Feature request - disable location access within a Geofence area.

kjerehea

Location access should be automatically disabled when the user enters a predefined geofence area. Wifi and cellular could also be disabled. It would help to prevent the user’s sensitive locations from becoming known; especially their home and work locations. See here for an example of how US military bases were discovered using fitness apps location data.

Should also notify the user upon entering and exiting a geofence area, to remind them to toggle the settings if needed.

n3t_admin

kjerehea exiting a geofence area

and how exactly is the system supposed to know that when... the location is TURNED OFF? If you want such a feature, be prepared to toggle it back on manually a lot...

chinook

To be honest I can't imagine this being high on the list, but feel free to request it here.

In the meantime you can use this software to achieve the same result: https://tasker.joaoapps.com/userguide/en/loctears.html from https://tasker.joaoapps.com/

Also please note that this WOULD NOT prevent the leak as presented in the article (through Strava's heatmaps), because the location data originated in the fitness trackers, NOT in phones. Even if you had your phone in the aeroplane mode but exercised with your fitbit/garmin/AW on and then later uploaded your exercise to Strava, it would show exactly the same location.

kjerehea

chinook "Also please note that this WOULD NOT prevent the leak as presented in the article (through Strava's heatmaps), because the location data originated in the fitness trackers, NOT in phones."

If "Location access" was disabled then no app would be given access to the location, so the fitness app would have nothing to report. If the fitness tracker was GPS enabled then yes, this would of course be a leak.

A wide geofence would expose your general home and work locations, but not with enough granularity to locate (and identify) you.

In January 2019, Motherboard revealed that AT&T, T-Mobile, and Sprint were selling their customers’ real-time location data, which trickled down through a complex network of companies until eventually ending up in the hands of at least one bounty hunter.

I'd imagine that most GrapheneOS users don't need any cell coverage at home and work when they have wifi.

chinook

n3t_admin

and how exactly is the system supposed to know that when... the location is TURNED OFF

I literally provided a link describing the options in details. This will be approximate but can be recognised by the cell near + wifi near. I use it a lot. Crude but definitely good enough.

schweizer

How is this supposed to work? You have one hole without geolocation during daytime and one hole during nighttime. The first is your workplace and the latter your home. You can draw the radius as big as you want it will always be possible to find out the center of the circle.

I think it is a better option to switch off geolocation most of the time unless you need it, not use play services and use Tor.

void0

From what I understand while routing GOS only requests location through apple's network (proxied) once, thereafter all processing of said data is done locally. What this means is that if you request location access from a restaurant to your house the gps network will only see your initial location before routing. Therefore I fail to see how a geofence disabling location services would be beneficial unless you have a couple untrustworthy apps with location perms.

Someone feel free to correct me if I'm wrong.

de0u

void0 From what I understand while routing GOS only requests location through apple's network (proxied) once, thereafter all processing of said data is done locally.

Each individual location request is one request and local processing. But navigation apps typically want to know the location continuously, not just once. Generating a proposed route is not the same thing as travelling along a route.

void0 What this means is that if you request location access from a restaurant to your house the gps network will only see your initial location before routing.

There is no "GPS network", and GPS satellites never know your location, because that's not how GPS works. The satellites transmit with no idea who is or isn't listening, and GPS receivers listen without transmitting anything to anybody.

I believe that at present if a navigation app on GrapheneOS is using the fused location provider one should assume that the servers providing any non-GPS data are obtaining a reasonable though non-precise location track.

de0u

If the request is that specific apps should lose location access in certain conditions (which would not be the same as disabling the location service), that could be done. But I think there might be a lot of edge cases.

chinook

kjerehea

"Also please note that this WOULD NOT prevent the leak as presented in the article (through Strava's heatmaps), because the location data originated in the fitness trackers, NOT in phones."

The original article mentions Strava heatmaps and fitness trackers. There are several trackers that can talk to strava directly, and over a dozen BRANDS of wearables whose phone apps can be connected to strava (to upload segments automatically).

Many of these devices support GPS natively.

If "Location access" was disabled then no app would be given access to the location, so the fitness app would have nothing to report. If the fitness tracker was GPS enabled then yes, this would of course be a leak.

Now, let me reiterate my original point, because I think it didn't come across previously.
Trackers that have their own GPS receivers do not rely on the location data on phones to record activities/segments.
If you ever tried to run couple of km with a phone in your pocket vs a watch/tracker on your wrist, you may guess which one is more comfortable. And if in this situation you'd like your activities to be accurately recorded, you'd have a tracker with GPS.

Which doesn't need phone's location services to accurately record the location which may be then uploaded to strava.
Which means that such phone would leak the location/activities anyway. Even if it was off in the base. Wearables will just synchronise later.

Edit: yes, it's possible someone was running with their phone. Maybe many people. But it's not something I'd call the default. And definitely no one would be using their phones to record runs accurately but with the location services off. If you're after tracking steps and not length of the run, just use 30g £10 device from Aliexpress.

schweizer

A simple method to avoid the above mentioned problem is to switch on the smart watch only after warmup. That way you are about a kilometer away from home while running and even more while cycling. The warmup and cooldown are not that interesting to log.