If you’re asked to enable location data after downloading an app, there’s a good chance your whereabouts are being tracked. However, what happens when a company collects this data and then sells it?
According to a new lawsuit from Texas Attorney General Ken Paxton, the insurance company Allstate allegedly did exactly that when they unlawfully collected, used and sold data on the location and movement of Texans’ smartphones.
In a press release, Paxton alleges that the top insurance firm used secretly embedded software in mobile apps like Life360 to do this and then from there, they used this covertly obtained data to raise the insurance rates of millions of Texans.
To make matters worse, through its subsidiary data analytics company Arity, Allstate allegedly paid app developers to add this location-tracking software to their own apps. In total, the insurance provider collected trillions of miles worth of location data from more than 45 million Americans across the country. This data was then used to create the “world’s largest driving behavior database.” When an American then went to request a quote or renew their coverage, Allstate and other insurance companies would use this data to justify increasing their car insurance premium.
The reason that Texas Attorney General Ken Paxton is now suing Allstate is that these actions violated the Texas Data Privacy and Security Act (TDPSA) because customers weren’t given clear notice that their data was being collected, nor did they provide consent to this data collection.
In a statement to Tom's Guide, Allstate explained what Arity actually does and how consent is required to make use of its services, saying:
“Arity helps consumers get the most accurate auto insurance price after they consent in a simple and transparent way that fully complies with all laws and regulations.”
Allstate isn’t the first company to allegedly do something like this and then come under scrutiny in Texas. For instance, in a blog post, the cybersecurity firm Malwarebytes points out that Paxton sued General Motors (GM) last year for collecting and selling the private data of 1.5 million Texans to insurance companies. This was also done without their knowledge or consent.
How to stay safe from unwanted tracking
The simplest and easiest way to avoid having an insurance company track you is by not installing their mobile app. A lot of car insurance providers now use their mobile apps for this exact same thing with the promise that having their app installed could lead to lower rates. By not installing one of these apps, you might miss out on lower rates but you can also rest easy knowing your location and driving data aren’t being collected.
Other apps like Google Maps require your location data to function though. With these ones, you should choose the option “Allow only while using the app” when accepting permissions after installing an app. This way, the app won’t be able to continuously track your location and movement.
I know it sounds ridiculous in 2025 but you also always have the option to leave your phone at home if you’re very concerned about your location being tracked or data on your movements being collected.
Texas’ Data Privacy and Security Act and California’s Consumer Privacy Act (CCPA) are a step in the right direction but until we have a nationwide version of something close to the EU’s General Data Protection Regulation (GDPR), we’ll likely continue to hear about companies collecting and misusing customer data. This practice can make things even worse when a company you do business with is hit by a data breach.
Hopefully we’ll see a nationwide effort to protect U.S. user data soon but in the meantime, you just have to be careful when giving any app permission to use your location data.
More from Tom's Guide
- US government agencies spent taxpayer money to buy your location data
- LinkedIn is scraping your data to train AI — here’s how to opt-out
- 2.9 billion hit in one of the largest data breaches ever — full names, addresses and SSNs exposed
