The Architecture of the Machine

Mobilewalla didn’t build a product. It built a surveillance infrastructure that most people have never heard of, operating at a scale that is genuinely difficult to comprehend. The company sits in the middle of a data supply chain that starts with an ordinary person scrolling through their phone and ends with a stranger knowing exactly where that person sleeps, prays, and seeks medical care.

• Mobilewalla is incorporated in Delaware and headquartered at 5170 Peachtree Road, Chamblee, Georgia. It describes its core product as the ability to “create a comprehensive, cross channel view of the customer, understanding online and offline behavior.”
• The company does not collect data directly from consumers. It buys, harvests, and aggregates location data from two primary pipelines: real-time bidding (RTB) exchanges and third-party data brokers and aggregators. The overwhelming majority of consumers tracked by Mobilewalla have never interacted with the company and have no knowledge it holds their data.
• RTB exchanges are the backbone of mobile advertising. When you open an app, that app sends a “bid request” containing your device’s advertising identifier (MAID) and your precise GPS coordinates to an auction platform, where advertisers bid in milliseconds for the right to show you an ad. Mobilewalla participated in those auctions — but its primary goal was not winning the ad slot. It was collecting the data that flashed by in the auction request.
• Mobilewalla estimated that approximately 60% of its consumer data came from RTB exchanges between January 1, 2018 and June 30, 2020. The FTC complaint confirms the company collected and retained bid request data regardless of whether it won the auction — a practice the exchanges’ own terms explicitly prohibited.
• The scale of collection in those years: approximately 77 million unique advertising identifiers paired with location data in 2018; over 273 million in 2019; approximately 269 million in 2020. Counting identifiers without location data as well, Mobilewalla estimates it collected more than 2 billion unique advertising identifiers over that period.
• Collection did not stop there. Mobilewalla obtained data paired to location for more than 183 million devices in 2021 and over 10 million in the first four months of 2022 — until news outlets exposed the company’s practices and forced a pause.
• The company’s marketing made the scale explicit: Mobilewalla publicly touted collecting over “50B Mobile Signals Daily” from “2.2B Devices” across “40+ Countries”, storing “5+ Years of Data.”

How the Data Theft Actually Worked

The RTB auction system was designed to serve you an advertisement. Mobilewalla turned it into a pipeline for mass surveillance. Here is the mechanism in plain terms.

• Every time you open an app that runs ads, your phone transmits a “bid request” to an advertising exchange. That request contains your device’s MAID (a unique identifier), your precise GPS coordinates if location sharing is on, the name of the app you’re using, the brand of your device, and a timestamp. This happens in a fraction of a second, without your involvement or awareness.
• Advertisers in the exchange receive that bid request and place bids. The winner gets to show you the ad. The losers are supposed to discard the data. Mobilewalla did not discard the data. It collected and stored every bid request it received, whether or not it won the auction — in direct violation of the RTB exchanges’ terms of service.
• Mobilewalla paired these data points with MAIDs. Because a MAID is tied to a specific device, and because the data accumulated across thousands of apps and locations over time, the result was a detailed map of each individual’s movements — where they live, where they work, where they worship, where they seek medical care, and who they spend time with.
• On top of RTB harvesting, Mobilewalla purchased data from third-party brokers and aggregators. These purchases included MAIDs paired with precise GPS coordinates, app names, hashed email addresses, hashed phone numbers, and in some cases clear-text phone numbers linked directly to a device identifier.
• The company did not anonymize the raw location data it sold. A MAID can be matched to a named individual using services openly advertised by other data brokers. Mobilewalla’s own CEO acknowledged in a March 2020 email that identifying a consumer’s home address from their device’s location history was more accurate than competitors’ methods because of in-house data compression technology.
• Precision was a selling point. Mobilewalla marketed the ability to target geolocation to a radius of 25 meters — close enough to determine which specific clinic waiting room, which specific church pew, or which specific protest corner a device was in.

The Products They Built From Your Location

Location data alone is not the final product. Mobilewalla processed raw GPS pings into categorized “audience segments” — labeled groups of real people, sorted by what their phone movements revealed about their bodies, beliefs, and politics. These segments were then sold to anyone willing to pay.

• Standard audience segments included labels like “Young Mothers” and “Music Lovers.” Custom segments were built for specific client requests, with no restrictions on what characteristics could be used to define membership in the group.
• Mobilewalla created audience segments targeting pregnant women by geo-fencing pregnancy centers and maternity clinics — drawing virtual perimeters around healthcare facilities and flagging every device that entered. Those flagged devices were then profiled and sold as an addressable audience.
• The company geo-fenced political rallies and protests retroactively — using historical location data to reconstruct who attended events weeks or months after they happened. It also geo-fenced polling places and state capitols to identify voters and political participants, then used overnight location patterns to find those people’s home addresses.
• Mobilewalla targeted religious communities by geo-fencing houses of worship. It targeted LGBTQ+ individuals by tracking visits to venues and service providers associated with that community. It offered Hispanic churchgoers as a purchasable audience segment.
• In June 2020, Mobilewalla published a report analyzing the demographics of George Floyd protesters — including racial composition. To infer race, the company used prior attendance at houses of worship. An internal company email explained the logic: “Hindu temples indicate you are highly likely to be Hindu/Indian, African-American churches indicate you are likely black etc.”
• A client used Mobilewalla’s data to propose geo-fencing the homes of individuals involved in a private lawsuit and tracking everywhere those people had traveled over the preceding two years — including whether they visited federal law enforcement offices.
• Mobilewalla experimented with tracking union organizers by geo-fencing their workplace and mapping where they traveled. It also helped a healthcare client poach nurses from competing hospitals by geo-fencing the nurses’ home addresses and the competing facilities, then targeting those nurses with recruitment advertising.
• For government clients, Mobilewalla transferred consumers’ precise GPS coordinates, IP addresses, timestamps, city, state, ZIP code, and device type. In one documented transfer, the company provided thousands of latitude and longitude coordinates for devices of interest — and the app-origin data in that transfer included signals from “Grindr iOS,” “Jack’d – Gay Chat & Dating,” and “My Mixtapez iOS.”

The Non-Financial Ledger

There is a Catholic priest who no longer has a job. A group obtained precise mobile geolocation data, identified by name a priest who had visited LGBTQ+-associated locations, and published the finding. He resigned. The FTC named this case in its complaint against Mobilewalla as a documented example of what location data actually does to real people when it leaves a company’s servers.

Think about what that means in practice. Someone charged their phone, opened an app, let the app know their location, and never thought about it again. Months or years later, a company none of us voted for, none of us contracted with, and none of us knew existed had assembled a detailed record of where that person went, when, and how often. Then they sold it. And someone used it to end a man’s career and expose the most private dimension of his life.

That is one story that made the news. The FTC complaint describes a marketplace of thousands of such possibilities operating simultaneously. Women visiting reproductive health clinics were captured inside Mobilewalla geo-fences and placed into audience segments labeled “abortion-minded women” or “abortion-vulnerable women” by third parties operating in the same data ecosystem. Ads were then served to those women on Facebook, Instagram, and other platforms — ads that appeared inside those women’s own social media feeds — pointing them toward scientifically unsupported “abortion reversal” procedures. One such ad read: “Took the first pill at the clinic? It may not be too late to save your pregnancy.” Those ads were seen 14.3 million times.

People fleeing domestic violence stay in shelters that do not publish their addresses. Those shelters appear in Mobilewalla’s raw location data as coordinates. The device of a person in crisis, seeking safety in a confidential location, was logged, timestamped, and retained in Mobilewalla’s servers. For how long? Indefinitely. The company said so in its own marketing materials: five-plus years of data, stored cheaply through proprietary compression.

A person seeking treatment for a specific medical condition does not expect their phone to file a report about that visit with a data broker who will sell that report to advertisers, political operatives, and government clients. They open an app. The app sends a signal. The signal feeds an auction. Mobilewalla intercepts the auction data it was never supposed to keep. And suddenly, that person’s health condition — inferred from the GPS coordinates of a specialist’s waiting room — is a line item in a commercial database.

The union organizer who thinks they’re safe talking to coworkers about working conditions. The person who attended a Black Lives Matter protest and whose church attendance data was later used to infer their race in a published report. The individual whose home address was reconstructed by tracking where their phone sat overnight, and whose two-year travel history — including visits to federal law enforcement buildings — was packaged and handed to a client in a private lawsuit. These are not hypotheticals. They are documented in the FTC complaint. The complaint was filed on their behalf. None of them knew their data was being used. Most of them will never know.

Mobilewalla’s own internal communications show employees understood what they were doing. When a client flagged that consumer consent disclosures did not even list Mobilewalla as a recipient of their data, and asked Mobilewalla to fix it, a company employee responded that requiring specific consent would kill the deal. They walked away from the client. They did not walk away from using the data.

The Receipts: What the Documents Actually Say

The following are verbatim quotes and direct factual statements from the FTC complaint. These are not paraphrases. These are the government’s words, sourced from Mobilewalla’s own records and internal communications.

“Hindu temples indicate you are highly likely to be Hindu/Indian, African-American churches indicate you are likely black etc.”

“Our ability to identify consumers’ home addresses using a consumer’s mobile device location history is more accurate than Mobilewalla’s competitors because of ‘our ability to store longer periods of data cheaply due to compression schemes we have developed in house.'”

“[A Mobilewalla employee wrote that] if, for U.S. consumers, the client wanted ‘specific consents…. This deal is dead.'”

“Respondent also transferred the name of the app from which each location signal originated, which included ‘Grindr iOS,’ ‘Jack’d – Gay Chat & Dating,’ and ‘My Mixtapez iOS.'”

“Mobilewalla has marketed its ability to determine whether a consumer attended any political rallies in the last five years.”

Societal Impact Mapping

Public Health

The intersection of location surveillance and healthcare access represents one of the most direct documented harms in this case. The FTC complaint provides specific, named examples of how this data pipeline reaches into clinical settings and weaponizes that access.

• Mobilewalla geo-fenced pregnancy centers and maternity clinics to build audience segments of pregnant women. Devices that entered those facilities were catalogued and their owners categorized — without any clinical encounter, any informed consent, or any awareness by the patient.
• Third parties operating in the same data ecosystem used MAID-based location data to target individuals who had visited Planned Parenthood and similar reproductive health clinics with ads pointing to “abortion reversal” — a procedure with no scientific support. These ads appeared in personal social media feeds and were seen 14.3 million times, according to reports cited in the FTC complaint.
• The Massachusetts Attorney General brought a 2018 enforcement action against a data broker that sent targeted advertising about abortion and alternatives to abortion to “abortion-minded women” — an audience segment defined by GPS proximity to reproductive health clinic waiting rooms. This is the documented downstream consequence of the data market Mobilewalla feeds.
• Mobilewalla’s raw location data can be used to identify which specific medical specialist a consumer visited — not just that they visited “a clinic,” but which facility treating which specific condition — and infer from that visit that the consumer has that condition. No HIPAA protection applies to location data collected outside the clinical relationship.
• Domestic abuse shelters appear in Mobilewalla’s data feeds as coordinates. A person who sought confidential shelter has their device’s presence at that location recorded, timestamped, and retained indefinitely. The FTC complaint identifies this explicitly as a sensitive location category for which Mobilewalla has no data removal policy.
• The company also sold data enabling the “poaching” of nurses from hospital competitors by geo-fencing their homes and workplaces — demonstrating that healthcare workers, in addition to patients, are subject to commercial targeting through this data pipeline.

Economic Inequality

Surveillance data follows power. The people most exposed to Mobilewalla’s products are the people with the least ability to avoid the consequences — and the companies purchasing the data have structural advantages those people cannot match.

• Welfare and homeless shelter locations are explicitly named in the FTC complaint as sensitive location categories tracked in Mobilewalla’s data with no removal policy. People in those locations are among society’s most economically vulnerable, and their shelter visits become commercial data points available to paying clients.
• Mobilewalla helped clients attempt to track union organizers by geo-fencing their workplaces and monitoring their subsequent movements. This is employer-side labor surveillance sold as a data product — applied specifically against workers attempting to exercise collective bargaining rights.
• The company’s audience segment system enables discriminatory economic targeting. Consumers can be sorted by inferred health conditions, immigration-adjacent religious affiliations, or income-correlated neighborhood patterns, and then served different offers, different prices, or different information based on those inferred categories — without the consumer knowing why.
• Because consumers cannot opt out of a system they don’t know exists, those with less digital literacy — often correlated with lower income and age — face higher exposure. A person who shares app location permissions without reading privacy policies is functionally unprotected in the ecosystem Mobilewalla operates within.
• Private lawsuit parties who cannot afford legal protection against retroactive geo-fencing of their homes and two-year travel histories are subject to commercially-packaged surveillance at a scale previously available only to state-level intelligence agencies. The FTC complaint documents a specific client proposal along exactly these lines.
• Mobilewalla marketed the ability to reconstruct five years of a consumer’s political rally attendance. Deployed as a political targeting or opposition research tool, this capability gives well-funded political or corporate actors asymmetric insight into the behavior of ordinary citizens who participated in democratic processes.

The Cost of a Life Metric

What Now: Who to Watch and What to Do

The FTC complaint identifies five separate counts of unfair trade practice. Understanding who is responsible and which agencies can act is the first step toward demanding accountability that goes beyond one company.

Who Is Named

• Mobilewalla, Inc.: The named respondent. Principal office at 5170 Peachtree Road, Building 100, Suite 100, Chamblee, Georgia 30341. Delaware corporation.
• Chief Executive Officer [REDACTED – Not in Source by name in complaint body]: Identified as the author of the March 2020 email describing the company’s home-address identification capability. The FTC complaint attributes this statement to the CEO by title.
• Commissioner Melissa Holyoak: The one dissenting commissioner. The complaint was issued over her dissent, meaning four commissioners voted to proceed. Her dissent is not explained in the complaint text.

Regulatory Watchlist

• Federal Trade Commission (FTC): The agency that filed this complaint under Section 5(a) of the FTC Act. Five separate counts are alleged. Monitor the FTC’s enforcement docket for a final order, which may include data deletion requirements, a ban on selling sensitive location data, and mandatory consent verification procedures.
• State Attorneys General: The Massachusetts AG’s 2018 action against a data broker for abortion-targeting ads — cited directly in this complaint — shows state-level enforcement is active. California, Texas, Illinois, and Washington have state privacy laws that may create additional liability for Mobilewalla’s practices.
• Department of Justice (DOJ): The complaint documents transfers of consumer location data — including LGBTQ+ app signals — to government clients. If those transfers involved federal law enforcement agencies, DOJ oversight is directly relevant.
• Consumer Financial Protection Bureau (CFPB): The CFPB has begun asserting jurisdiction over data brokers operating in ways that affect consumer financial decisions. Mobilewalla’s audience segment products — which sort people by inferred characteristics for targeting purposes — are within the scope of that inquiry.
• National Labor Relations Board (NLRB): Mobilewalla’s documented attempt to track union organizers’ travel using geo-fencing technology may constitute interference with protected labor organizing activity under the National Labor Relations Act.

What You Can Do Right Now

• Reset your advertising ID on your phone immediately. On iPhone: Settings → Privacy & Security → Tracking → disable “Allow Apps to Request to Track.” On Android: Settings → Privacy → Ads → reset your advertising ID. This does not erase existing data but interrupts future collection.
• Revoke location permissions for every app that does not require them to function. Check which apps have “Always On” location access and downgrade them to “While Using” or “Never.” The FTC complaint makes clear that location permissions in one app feed a data marketplace that has nothing to do with that app.
• File a complaint with the FTC at reportfraud.ftc.gov if you believe your location data has been collected and sold without your informed consent. The FTC acts on aggregated complaints — volume matters.
• Contact your federal representatives and demand a national consumer privacy law with a private right of action, data minimization requirements, and a prohibition on the sale of sensitive location data. Use the specific language of this FTC complaint when you write. Reference the five counts. Make them answer for each one.
• Support organizations fighting data broker surveillance at the legal and policy level. Electronic Frontier Foundation (EFF), Electronic Privacy Information Center (EPIC), and the ACLU’s Privacy & Technology Project are all actively litigating and lobbying in this space. Direct financial support and sharing their work both matter.
• If you are a union organizer, labor activist, or community organizer: assume your device’s location data has been or may be commercially available to your employer or adversaries. Use Signal for communications, limit app location permissions aggressively, and consult with your union’s legal counsel about digital security protocols.
• Share this investigation. The FTC complaint was filed in the public interest. Most of the people whose data Mobilewalla collected will never know this case exists. Changing that is the most direct form of resistance available to ordinary people right now.