The FTC charged Life360 with selling precise location data of approximately 32 million users -- including children -- to data brokers without adequate consent (January 2024). The FTC consent order banned Life360 from selling, licensing, or sharing precise location data. The FTC found Life360 failed to ensure data brokers deleted or de-identified data as claimed. Life360's own internal audits revealed brokers were not complying with contractual restrictions. The company continued selling data even after learning brokers were misusing it. Life360 sold data to approximately a dozen brokers including Cuebiq, X-Mode Social, Arity (an Allstate subsidiary), and SafeGraph.

Class action Hughes v. Apple (Case 3:22-cv-07668) survived Apple's motion to dismiss, representing dozens of stalking victims. The suit alleges AirTags revolutionized stalking due to $29 price, tiny size, and precision accuracy.

The Markup investigation (2021-12-06) revealed Life360 — Tile's parent company since January 2022 — was selling precise location data of tens of millions of users to approximately 12 data brokers including Safegraph, X-Mode (Outlogic), Placer.ai, and Arity (Allstate). FTC took action against X-Mode in January 2024, banning sale of sensitive location data. Life360 stopped selling to most brokers only after media exposure but continued selling to Arity and aggregated data to Placer.ai.

Security research (arxiv:2210.14702) found that SmartTag firmware v1.02.06 accepts Just Works BLE pairing, allowing attackers to extract the Identity Resolving Key (IRK). The IRK is persistent across reboot and account switching, enabling attackers to resolve all rotating Resolvable Private Addresses (RPAs) and track the physical tag indefinitely. The 15-minute ID rotation is rendered meaningless when the IRK is compromised. Additionally, the advertising counter accepts data older than 7 days, undermining replay attack prevention.