←back to thread

Everyone knows your location: tracking myself down through in-app ads

(timsh.org)
1957 points apokryptein | 7 comments | 02 Feb 25 17:07 UTC | HN request time: 2.085s | source | bottom
1. password4321 ◴[02 Feb 25 17:56 UTC] No.42910316[source]
Is WiFi access point geolocation by SSID or MAC address? Do mobile OS's require additional permissions for apps to get either of these data points?
replies(3): >>42910398 #>>42910465 #>>42914320 #
2. gruez ◴[02 Feb 25 18:07 UTC] No.42910398[source]
>Do mobile OS's require additional permissions for apps to get either of these data points?

Yes on both iOS and Android as far as I can remember.

replies(1): >>42910536 #
3. radicality ◴[02 Feb 25 18:14 UTC] No.42910465[source]
iOS definitely requires Precise location permission allowed for the app to see your WiFi name / ssid and other WiFi around you
replies(1): >>42910834 #
4. Aachen ◴[02 Feb 25 18:23 UTC] No.42910536[source]
Android for sure, since version 8 I'm certain but probably even 5 or 4.x (so 10+ years ago)

Always annoys me when I want to use a WiFi scanner to determine the range of an access point in different locations for example and it needs me to turn on location access first before it can get WiFi data. The open source app doesn't have an Internet connection so there's no way for it to send back data to the mothership even if it had an SSID database baked into the apk. For me, and traditionally, the location switch is to turn on or off energy-hungry GPS hardware, not gatekeep when I trust apps to collect my location. I can set those to "only while in use", deny their Internet access, or just not install them if I don't trust them with the location permission

5. matthewdgreen ◴[02 Feb 25 19:00 UTC] No.42910834[source]
But all it takes is one app with that permission to tie you to all the others. And there are always apps that need your location at some point to provide useful data. At this point I’m not sure there’s any single app I trust.
replies(1): >>42914354 #
6. scarface_74 ◴[03 Feb 25 02:37 UTC] No.42914320[source]
On iOS at least you can set the MAC address to be different per access point or to rotate on the same access point or to use your normal MAC
7. ignoramous ◴[03 Feb 25 02:44 UTC] No.42914354{3}[source]
> apps that need your location

And, triangulating client's public IP address will also give away location with decent precision: https://news.ycombinator.com/item?id=37507355

btw, we need a securephones.io [0] part 2 focusing on apps.

[0] cert has expired