The National Security Administration issued a white paper on location data:
- Using a mobile device — even powering it on — exposes location data.
- Cellular providers and commercially available rogue base stations receive real-time location information.
- Location data is stored on the mobile device.
- Websites use browser fingerprinting to harvest location information, and WiFi access points and Bluetooth sensors can reveal location information.
- Disabling location services on a mobile device does not turn off GPS and only limits access to GPS and location data by apps, not the operating system.
- Even if GPS and cellular data are unavailable, location can be determined using Wi-Fi, bluetooth, sensor data or browser information.
- Anything that sends and receives wireless signals has similar location risks (e.g. fitness trackers, smart watches, smart medical devices, Internet of Things (IoT) devices, and built-in vehicle communications).
Things to do:
- Disable location services settings on the device.
- Give apps as few permissions as possible.
- Disable advertising permissions.
- Use a VPN.
- Don’t take the phone with you.