Border Patrol Is Tracking Your Phone Through the Ads in Your Apps—And It's Perfectly Legal

Every time an ad loads in your weather app, your dating app, or your mobile game, a hidden auction takes place. In milliseconds, dozens of advertising companies bid for the right to show you a targeted ad. To make their bids, they receive data about your device: what app you are using, what kind of phone you have, and most critically, your precise GPS location.

That auction process is called real time bidding. It powers nearly every ad you see online. And according to documents obtained by 404 Media and reported by the Electronic Frontier Foundation in March 2026, U.S. Customs and Border Protection has been tapping into that system to track the physical movements of millions of Americans, without a warrant.

The revelation confirms what privacy advocates have warned about for years: the advertising industry has built the most comprehensive surveillance infrastructure in human history, and the government is buying access to it.

How Real Time Bidding Becomes Surveillance

To understand why your phone's ad data is valuable to border agents, you need to understand how real time bidding works at a technical level.

When you open an app that displays ads, the app sends a bid request to an ad exchange. That request contains your device's advertising ID, a unique identifier assigned by your phone's operating system, along with your IP address, device model, operating system version, and frequently your GPS coordinates accurate to within a few meters.

The bid request is broadcast to potentially hundreds of advertising companies in real time. Each company evaluates the data and decides whether to bid on the ad slot. Only one company wins the auction and serves the ad. But every company that participates in the bidding process receives the location data, regardless of whether they win.

Data brokers have positioned themselves within this bidding ecosystem not to buy ads, but to collect the location data that flows through it. They aggregate billions of bid requests per day, building detailed movement histories tied to individual devices. They then sell that data to anyone willing to pay, including law enforcement agencies.

What the CBP Documents Reveal

The internal documents obtained by 404 Media show that CBP explicitly acknowledged using "commercially available marketing location data" for surveillance purposes. Critically, the documents confirm that at least part of this data was sourced from real time bidding, meaning it was collected during the advertising auction process described above.

CBP ran a pilot program using this data from 2019 to 2021. The program was not publicly disclosed at the time. The agency purchased location tracking tools from commercial data brokers and used them to monitor the movements of phones near the U.S. border and in the interior of the country.

The Department of Homeland Security's own Office of the Inspector General subsequently found that CBP, ICE, and the Secret Service had all used commercially acquired location data in ways that exceeded the agencies' stated limitations. In other words, even the modest internal guardrails the agencies set for themselves were being violated.

ICE has continued to expand its use of advertising data. The agency recently issued a request for information seeking "Ad Tech" tools it could use for investigations, signaling that the practice is not winding down but scaling up.

Which Apps Are Leaking Your Location

The location data flowing through real time bidding originates from two primary sources: software development kits (SDKs) embedded in apps, and the RTB bidding process itself.

SDKs are code libraries that app developers include in their applications, often to display ads or collect analytics. When you grant location permission to a weather app or a fitness tracker, the SDK can harvest your GPS data and funnel it to data brokers, often without the app developer's full awareness of the downstream uses.

The apps involved span every category of mobile software. Reporting has identified location data flowing from games like Candy Crush, dating apps, weather services, news readers, and fitness trackers. The publisher behind the app does not directly agree to send data to ICE. The data moves through a chain of intermediaries, from SDK to ad exchange to data broker to government agency, with each step adding a layer of deniability.

For the average user, there is no practical way to know which of your apps are participating in this data supply chain. The permissions dialog on your phone says "Allow location access." It does not say "Allow your location to be sold to federal law enforcement."

The Legal Loophole: Buying Data Instead of Getting a Warrant

The Fourth Amendment protects Americans from unreasonable searches and seizures. In 2018, the Supreme Court ruled in Carpenter v. United States that law enforcement generally needs a warrant to access historical cell site location data from phone carriers. The decision was a landmark privacy ruling that established that the government cannot simply demand your location history without judicial oversight.

Federal agencies found a way around that ruling. Instead of requesting location data from phone carriers, which requires a warrant, they purchase equivalent data from commercial data brokers, which does not. The legal theory is that data collected by private companies and sold on the open market is not subject to the same constitutional protections as data held by telecommunications providers.

The EFF and other civil liberties organizations argue that this distinction is a loophole that renders Carpenter meaningless. The practical effect is identical: the government obtains a detailed record of where your phone has been. The only difference is the source. Whether location data comes from a cell tower or from a Candy Crush ad makes no difference to the person being tracked.

Congress has not passed legislation to close this loophole. The Fourth Amendment Is Not For Sale Act, which would prohibit federal agencies from purchasing data that would otherwise require a warrant, has been introduced multiple times but has not become law. In March 2026, FBI Director Kash Patel confirmed the bureau is actively buying location data from commercial brokers, prompting Senator Wyden to introduce the Government Surveillance Reform Act. Until such legislation passes, the practice remains legal.

What You Can Do Right Now

Until legislation catches up with the surveillance capabilities of the advertising ecosystem, individuals need to take steps to limit the data their phones broadcast.

• Reset or disable your advertising ID. On iPhone, go to Settings > Privacy & Security > Tracking and disable "Allow Apps to Request to Track." On Android, go to Settings > Privacy > Ads and select "Delete advertising ID." This removes the persistent identifier that links your location data across apps.
• Review location permissions aggressively. Go through every app on your phone. Revoke location access from any app that does not absolutely need it. For apps that do, switch from "Always" to "While Using the App." Better yet, choose "Ask Next Time" so you can make the decision in context.
• Use an ad blocker or DNS based filtering. Ad blockers prevent bid requests from being sent in the first place, cutting off the data supply at the source. DNS based solutions like NextDNS or Pi hole can block known ad and tracking domains at the network level.
• Avoid free apps with heavy ad loads. Apps that display many ads are sending many bid requests, each one broadcasting your location. When possible, use paid alternatives or open source apps that do not include advertising SDKs.
• Support legislation. The Fourth Amendment Is Not For Sale Act would directly address the warrantless purchase of location data by federal agencies. Contact your representatives and urge them to support it.

The Infrastructure Is the Problem

The CBP revelation is not about one rogue agency. It is about a system. The online advertising ecosystem was built to maximize the collection and distribution of personal data. Location tracking was a feature, not a bug. When that system is accessible to anyone with a checkbook, it was inevitable that governments would become customers.

The ads loading in your apps are not just selling you products. They are selling your location to the highest bidder. Right now, one of those bidders is the federal government. Until the advertising industry is forced to stop collecting this data, or the government is prohibited from buying it, every app on your phone is a potential surveillance tool.