Comment by csdvrx
3 years ago
> It doesn't depend on whether you have location enabled
It's even better: the location can be enabled through a network initiated request. This is because A-GPS works "both ways". See https://en.wikipedia.org/wiki/Assisted_GNSS#SUPL : SUPL Position Calculation Function (SPCF) lets the client or the server ask for the client’s location.
As part of the FCC’s updated 911 requirements, where cell phones (with no set location) are required to be routed to the correct 911 center, aGPS was developed to not only help GPS get a faster TTFF (time to first fix), but to transmit location data to the carrier (and to anyone else who can intercept the data)
> If all of this bothers you, contact your state legislators
If you don't like that and want a quick fix, on android devices check /data/vendor/agps_supl/agps_profiles_conf2.xml for ni_request="true": this is the Network-Induced Location Request functionality, where the network asks for the GPS position. Change that to false.
Personally, I believe 911 AGPS is of limited use: if I'm unconscious and can't dial, the phone 911 AGPS working won't do me any good. If I'm conscious and I can dial, I can also open a map app.
Still, if you want to keep the 911 stuff, just change reject_non911_nilr_enable="false" to true (because yes, by default, everything goes - 911 or not)
There's also lpp_enable="true" (LTE Positioning Protocol, yet another method by which cellular providers can pinpoint your location via aGP S), imsi_enable="true" (which transmit a unique identifier along with the AGPS request!)
Check also /data/vendor/agps_supl/agps_profiles_conf2_prv.xml
Or even better: don't use a phone. I have a 5G/LTE module in my laptop when I need internet connectivity: it's turned off the rest of the time (rfkill block wwan). You can also disable the power to this M2 port (saving battery if you care about that)
> Personally, I believe 911 AGPS is of limited use: if I'm unconscious and can't dial, the phone 911 AGPS working won't do me any good. If I'm conscious and I can dial, I can also open a map app.
For what it's worth, new phones can detect car crashes and initiate a 911 call if you don't actively stop that.
What if you're not unconscious, but badly concussed or otherwise dazed? You can't count on having a clear and level mind in the aftermath of an unspecified emergency.
If I don't have a clear mind due to being "badly concussed or otherwise dazed", what makes you think my mind would be clear enough to place a call?
Because 911 is relatively simple and has been drilled into people since they were kids? I don't know man, I think being able to dial 911 is a lot simpler than being able to read your location off a map. Trying to find street names on google maps can be hard enough when my brain is working correctly.
This is very interesting - thank you for sharing your knowledge. Any other related rererences - the tech that enables this sort of tracking?
> Any other related rererences - the tech that enables this sort of tracking?
It's everywhere in mobile devices. It's better not to use them.
If you must use one, you must at least have root to disable AGPS + add stringent iptable rules to disable any outgoing communication by default: you should only enable connections per app, or per IP/domain for what you need.
Still, that'll be of a limited help since the baseband manages connections (3GPP profiles etc) and does the equivalent of NAT to your device.
For all I know, the baseband could tell android "location disabled? sure thing!" while still getting GPS fixes + sending the position by UDP packets processed by the baseband OS: Android won't even see it! Yet by virtue of sharing the same IP (or being "enriched" with your IMSI as you can see above), you will be totally trackable.
Doing anything more requires running free software on the baseband: there're now free-software firmwares like https://github.com/the-modem-distro/pinephone_modem_sdk (I'll submit that for discussion)
It started from initiatives like https://www.reddit.com/r/PINE64official/comments/hflat0/pine... but now you even have a free software bootloader for the modem (see https://github.com/Biktorgj/quectel_lk)
If you want, you can also recover the stock firmware (https://github.com/Biktorgj/quectel_eg25_recovery), but the ability to audit from top to bottom to disable data exfiltration requires a 100% free software solution.