Spyware, Spatial Data & Pokémon Go

GEOINT / Location Data / OSINT / Geofence Law Enforcement Abuse

Your Location Is the Most Dangerous Data You Generate

Governments and intelligence agencies have long understood something the public is only beginning to grasp: precise, continuous location data is more revealing than the content of your communications. A transcript of your phone calls tells investigators what you said. Your movement history tells them where you live, where you worship, who you sleep with, what doctor you see, what protests you attend, and when you're not home.

The modern surveillance challenge — for states and private actors alike — is that citizens have been convinced to carry precision location beacons voluntarily, in their pockets, at all times. Smartphones, fitness trackers, smart watches, and — critically — consumer apps generate a continuous stream of GPS-precise location data that is harvested, sold, purchased, subpoenaed, and in some cases simply stolen by actors ranging from police forces to foreign intelligence services.

The Scale

A 2024 Federal Trade Commission investigation found that data brokers were selling location data precise to within a few metres, updated multiple times per hour, on hundreds of millions of Americans — with no meaningful consent framework. The data was being purchased by law enforcement, private investigators, insurance companies, employers, and foreign entities.

What "Spatial" Surveillance Actually Means

Spatial surveillance goes beyond simply knowing where someone is. Modern geospatial intelligence (GEOINT) tools allow analysts to:

Pattern-of-life analysis: Map a person's regular movements over weeks or months — home, workplace, places of worship, medical facilities, regular contacts, anomalies
Co-location analysis: Identify all devices present at a given location at a given time — who was at a protest, a meeting, a hotel room
Social graphing from movement: Infer relationships between people from overlapping location histories without ever reading a single message
Predictive profiling: Use movement history to predict future behaviour — where someone will be, who they're likely to meet, when they're vulnerable
Identity resolution: De-anonymise supposedly anonymous location datasets by correlating home and work locations with public records

The Pokémon Go Database — A Case Study in Weaponised Play

🏏

Pokémon Go — Niantic Labs

Released July 2016 — 500M+ downloads — Active in 150+ countries

Pokémon Go is the world's most successful augmented reality game — and one of the most extensive civilian location-data collection operations ever conducted. Players move through the physical world to catch virtual creatures, battle at "gyms," and visit "PokéStops." Every movement is logged, timestamped, and transmitted to Niantic's servers.

GPS Precision

Location data logged to within 3–5 metres. Updates multiple times per minute during active play. Passive background location collected even when app is closed, on most device configurations.

Movement Mapping

Every route walked, every location visited is logged with timestamps. Over months of play, Niantic holds a near-complete movement profile of each user.

Social Mapping

Friend systems, raid battles, and gym cooperation create a social graph. Who plays together, when, and where — revealing real-world relationships Niantic's data can map.

Device Fingerprinting

Device identifiers collected alongside location allow cross-referencing with other datasets — potentially linking a Pokémon Go account to other apps, advertising IDs, and real-world identity.

The Niantic / In-Q-Tel / Google Connection

Niantic was not an independent startup. It was founded in 2010 as an internal startup within Google by John Hanke — who had previously led Google Maps and Google Earth. In 2015, Niantic spun out as an independent company with Google as one of its primary investors.

Critically: Hanke's earlier mapping project at Keyhole Inc. — the company whose technology became Google Earth — was funded in part by In-Q-Tel, the CIA's venture capital arm. Keyhole's geospatial database technology was of direct intelligence interest, and In-Q-Tel's investment gave US intelligence agencies insight into and influence over the development of foundational geospatial mapping technology.

While Niantic itself has not been publicly confirmed as an In-Q-Tel portfolio company, the organisational lineage — from In-Q-Tel-backed Keyhole, through Google Maps, to Niantic — represents a continuous thread of intelligence-community-adjacent geospatial data development.

What Niantic's Privacy Policy Actually Allows

Niantic's privacy policy permits sharing of user data — including location data — with "service providers," "business partners," and "affiliates," and requires compliance with "valid legal requests including subpoenas, court orders, or search warrants." There is no notification requirement to users when their data is subpoenaed. The policy is governed by US law, meaning UK and EU users' data is subject to US legal process — including national security process under FISA.

The Large Geospatial Model — Player-Sourced Training Data at Scale

In November 2024, Niantic publicly announced its Large Geospatial Model (LGM) — a foundation AI model trained on visual data uploaded by Pokémon Go and Ingress players through the in-app scanning features (Wayfarer / "Scan PokéStop" / Scaniverse). Niantic disclosed that the model had been trained on:

Over 10 million scanned locations worldwide
More than 1 million activated Visual Positioning System sites
Approximately 50 million neural networks of place-specific data
Roughly 150 trillion parameters of trained geospatial intelligence

In effect, the world's Pokémon Go players have been crowdsourcing — for free, often unknowingly — a high-resolution 3D model of every park, street corner, school playground, place of worship, government building and private property near which the game is played. The LGM is exactly the kind of street-level, ground-truth dataset that satellite imagery cannot produce — and that an intelligence service would otherwise have to build using its own operatives.

Speculation / Personal Allegation

Beyond the documented LGM disclosures, it is alleged that the underlying corpus — billions of images and short videos uploaded by Pokémon Go users — has been made available (or replicated) to US intelligence-aligned partners. Specifically:

Google retains continuing equity and infrastructure ties to Niantic from its 2015 spin-out, and Niantic's image/video pipeline historically ran on Google Cloud infrastructure
Mandiant — acquired by Google in 2022 for $5.4bn and now part of Google Cloud Security — sits inside the same corporate structure that hosts that data, and routinely works alongside US government clients including CISA, FBI Cyber, and Five Eyes partners
Independent commentary has alleged that on the order of 30 billion images and videos of users and their surroundings have been collected through Pokémon Go's scanning ecosystem since launch — a corpus that, if true, dwarfs any single state-run image database

Niantic has not publicly confirmed any intelligence-community data-sharing arrangement, and the 30-billion figure is not stated in Niantic's own published LGM materials. It is included here as an allegation requiring further evidence, not as an established fact.

Children's Data — The Real Concern

Pokémon Go is rated PEGI 3 / ESRB Everyone and has been played by millions of children worldwide since 2016. The scanning features capture imagery of schools, playgrounds, after-school clubs, and the inside of homes wherever a child holds up the phone. Under UK GDPR Article 8 and the US Children's Online Privacy Protection Act (COPPA), location and image data of under-13s is subject to enhanced protections — yet there is no mechanism by which a parent can audit, retrieve, or compel deletion of the visual scans their child has contributed to the LGM training set. If the speculative pipeline above is accurate, the children's data concern is not abstract: it is that the imagery of minors and their environments is now embedded in a foundation model the company itself describes as a step toward AI agents that "perceive, comprehend, and navigate the physical world."

Law Enforcement Use of Gaming Location Data — Documented Cases

Niantic Geofence Warrant — Federal Case (US)

Documented 2020 — Electronic Frontier Foundation analysis

Federal law enforcement has used geofence warrants — demanding all device identifiers and location data from a specific area during a specific time window — against gaming and app companies including Niantic. A geofence warrant requires no individual suspicion; it sweeps up every user who happened to be in a location. This has been used at protest sites, crime scenes, and political events. Users of Pokémon Go who happened to play near a relevant location have been caught in geofence dragnets.

Suspect Located Via Pokémon Go Play History

Rhode Island, US — 2016

In one of the earliest documented cases, a murder suspect was located partly through his Pokémon Go play history. Law enforcement obtained his in-game location logs, which placed him near the crime scene and helped establish a timeline. The case demonstrated that gaming data — which users rarely think of as surveillance-relevant — is fully subject to criminal subpoena.

Location Data Purchased by US Military & Intelligence

Vice / Motherboard Investigation — 2020

Vice's Motherboard investigation revealed that the US military — including Special Operations Command and US Marine Corps — had purchased commercially available location data harvested from consumer apps including weather apps, games, and prayer apps used by Muslim communities. The data, sold by brokers like X-Mode and Babel Street, included location traces precise enough to track individuals' daily movements. X-Mode's SDK was embedded in hundreds of apps — potentially including gaming apps — collecting location data that users had no awareness was being sold to government clients.

Venntel / DHS Border Patrol — Gaming App Data

Wall Street Journal Investigation — 2020

The Department of Homeland Security purchased location data from broker Venntel — which sourced data from consumer apps, including games — to track migrants crossing the US-Mexico border. The data identified devices inside private homes as well as vehicles. No warrant was obtained; DHS argued commercial purchase of data requires no Fourth Amendment compliance.

How Spatial Spyware Works — Beyond Gaming

Consumer apps are only one vector. State-grade spyware tools combine spatial tracking with full device compromise:

Pegasus — NSO Group (Israel)

Military-grade mobile spyware — deployed by 45+ governments

Pegasus requires zero interaction to install — a "zero-click" exploit. Once installed, it continuously transmits GPS location data, microphone audio, camera imagery, encrypted message content, call logs, and browser history to the operator. Crucially, it tracks location even when the phone's location services are disabled, by triangulating from cell towers, WiFi networks, and Bluetooth. The Citizen Lab has identified Pegasus infections on the phones of journalists, lawyers, opposition politicians, human rights workers, and heads of state. Confirmed deployments include governments in the UK, UAE, Saudi Arabia, India, Mexico, and Rwanda.

Abuse: Saudi Arabia used Pegasus to track journalist Jamal Khashoggi prior to his murder at the Saudi consulate in Istanbul. The UK's Metropolitan Police were found to have had access to Pegasus. India's government used it against opposition politicians and journalists covering corruption.

IMSI Catchers / "Stingrays"

Cell-site simulators — used by police forces worldwide including UK and US

IMSI catchers impersonate cell phone towers, forcing nearby devices to connect to them. They capture the unique IMSI identifier of every phone in range — enabling mass identification of all devices at a protest, meeting, or event — and can geolocate individual devices to within metres. UK police forces including the Metropolitan Police use IMSI catchers under RIPA/IPA authorisation. Their use is rarely disclosed even in court, and individuals targeted are almost never informed.

Abuse: Documents obtained by Privacy International confirmed Met Police use of IMSI catchers at protests and demonstrations. The legal basis — and the data retention policies — remain classified. No UK court has ruled on their legality in an adversarial hearing.

Fog Reveal / Locate X — Commercial Dragnet Tools

Law enforcement commercial platforms — US & Five Eyes

Fog Reveal (developed by Fog Data Science) and Locate X (Babel Street) allow law enforcement to query a commercial database of location data — harvested from apps — to conduct retrospective surveillance without a warrant. An officer can draw a geofence around any location and pull a list of all device IDs that were present. They can then track any of those devices' complete movement history — home, work, church, clinic, protest. The American Civil Liberties Union obtained records showing hundreds of US law enforcement agencies using Fog Reveal, many without any warrant or judicial review.

Abuse: ACLU analysis found agencies using Fog Reveal to investigate non-violent offences, surveil political demonstrations, and conduct "fishing expedition" investigations by mapping movements of persons of interest before any specific crime was identified.

Palantir Gotham — Predictive Spatial Profiling

Data fusion platform — deployed by Met Police, GCHQ, FBI, CIA, ICE

Palantir's Gotham platform ingests data from multiple sources — criminal databases, social media, CCTV, location data, phone records, financial data — and fuses them into individual profiles that can be mapped spatially and queried for predicted behaviour. The UK Metropolitan Police used Palantir's platform under a contract revealed during COVID-19. GCHQ and the Home Office also have Palantir contracts. In the US, Palantir tools used by ICE have been used to build deportation target lists from fused location and social data.

Abuse: A 2023 investigation found Met Police's Palantir implementation included "gang matrix" data — a database disproportionately populated with young Black men — feeding predictive policing systems that directed stop-and-search operations, creating a discriminatory feedback loop.

The Geofence Warrant Pipeline — How Your Game Data Reaches the FBI

STEP 01

You play a location-based game or open an app with a tracking SDK

GPS coordinates, timestamps, device ID transmitted to app servers and potentially to embedded third-party data brokers whose SDKs are inside the app.

STEP 02

Data broker aggregates and packages your location history

Your movement data is combined with millions of others into a queryable commercial database. Your identity is nominally anonymised — but your home and workplace coordinates make re-identification trivial.

STEP 03 — PATH A: Commercial Purchase

Law enforcement buys access directly — no warrant

Agencies including FBI, DHS, ICE, and local police purchase access to the broker's platform. No Fourth Amendment warrant required because the data was "voluntarily" shared with a third party (third-party doctrine).

STEP 03 — PATH B: Geofence Warrant

Warrant served directly on app company

FBI or police serve a geofence warrant on the app company (e.g. Niantic, Google, Apple) demanding all device IDs and location records for a specific area and time. Company complies. No notification to users.

STEP 04

Your device ID is identified in the data

Your device appears in the results. Investigators query your full movement history across weeks or months. Your home, workplace, and regular contacts are identified — without ever touching your phone.

STEP 05

Data used to justify further investigation — or as leverage

Movement data is used to build probable cause for a search warrant, to identify associates, to confront targets with "we know where you've been," or — in documented cases of abuse — to intimidate, harass, or build pressure files on individuals without any criminal predicate.

Intimidation and Coercion via Location Data — The Documented Pattern

Beyond straightforward criminal investigation, location data has been documented as a tool of intimidation and extrajudicial pressure:

Confrontational disclosure: Law enforcement or intelligence officers confront targets with precise details of their movements — "we know you were at X on date Y" — without disclosing how they know, to signal surveillance capability and induce compliance or self-censorship
Constructing compromising narratives: Movement data showing a target at a sensitive location (a clinic, a hotel, a political meeting) is used to build pressure files — not as evidence in court, but as leverage in informal encounters
Identifying journalist sources: Law enforcement has used geofence warrants at newspaper offices and journalist meeting locations to identify who visited — effectively identifying confidential sources without accessing communications
Chilling protest: The documented use of geofence warrants at protest locations creates a deterrent effect — individuals who know (or suspect) their game data and phone location is logged avoid protests for fear of being identified
Domestic abuse: Access to commercial location data has been exploited by abusers with law enforcement connections — who use police-adjacent tools or subpoena access to track victims

"Location data is not metadata. It is not less sensitive than the content of a call. Knowing where you go, when you go there, and who you go with tells an investigator almost everything about your life — and you gave them that data because you wanted to catch a Pikachu."

— Jennifer Granick, ACLU Surveillance and Cybersecurity Counsel (paraphrased, 2021)

Primary Sources & Further Reading

Vice / Motherboard, "How the U.S. Military Buys Location Data from Ordinary Apps" (2020)
Wall Street Journal, "Government Agencies Buy Vast Quantities of Location Data" (2020)
ACLU, "How Fog Reveal Lets Cops Conduct Warrantless Surveillance" (2022)
Citizen Lab, "Pegasus: How a Spy in Your Pocket Threatens the End of Privacy" (multiple reports 2018–2024)
Amnesty Tech, "Forensic Methodology Report: How to Catch NSO Group's Pegasus" (2021)
EFF, "Geofence Warrants and the Fourth Amendment" (2020–2024)
Federal Trade Commission, "Data Brokers: A Call for Transparency and Accountability" (2024)
Privacy International, "IMSI Catchers in the UK" (2022)
The Guardian, "Met Police using Palantir software to fight crime" (2020)
Niantic, Inc. Privacy Policy (current version — niantic.com)
In-Q-Tel / Keyhole Inc. investment history — public record
Nathan Sheard, EFF, "Geofence Warrants: The Dragnet in Your Pocket" (2022)