By now, we all know that mobile advertisements aren't secure. How would an attacker take advantage of that, though, and spy on people without their consent, knowledge, or interaction? And how do we defend against that? This talk will be a journey through the demand-side of advertising as we put ourselves in the role of an attacker, build an ad-based surveillance system, and unleash it on the masses. Mark will demonstrate how, using the built-in features of advertising demand-side platforms (DSPs), it's easy to build a surveillance system that can track unsuspecting people. He'll demonstrate that some platforms make it much easier than it needs to be, and show that there's more than just geolocations at risk here. Finally, Mark will discuss some ways that everyone can help mitigate this, from the users all the way up to the ad networks and software developers. Like every good spy story, this one includes Russian ad networks, hastily written code, and GPS coordinates - lots of GPS coordinates. By now, if you're still clinging desperately to the hope that your location is safe, then this talk is for you!