There was a controversial event a couple of years ago which was followed by the New York Times publishing location data from people that was collected open-source by corellating phone locations, advertising IDs, and PII. Opinions on this event aside, this is when I realized that even with my other OPSEC/privacy measures a bad actor could probably track me, and I turned location services off for good.

Fast forward to today and I'm running GrapheneOS, always-on VPN, and I'm very cognizant of what permissions are used/allowed for every app/site. I notice a number of folks here and on other privacy/security forums mentioning using location, for example for navigation, which makes me wonder:

Do y'all think that by locking down location permissions in GrapheneOS (etc) you can safely utilize GPS for something like offline OSM Maps? Or do you think that even with these countermeasures, turning on location is likely to allow a location leak? Or do you not include location tracking as something you can mitigate in your threat model?

TL/DR: Can you effectively mitigate location leaks such that it is safe to turn phone GPS location on?

    • [deleted]

    Its my understanding that location (GPS) is an incoming signal and it gets leaked by the os. Google would leak that info, GrapheneOS will not. I still keep my location off unless I need it on.

    Location services in GrapheneOS are purely GPS-based, so that's not a problem - unless you install Play Services which bring their own network-based location services, so don't do that. Cell phone triangulation is harder to prevent, you'd have to use the flight mode to avoid it.

    A little off topic, but can you use WiFi whilst flight mode is switched on?

      mmmm A little off topic, but can you use WiFi whilst flight mode is switched on?

      Yes

      • [deleted]

      • Edited

      rePrivatizing for your case I would recommend predownloading maps for your relevant areas of use with Location off and then using OSMAnd with location on and network off.

      Make sure you get your PSDS data from either GrapheneOS servers or if you don't mind waiting for lock I would just stick with none.

      I would generally recommend any mapping software where maps can be downloaded and used offline. When you use network and packets travel through the internet backbone, however encrypted, they will inevitably leak metadata. (That is if you don't use VPN)