Family locator apps solve a genuine problem. Knowing a kid got to school, an elderly parent made it home from an errand, or a partner is safe on a late drive is real peace of mind, and for families managing a real safety concern, continuous location sharing is a reasonable tool. The privacy question isn't whether the use case is legitimate. It's what happens to the location history these apps generate once it leaves the family's own view of it, and what happens when the same sharing relationship stops being about safety and becomes about control.
The data broker pipeline, documented
The Markup's 2021 reporting, based on internal company materials, found Life360 was selling anonymized but re-identifiable location data to brokers including X-Mode (later Outlogic), which resold it further, in some cases downstream to US government contractors and law enforcement-adjacent buyers. Life360's public response was that the data was aggregated and anonymized in ways that protected individual users. Researchers who study location data have repeatedly demonstrated that "anonymized" location trails, timestamped GPS points tied to a home address and a workplace, are trivially re-identifiable, because the pattern of where someone sleeps and works functions as a unique fingerprint on its own.
Life360 has since said it no longer works with X-Mode and has scaled back some data partnerships following the coverage. The company still operates an advertising business built partly on location and usage data, disclosed in its privacy policy, and the core lesson from the episode doesn't depend on which specific brokers are involved this year: a free or freemium app whose core feature is continuous location tracking has an obvious monetization path that doesn't require your consent to a specific buyer, only your consent to a privacy policy most users never read.
Location data doesn't need a name attached to identify you. A device that's at the same address every night and the same office every weekday for a month has already told a data broker who it belongs to, regardless of what field says "anonymized."
Apple's Find My and Google's Family Link are a different model, not a risk-free one
Apple's Find My network uses end-to-end encryption for location reports and doesn't run an advertising business, which removes the specific data-broker risk that Life360's reporting surfaced. Google's Family Link, aimed at parental controls for a child's device, is built on Google's account infrastructure rather than a separate ad-funded consumer product. Neither is immune to a different, quieter risk: both are tied to a much larger account ecosystem, meaning the location data sits alongside search history, email, and browsing activity inside the same company's data model, governed by that company's overall data practices rather than a narrower single-purpose privacy policy.
| Life360 (freemium, ad-supported) | Apple Find My | Google Family Link | |
|---|---|---|---|
| Historical broker sales | Documented (2021, since scaled back) | None documented | None documented |
| Ad-funded business model | Yes | No | Indirectly, via broader Google ads ecosystem |
| Location data siloed from other account data | Mostly, single-purpose app | Mostly, on-device encrypted | No, tied to full Google account |
| Designed for adult mutual sharing vs. child oversight | Both | Both | Primarily child oversight |
When "safety" tooling becomes a control mechanism
The harder conversation is what happens when a location-sharing arrangement outlives its original purpose or was never mutual to begin with. Domestic violence advocates have documented, for years, that consumer location-sharing apps, alongside Find My and Family Link, are frequently used by an abusive partner to track a victim's movements under the framing of "safety" or "we always share our location, it's normal for us." Unlike covert stalkerware, which we've covered separately in our stalkerware detection guide, this pattern doesn't require installing hidden software. It uses a feature the victim agreed to, often early in the relationship, before the dynamic became coercive.
This is a meaningfully different problem from the data-broker question, and it doesn't have a settings-menu fix. The practical advice that actually helps: location sharing should be mutual and easily revocable by either party without needing to explain why, and if revoking it or asking questions about it causes conflict, that reaction is itself informative. Most platforms have added a "someone may be tracking you unexpectedly" detection feature in the last few years (Apple's unwanted tracker alerts, Google's similar feature for unknown trackers traveling with you) but these are built primarily for physical Bluetooth trackers like AirTags, not for a location-sharing relationship both parties technically consented to. See our related piece on cross-device tracking for how the detection side of this works.
A location-sharing feature that requires justification to turn off isn't a safety feature anymore. It's a monitoring arrangement wearing a safety feature's name.
What to actually check
- Read the specific app's current privacy policy for third-party data sharing, not a headline from a few years ago. Policies and partnerships change, and the honest baseline is whatever the current document says, checked periodically.
- Prefer apps without an ad-funded business model when the use case allows it. A subscription-funded or platform-native tool (Find My, Family Link) has a cleaner incentive structure than a free app that needs another revenue source.
- Set an explicit end condition for sharing, especially with a teenager or partner: a birthday, a move-out date, a "we revisit this every six months" agreement, rather than indefinite sharing that nobody actively decided to keep.
- Treat "why do you want to turn it off" as a signal, not a normal question, if it comes from a partner rather than a parent managing a minor's device.
None of this argues against using these tools. It argues for treating continuous location sharing as what it actually is: a meaningful grant of ongoing visibility into someone's life, worth the same periodic scrutiny you'd give any other account permission, and worth a real conversation about consent and revocability rather than a one-time setup you never revisit.
The teenager's side of the arrangement
Most coverage of family locator apps centers the parent's decision to install one. Less discussed is what continuous tracking does to a teenager who has no real say in whether it's on, and research on adolescent development has repeatedly flagged that constant location visibility can measurably reduce a teenager's willingness to disclose problems voluntarily, since anything that already shows up on a map doesn't need to be volunteered, and anything that doesn't show up starts to feel like the only private thing left. Some families have started treating the app as a conversation starter rather than a monitoring tool: reviewing it together periodically, rather than one parent silently checking a feed the teenager doesn't think about day to day.
That distinction, checked together versus checked silently, tends to predict how the relationship around the app actually feels to the person being tracked, independent of which specific product is installed. A tool used transparently for an agreed purpose and a tool used to quietly monitor someone are the same software running two very different relationships.