The National Security Administration issued a white paper on location data:

  • Using a mobile device — even powering it on — exposes location data.
  • Cellular providers and commercially available rogue base stations receive real-time location information.
  • Location data is stored on the mobile device.
  • Websites use browser fingerprinting to harvest location information, and WiFi access points and Bluetooth sensors can reveal location information.
  • Disabling location services on a mobile device does not turn off GPS and only limits access to GPS and location data by apps, not the operating system.
  • Even if GPS and cellular data are unavailable, location can be determined using Wi-Fi, bluetooth, sensor data or browser information.
  • Anything that sends and receives wireless signals has similar location risks (e.g. fitness trackers, smart watches, smart medical devices, Internet of Things (IoT) devices, and built-in vehicle communications).
Things to do:
  • Disable location services settings on the device.
  • Give apps as few permissions as possible.
  • Disable advertising permissions.
  • Use a VPN.
  • Don’t take the phone with you.

Read the NSA white paper.