE