In April 2026, U.S. Central Command confirmed that commercial smartphone data was being used to track American forces stationed abroad, a vulnerability that has left service members exposed in active conflict zones. The confirmation came as Iranian missile and drone strikes had damaged U.S. installations across the Gulf region, forcing commanders to disperse thousands of troops into hotels and office buildings lacking base perimeter security. Each of those service members carried phones broadcasting location data that remains available for purchase on commercial markets.

The vulnerability is not new. In 2016, defense intelligence contractor Mike Yeagley demonstrated before Joint Special Operations Command leadership how he could reconstruct training routines, deployments, and home addresses of operators in a classified unit by purchasing commercially available data from his home office in Maryland, without hacking any system. The same issue resurfaced in 2018 when fitness app Strava inadvertently exposed forward operating base layouts through its public heatmap. In 2024, journalists demonstrated the risk by tracking U.S. troops at bases across Germany using commercial advertising data purchased on the open market.

What the Left Is Saying

Sen. Ron Wyden (D-Ore.), joined by Reps. Elijah Crane (R-Ariz.) and Scott Perry (R-Pa.), sent a formal letter to the Defense Department's chief information officer demanding immediate action and answers regarding troop location security. The Oregon Democrat has long advocated for stricter data privacy protections and has argued that current voluntary guidelines have failed to address systemic vulnerabilities. His office emphasized that American service members should not be exposed to surveillance risks that commercial consumers face, particularly when those risks involve national security implications.

Progressive advocacy groups have echoed calls for comprehensive legislative solutions rather than piecemeal policy adjustments. They argue that the Defense Department cannot rely on troops individually toggling privacy settings or choosing alternative search engines, pointing to research showing that modern applications can reconstruct device fingerprints from hundreds of signals regardless of GPS permissions.

What the Right Is Saying

Republican lawmakers including Reps. Crane and Perry have framed the issue as a failure of Pentagon leadership to act on warnings spanning more than a decade. Conservative defense hawks argue that protecting troop location data is a basic force protection imperative that should not require congressional intervention. They point to the billions spent on conventional security measures while this vulnerability remained unaddressed.

Defense Department officials have noted existing policies restricting device usage in sensitive locations but acknowledge that current approaches cannot fully address commercial data collection. A Pentagon spokesperson stated that the department continuously reviews operational security protocols and is working to develop more comprehensive safeguards for personnel in deployed environments.

What the Numbers Show

The Strava heatmap incident in 2018 exposed the outlines of classified installations across Syria, Iraq, Afghanistan, and other locations where U.S. forces operated. The company subsequently disabled public access to the feature after receiving notification from military officials. Commercial location data brokers collect information from an estimated average of 200 apps per smartphone user, according to industry analysts. The Defense Department has spent approximately $700 billion annually on overall operations in recent fiscal years while addressing digital vulnerabilities through relatively modest cybersecurity initiatives.

A 2024 investigation by journalists demonstrated that purchasing commercial advertising data for less than $200 could track individual devices at U.S. military installations abroad, including identifying patterns linking base locations to soldiers' home addresses. The bipartisan letter from Wyden, Crane, and Perry has not yet received a formal response deadline from the Defense Department.

The Bottom Line

Congress is currently considering amendments to the National Defense Authorization Act that would direct the Pentagon to develop technologies reducing signals broadcast by military personnel devices and provide commanders visibility into data their units are releasing commercially. The threat has been confirmed by Central Command, and the proposed remedies involve procurement and policy changes rather than new regulatory frameworks. What remains unclear is whether legislative mandate or departmental initiative will drive the final solution, and what timeline would apply to implementation across deployed forces worldwide.