Mobile browsers leak precise location data to third parties

Zaid Al-Mansouri
By
Zaid Al-Mansouri
Tech writer at All Things Geek. Covers smartphones, wearables, and mobile technology.
13 Min Read
Mobile browsers leak precise location data to third parties

Mobile browsers location data sharing has become a serious privacy concern, with research revealing that popular mobile browsers are leaking precise location information to third parties without adequate user awareness. The study examined 15 widely used mobile browsers and found that 8 of them were collecting and sharing location data in ways that bypass user expectations and privacy controls.

Key Takeaways

  • 8 out of 15 popular mobile browsers were found sharing precise location data with third parties.
  • Microsoft Edge and Aloha are among the browsers implicated in location data sharing practices.
  • Mobile browsers location data can be controlled through explicit permission settings in most applications.
  • Users can disable location access entirely or configure permissions on a per-site basis.
  • Default browser settings often require explicit permission before sharing precise location with websites.

Which Mobile Browsers Are Sharing Location Data

The research identified mobile browsers location data sharing as a widespread practice, with Microsoft Edge and Aloha specifically flagged for sharing precise tracking details with third parties. This finding matters because these are mainstream applications that millions of users rely on daily for web browsing, often without realizing their location is being transmitted. The distinction between approximate and precise location is critical—precise data can pinpoint a user’s exact coordinates, while approximate data provides only general geographic regions.

Microsoft’s own documentation acknowledges that Edge can share location information. According to Microsoft, Edge can provide more relevant search results, maps, and news when users share their precise location with Microsoft services. The browser asks for permission before Bing accesses a user’s precise location, and allowing this adds Bing.com to the location permission list. This transparency in Microsoft’s documentation contrasts with the opaque third-party sharing that the research uncovered, suggesting that location data intended for legitimate service improvement may be flowing to unintended recipients.

How Mobile Browsers Location Data Controls Actually Work

Most modern mobile browsers, including Microsoft Edge, provide granular controls for location sharing, though many users never access them. To manage location permissions in Microsoft Edge, users should navigate to Settings > Privacy, search, and services > Site permissions > All permissions > Location. From this menu, users can turn off the Ask before accessing setting entirely, which prevents websites from accessing precise location. Alternatively, users can keep the Ask before accessing option enabled and decide on a per-site basis whether to grant permission.

For site-specific control, users can open any website in Edge, select the Lock, Info, or Dangerous icon in the address bar, then choose Permissions for this site and set Location to Ask, Allow, or Block. This per-site approach gives users fine-grained control but requires active management for every new website that requests location access. Microsoft recommends reviewing a website’s privacy policy before allowing precise location access, a sensible precaution that few users actually follow.

Windows system-level settings also influence mobile browsers location data sharing. If users enable Allow access to location on this device and Allow apps to access your location in Windows settings, Edge will provide sites with more precise location information. This means that even if a user grants permission in the browser, the actual precision of shared data depends on operating system configuration. InPrivate browsing applies the profile’s location permission setting, while Guest mode will always ask for permission before granting location access.

Why Mobile Browsers Location Data Sharing Matters Now

The discovery that mobile browsers location data is being shared with third parties highlights a gap between user expectations and actual behavior. Users often assume that if they deny a website’s location request, their location remains private. The research suggests that some browsers are sharing location data through alternative channels or with back-end services that users never explicitly authorized. This is particularly concerning because location data is among the most sensitive personal information a user can leak—it reveals daily patterns, home address, workplace, frequented locations, and personal habits.

The fact that mainstream browsers like Microsoft Edge are implicated raises questions about whether location sharing is a deliberate design choice, a side effect of legitimate functionality, or an unintended consequence of how browsers handle permissions. Microsoft’s documentation makes clear that location sharing is permission-based and can be disabled, but the research suggests that the real-world behavior of mobile browsers location data collection may not align with documented controls. Users who believe they have disabled location sharing may still be leaking precise data without realizing it.

Comparing Mobile Browsers Location Data Practices

The research examined 15 mobile browsers but highlighted only Microsoft Edge and Aloha as specifically sharing precise location data with third parties. This comparison reveals that not all browsers handle location data equally—some may have stronger privacy defaults or more transparent data-sharing practices. The distinction matters because users choosing a mobile browser should consider privacy implications alongside features and performance. A browser that provides excellent functionality but leaks location data offers poor value to privacy-conscious users.

Microsoft Edge’s position as a mainstream browser used by millions amplifies the impact of this finding. Unlike niche browsers, Edge is pre-installed on Windows devices and actively promoted by Microsoft, meaning many users never made a conscious choice to use it and may not even know how to change their browser. For these users, understanding and configuring mobile browsers location data settings becomes a critical privacy task that they may never undertake.

Can You Actually Trust Browser Privacy Controls

The research raises a fundamental question: if browsers claim to provide location controls but still leak data to third parties, how much can users trust privacy settings? Microsoft’s documentation describes location controls in detail and recommends specific steps to disable sharing, yet the research suggests these controls may not prevent all location data flows. This gap between documented settings and actual behavior is the core privacy concern. Users who follow Microsoft’s instructions to disable location sharing may believe they have protected their privacy when third-party leaks continue regardless.

The issue may stem from how modern browsers integrate with operating systems, advertising networks, and analytics services. Even if a browser respects a user’s explicit location permission denial, the underlying operating system, installed apps, or network-level tracking could still reveal location. Mobile browsers location data may leak through multiple channels simultaneously—not just through the browser’s own permission system but through system-level APIs, advertising identifiers, or back-end analytics. This complexity means that users cannot rely on a single privacy setting to fully protect their location.

What Users Should Do Right Now

For users concerned about mobile browsers location data sharing, several immediate steps can reduce exposure. First, disable location permissions entirely in your browser settings unless you have a specific reason to allow them. Second, review which websites have been granted location permission and revoke access to sites that do not need it. Third, check your operating system’s location settings and disable Allow access to location on this device if you do not actively use location-dependent features. Fourth, use Guest mode when browsing sensitive content, as it will always prompt before granting location access.

Beyond browser-level controls, consider using a VPN to mask your IP address, which can prevent location inference based on internet traffic. Be aware that sending Do Not Track requests to websites does not guarantee that tracking will stop, as websites may ignore these signals. The most reliable protection is to assume that location data is always at risk and to minimize the number of services that have access to it in the first place.

Will Browser Privacy Controls Improve

The fact that researchers could identify mobile browsers location data sharing despite built-in privacy controls suggests that current mechanisms are insufficient. Future improvements might include more aggressive privacy defaults, clearer user notifications when location data is accessed, or browser-level monitoring that alerts users to unexpected location sharing. However, as long as browsers integrate deeply with operating systems and advertising networks, location data will remain vulnerable to leakage through multiple channels.

Microsoft’s documentation shows that the company is aware of location privacy concerns and provides detailed controls. Whether these controls are adequate or whether Microsoft will implement stronger defaults remains to be seen. The research serves as a wake-up call that users cannot passively trust browser privacy—they must actively configure settings, monitor permissions, and remain skeptical of claims that location data is fully protected.

Is Microsoft Edge more private than other browsers

Based on the research, Microsoft Edge was specifically identified as sharing precise location data with third parties, suggesting it may not offer superior privacy compared to browsers not implicated in the study. However, the research examined only 15 browsers, so a complete comparison is not possible. Microsoft’s detailed documentation on location controls indicates the company takes privacy seriously, but documentation alone does not guarantee that actual behavior matches stated controls.

Can I completely disable location sharing in my browser

Yes, you can disable location sharing entirely by turning off the Ask before accessing setting in your browser’s location permissions menu. However, disabling browser-level location sharing does not prevent your operating system from revealing location through other channels, such as IP-based geolocation or system-level APIs accessed by installed apps. For maximum privacy, also disable location services at the operating system level if you do not actively use location-dependent features.

What should I do if I want to use location-dependent features but stay private

If you need location features for maps, local search, or location-dependent apps, use the Ask before accessing setting and grant permission only to specific sites you trust. Before allowing any site to access your precise location, review its privacy policy to understand how the data will be used and stored. This per-site approach balances functionality with privacy by limiting location exposure to only the services that genuinely need it.

The discovery that mobile browsers location data is leaking to third parties underscores a hard truth: privacy in modern browsers requires constant vigilance. Built-in controls exist, but they are not foolproof, and many users never access them. The responsibility falls on both browser makers to implement stronger defaults and on users to understand and configure their privacy settings. For now, assume that your location is at risk and take active steps to minimize exposure.

Edited by the All Things Geek team.

Source: TechRadar

Share This Article
Tech writer at All Things Geek. Covers smartphones, wearables, and mobile technology.