The only thing that surprises me is that I thought T-Mobile were the good guys. Apparently their stance on net neutrality was empty fan service.
Nothing digital has any semblance of privacy. If you want to take nudies with your significant other, buy a Polaroid camera. If you want to shake hands on a shady deal, do it in person. If it's not the company who develops your product screwing you, it's the people pwning them: just look at what happened to the bastion of privacy, Apple (the iCloud leak).
Stop trusting your digital devices, or, alternatively accept that you have no privacy (which is a completely valid choice).
Alternatively airplane mode might work too on regular phones, but personally I wouldn't trust it 100%.
Secondly, my concern would be the cellular network automatically flagging you for suspicious activity, especially in an area know to have good coverage. It would certainly look suspect for a device to periodically pop up, send some traffic, then disappear once again.
Do you use you DNSSEC on your phone?
I feel like you are not arguing in good faith with that.
Also TMobile has always explicitly been against net neutrality, which is orthogonal to selling customer gps data anyway.
People pwning you. The iCloud leak was spear phishing.
Looks like apple uses a 3rd party clearinghouse to pass the information go 911, so the carriers don’t get it. https://cdn.ymaws.com/www.nena.org/resource/resmgr/docs/Appl...
As part of this API, is an endpoint that can be made by 911 operators in order to request the position of the phone. It's meant to be part of the E911 services, and is generally linked into the E911 system, but I think can also operate independently.
One of my regrets for the brief period I was working on these systems, is to trigger this API outside of a 911 call, and see if it still works, and whether it would operate without notifying a user. So that's the part I'm missing, I don't know if the API I'm describing can be activated silently from the UE perspective.
As others have pointed out, there are a class of location based services that use non-GPS methods for assisting device location, that may also be at play here, and can be mistaken as GPS by someone who isn't intimately familiar with the technology.
As for a backdoor into the OS, this is totally unnecessary, generally things like GPS and radio's are all wired through the baseband processor, so it's possible for the baseband to process requests without OS involvement. It's a CPU and code for all the network communications, that's runs independent of the rest of the phone, that is doing all the complicated wireless protocols. It depends on the way the standards are written, on what information the OS gets to see from the baseband, and then the way the OS is written on whether that information is actually displayed.
Sorry, I'm also a bit rusty on my telco standards, it's been a few years since I've been working in the telco industry. If you want to dig in and research, I believe LPP (LTE Positioning Protocol) is the spec/standards to dig into.
Also, the baseband processor in most phones runs its own code out of the control of the OS and has access to a ton of surprising stuff.
Also you asked if carriers need a backdoor, which I answered: "Wouldn't that need a backdoor in the OS's GPS software/driver?"
PS asking a question and berating any answer you don't like is not exactly optimal strategy for getting people to answer your future questions.
In airplane mode it _shouldn't_ be sending that data.
With aGPS, the cell phones can download up to date GPS almanac from the tower instead of having to lock to GPS satellites to get it.
The parent commenter explicitly write "A-GPS which uses triangulation".
That is simply not true.
The BTS (cell tower) will broadcast the connection info about neighbouring towers and your device will report back the signal strength for each. The network can then make a decision if it needs to move you. This is known as Mobile Assisted Hand Over.
The aim of the game here is maximising signal quality, which is not necessary the same as minimising position to a tower.
Carriers would still have cell tower location.
A-GPS certainly shouldn't be disabled at all times, as it is a mandate as part of E911, which has the express purpose of closing the gap on emergency services being able to find a caller in an emergency.
The difficulty is, I don't think A-GPS is OS controlled, I think it largely lives in the baseband, which Apple may have a much more limited control over, optionally enabling and disabling features that for all intensive purposes are built into the hardware. Ideally, a user should get a notification when not in a 911 call, but without spending a good deal of time hunting in the standards, it's possible this isn't exposed either.
I think in the CDMA2000 day's when I looked at this, the OS call for GPS positions couldn't even say don't use assisted GPS. The baseband if it had a network connection, would just contact the location server, and use that when locating the device to give back to the OS. That's old technology though, I'm not intimately familiar with the current standards.
I realized that fact because I purchased a tablet, and once I went out with it using the GPS, my position became unavailable or very inaccurate, very quickly.
AGPS means assisted GPS. Essentially, it means that you need some kind of list of satellites, or some kind of "init" data for GPS to boot up, and I think I heard this list is streamed by satellites, but with AGPS, you won't receive this list from satellites, but from some network thing.
To be honest I'm not sure 100% sure of the things I just said (I'm repeating some answer I got on stackexchange), but I can deduct that AGPS devices are not autonomous, they need a little bit of networking in order to calculate an accurate position.
Although there are many real GPS devices out there, I'm almost certain my new smartphone is full GPS because I have no SIM and no data plan and it guided me for a 50km trip, but I don't know what are the capabilities of other devices.
To be really honest, intelligence agencies might have pushed for such and such throttled GPS featured chip, that forces those to use networking, again, for allowing a third party to track the position and avoid autonomous positioning. It would be a conspiracy theory at this point, but by listening to Snowden, it would make sense.
Official Apple statement:
Calculating a phone’s location using just GPS satellite data can take up to several minutes. iPhone can reduce this time to just a few seconds by using Wi-Fi hotspot and cell tower data to quickly find GPS satellites, and even triangulate its location using just Wi-Fi hotspot and cell tower data when GPS is not available (such as indoors or in basements). These calculations are performed live on the iPhone using a crowd-sourced database of Wi-Fi hotspot and cell tower data that is generated by tens of millions of iPhones sending the geo-tagged locations of nearby Wi-Fi hotspots and cell towers in an anonymous and encrypted form to Apple.
Also worth reading:
I think you might be confusing 2 separate things:
* aGPS uses the cell tower to download data that helps with locking on to GPS satellites much faster. It basically tells the GPS receiver: here are the satellites you need to be looking for.
* cell tower triangulation is used when you have no GPS reception at all. It’s inaccurate, but it’s better than nothing.
If you know your location roughy with triangulation, you can improve your location estimate if you add 2 satellites to the mix (more data is usually better than not), but even then it has nothing to do with aGPS.
Standalone - Your handset has no connection to the network, and uses only the GPS satellite signals it can currently receive to try and establish a location.
MS Based - Your handset is connected to the network, and uses the GPS signals + a location signal from the network.
MS Assisted - Your handset is connected to the network, uses GPS signals + a location signal then relays its 'fix' to the server, which then uses the signal strength from your phone to the network towers to further plot your position.
> If you know your location roughy with triangulation, you can improve your location estimate if you add 2 satellites to the mix (more data is usually better than not), but even then it has nothing to do with aGPS.
Isn't this exactly what aGPS is? One or more data points outside of satellite data? If you have an additional resource I'd love to take a look. Just a quick search of the topic did reveal some contradicting statements.
I don’t think that’s what it is: with aGPS, the phone downloads data of where the satellites are. That allows the phone to accelerate its ability to lock onto GPS satellites.
Triangulation based on cell phone tower location is orthogonal to aGPS. The original iPhone didn’t have a GPS receiver and didn’t use aGPS, so it used the location of the towers as a crude way to figure out its location.
The triangulation + 2 satellites examples could be (but doesn’t have to be) a hybrid of the 2:
Use old school triangularion as one of the location estimates and use 2 satellites as further location estimates.
And then, orthogonally and optionally, you could use aGPS to accelerate finding additional satellites.
This is my understanding, I'm not entirely sure about the first part.
I'm greatly simplifying, but you can think of it like I'm making any phone call, it's just I dial 911. This does set some special in-band signalling, that I'm dialling sos, and set's bits that say this is an emergency connection, so retain it over non-emergency calls.
There is then some special routing that takes place, so that based on general location, you get routed to the correct 911 center.
Then, the network has a sort of API, that lets the 911 center make an API call, requesting the current GPS coordinates. This can take time, as you might not be able to pick up satellites, or use other sources. then think of something like a kidnapping, you might need to be able to track a moving target, so this process can be repeated and updated or more accurate coordinates can be received.
Each layer of that has a specification, in that specification each side has implementations of that specification. To me, I fundamentally don't care what an individual corporation "can or can't do". I care what the spec says, because that's what the corporation can and can't do unless they have something completely 100% proprietary.
Speculation is worthless, show me the spec of what function calls enable the collection of this data, and what the structure of the message looks like over the wire.
Beyond that, on a rooted device that I have full control over, I should be able to work out the details of how that's happening and whether or not I want to fiddle with it to allow my carry around computer to do so or not.
If the implicit assumption that root access to my pocket computer makes it unable to turn off such a thing, then that's news. The rest are layers and layers of complexity as to what the defaults of the systems involved are allowed to do via permissions systems. We're either cool with those defaults, or we aren't.
So, imo. Start with the specs, if it's possible via them then it's surely happening whether or not it's "legal" to do so. My apologies if this comes across as harsh, but what else did we expect? We're fortunate enough to live in the cusp of the information age, but the first 50/100/200 years of this are bound to be messy before it either goes full dystopian forever, or enough outrage affects those defaults.
Only way to guarantee you aren't being tracked is to turn the signal off, which isn't feasible for most.
I personally don't know that I mind it, but some people do and that's the question that is either allowed by some spec or isn't.
edit: furthermore, just connecting to the towers at all would give approximate information, unless it's connecting to multiples wherein they can triangulate. the other question would be "can I compromise and force my antenna into 'one tower at a time' mode" via some spec. Would I then affect my ability to do tower handoffs upon movement without having multiple tower connections? If so, do I care that my antenna is forced into single tower "approximate location" mode with drops upon new tower acquisition or not? What spec controls that and can I control it via root access to my device? See what I mean?