Wednesday, June 24, 2026

Valyrian News Network

Understanding, Automated

National Security Technology

Adversaries Track US Troops via Commercial Phone Apps

Valyrian News Network 5 min read

Adversaries Track US Troops via Commercial Phone Apps

A bipartisan group of 14 U.S. lawmakers has demanded urgent action from the Pentagon after U.S. Central Command (CENTCOM) confirmed that foreign adversaries are exploiting commercially available location data to track and surveil American military personnel in active war zones. The revelation, made public on May 28, 2026, marks the first official Pentagon confirmation that commercial data broker information is being weaponized against U.S. troops.

The Security Vulnerability

According to Fox News, adversaries are purchasing location data from commercial data brokers who collect information through smartphone advertising IDs, real-time bidding networks for digital ads, and other commercial systems. The data, originally gathered for targeted advertising, is being repurposed to identify military installations, monitor troop movements, and track individual service members.

In a letter to Pentagon Chief Information Officer Kirsten Davies, lawmakers led by Sen. Ron Wyden (D-OR) and Rep. Pat Harrigan (R-NC) wrote: “That foreign adversaries are still able to buy location data collected from the phones of U.S. personnel serving in military hotspots is a direct result of DOD leadership’s failure to prioritize this threat and implement common sense cyber defenses recommended by federal cybersecurity experts.”

A Decade of Warnings

The threat is not new. As The Register reported, government contractors briefed military leadership about the ease of tracking smartphones owned by military members as far back as 2016. The Pentagon has known about the vulnerability for over a decade yet failed to implement basic protections.

In 2018, the fitness-tracking app Strava inadvertently revealed the locations and movement patterns of military personnel through a global heat map, prompting the Pentagon to issue guidance restricting geolocation-sharing apps in operational areas. However, lawmakers argue that basic protections remain incomplete.

According to Defense One, CENTCOM only rolled out the capability to administratively disable location sharing on government-issued smartphones in May 2026 — years after the threat was known. Advertising identifiers — unique tracking numbers used by advertisers and data brokers — remain active on government-issued devices despite longstanding recommendations from the NSA and CISA to disable them.

Direct Threats to Families

The threat extends beyond the battlefield. As Navy Times reported, service members and their families have received direct threats from foreign adversaries believed to be connected to the Islamic Revolutionary Guard Corps (IRGC) via email, social media, and text messages. In some cases, IRGC members have shown up at hotels in Gulf countries inquiring about U.S. service members.

Sarah Streyder, Executive Director of the Secure Families Initiative and wife of a Space Force guardian, told Navy Times: “For folks we’ve heard from, threats began a few weeks after the U.S. strikes against Iran began. This certainly isn’t the first time U.S. service members and their families have received threats from foreign adversaries… It’s scary and it’s silencing.”

The Data Broker Ecosystem

The commercial data broker industry collects and sells vast amounts of personal information, including precise geolocation data, from smartphones, apps, and advertising networks. Justin Sherman, CEO of Global Cyber Strategies, explained the scope of the problem to Fox News: “If you’re one of the United States’ foreign adversaries, you have advanced cyber capabilities, but you see all this U.S. data out there on the commercial market, you’d think: ‘why hack when I can buy?’”

A joint investigation by WIRED, Bayerischer Rundfunk, and Netzpolitik.org in November 2024 found that more than 3 billion phone coordinates collected by a U.S. data broker exposed the detailed movements of U.S. military and intelligence personnel in Germany, including locations of homes, children’s schools, and nuclear weapons storage sites.

Analysis and Implications

The revelations expose a fundamental national security failure: foreign adversaries can track U.S. troops in active war zones not through sophisticated hacking, but by simply purchasing data legally collected by American companies. As Sen. Wyden told TechCrunch, “It’s time to start treating the adtech industry as a national security threat.”

Several tensions complicate the response. The Army is phasing out government-issued smartphones in favor of a Bring Your Own Device (BYOD) program, potentially exacerbating the vulnerability by putting more personal devices with less centralized control into operational areas. Meanwhile, the U.S. lacks comprehensive federal privacy legislation regulating data brokers, creating an inherent conflict between commercial interests and national security.

What’s Next

Lawmakers are demanding that the Pentagon disable advertising identifiers on all government-issued smartphones, issue guidance requiring personnel to do the same on personal devices, and replace advertising-friendly web browsers with privacy-focused alternatives. The bipartisan nature of the letter suggests potential for congressional action on data broker regulation, though similar efforts have stalled in the past.

The Pentagon has declined to comment publicly, stating only that it will respond to Wyden’s letter. With U.S. troops currently deployed in active operations in the Middle East, the urgency of the situation cannot be overstated — lives depend on closing this vulnerability that has been left open for far too long.