Mobile carriers can get your GPS location
5 days ago
- #GNSS
- #privacy
- #cellular tracking
- Apple introduced a privacy feature in iOS 26.3 limiting 'precise location' data shared with cellular networks, available only on devices with Apple's in-house modem.
- Cellular networks can determine location via cell towers with accuracy ranging from tens to hundreds of meters.
- Cellular standards include protocols (RRLP for 2G/3G, LPP for 4G/5G) that silently request and receive GNSS (GPS, etc.) location data from devices, offering single-digit meter precision.
- GNSS location is calculated passively and isn't meant to leave the device, but carriers can request it via built-in protocols.
- These capabilities have been used by agencies like the DEA in the US and Shin Bet in Israel for tracking, often without public awareness.
- Shin Bet used this data for COVID-19 contact tracing, indicating the precision of the collected location data.
- Unknown if RRLP and LPP are the only methods used for GNSS data collection or if other protocols/backdoors exist.
- Concerns about remote exploitation by foreign carriers, like Saudi Arabia's abuse of SS7, though less precise than GNSS.
- Apple's move to limit mass surveillance is praised, but users should have the option to disable GNSS responses to carriers and be notified of attempts.