Millions tap open Microsoft Edge or Aloha Browser on their phones each day. Few realize those apps know exactly where they stand. And some pass that information straight to third parties.
A study released this year laid it bare. Over half of the 15 most popular mobile browsers collect location data. Four go further. They pull precise coordinates. TechRadar broke down the numbers on June 3, 2026. Microsoft Edge and Aloha stand out. Both admit to sharing that pinpoint data.
The findings come from Surfshark. Researchers examined privacy labels on the Google Play Store. They cross-checked policies. The result? A clear ranking of data hunger. Yandex led with 25 types of user information out of 38 possible categories. Microsoft Edge followed at 20. Google Chrome sat close behind with 19. Aloha collected fewer overall. Yet it still grabbed precise location details.
What the data reveals about sharing practices
Collection alone raises eyebrows. Sharing pushes the risk higher. Edge sends precise location, approximate location and user IDs to outside companies. Aloha forwards precise and approximate location plus crash logs. The disclosures come directly from the apps’ own labels. No speculation needed.
Justas Pukys, senior product manager at Surfshark, put it plainly. “Your browser maps your daily routine and weekend plans before you’ve shared them with anyone. This location tracking is a profit-driven exploitation of personal habits, rather than a technical necessity for the browser to function.”
His words cut through marketing speak. Browsers don’t require constant location access to load web pages. Sites that need it can ask once. Weather apps. Delivery services. One permission. Done. Yet some browsers keep watch anyway.
And. The habit sticks. Users grant broad permissions during install. They forget. The app runs in the background. It logs movements. It builds patterns. Home. Office. Gym. Doctor. The map fills in. Data brokers buy pieces. Advertisers stitch them together.
But the problem runs deeper. A VPN hides your IP address. It encrypts traffic. It cannot block an app that already holds GPS permission. The location bypasses the tunnel. Your real spot appears anyway. That detail emerged clearly in the Surfshark analysis and related coverage.
Seven browsers in the review collect no app-level location data. Tor. Brave. DuckDuckGo. Ecosia. Samsung Internet. UC Browser. Mi Browser. Their policies state it outright. Privacy does not demand sacrifice in speed or features. The choice sits with developers.
Contrast that with the leaders. Yandex cited five reasons for location collection. Personalization. Advertising. App function. Analytics. Fraud prevention. Edge and Chrome listed similar broad purposes. Aloha’s approach looked lighter on total data types. Six to eight categories. The location sharing still landed it among the sharers.
Microsoft offers controls. Its support page explains how to turn off location prompts. Go to Settings. Privacy, search and services. Location. Flip the toggle. The browser stops asking sites for precise data. Microsoft Support lists the steps clearly. Yet the app itself still collects and shares in some configurations according to the Play Store labels.
Aloha markets its built-in VPN heavily. It promises privacy. Its policy page says it avoids logging IP addresses or visited sites on VPN servers. Still, the browser component shares location data per the study. The two faces sit side by side. One sells protection. The other passes coordinates.
Recent coverage amplified the concern. A January 2026 TechRadar piece on the broader Surfshark report flagged Yandex, Edge and Chrome as the most data-hungry. It noted that shared data often fuels detailed advertising profiles. Payment information. Crash logs. App interactions. The list grows. That earlier TechRadar article warned of the downstream effects.
Surfshark’s full study dropped in January 2026. It scored countries too. Europe showed lower risk on average. Norway, Sweden and Denmark led. Parts of Africa and South America scored higher because their popular browsers collect and share more aggressively. The methodology weighed market share. It added collection volume to sharing volume. Simple. Revealing.
Users rarely read those Play Store labels. Only two in ten consider themselves conscious of privacy policies, one related survey found. Habits persist. Chrome holds roughly seven in ten users worldwide. Its data practices influence billions of sessions.
Location data carries special weight. It reveals routines. It infers health visits. It suggests political attendance at rallies. It tracks children if the phone travels with them. Once shared with third parties, control evaporates. Brokers resell. Bad actors target. The chain moves fast.
So what now? Device settings offer one fix. Set location to approximate instead of precise at the operating system level. Check individual app permissions. Revoke where possible. Switch browsers for daily use. The privacy-focused options work well for most browsing.
Microsoft has updated Edge privacy documentation multiple times. It stresses that it does not tie location data to Microsoft accounts in many cases. It respects InPrivate and guest mode settings. Those statements appear in official docs. The Surfshark review still flagged the sharing disclosures on the Android platform.
Aloha’s privacy page emphasizes no activity logging through its VPN. It notes that some partner sites or search engines might still see IP details. The company says selected partners follow similar confidentiality rules. The location sharing happens at the browser level separate from the VPN tunnel.
The gap between marketing and practice frustrates security professionals. Enterprises deploy Edge for managed devices. They assume controls limit exposure. Location sharing to unknown third parties complicates compliance with strict data rules. Hospitals. Banks. Government agencies. All face questions.
Regulators watch closer. Europe’s rules already bite on consent and data minimization. Similar conversations grow in the U.S. and elsewhere. Browser makers may face pressure to narrow their disclosures or change defaults.
For now the data sits in the open. The study used only publicly declared information. No hacking. No leaks. The apps told regulators and stores what they do. Users simply never looked.
Short term, pick Brave or DuckDuckGo for sensitive work. Long term, demand clearer defaults. One-time location requests should become standard. Continuous background collection should shrink. The technology exists. The will must follow.
Until then, every tap on Edge or Aloha carries a quiet risk. Precise coordinates. Third-party hands. A map of your life sold without fanfare. The browsers know. Now you do too.
WebProNews is an iEntry Publication