There was a controversial event a couple of years ago which was followed by the New York Times publishing location data from people that was collected open-source by corellating phone locations, advertising IDs, and PII. Opinions on this event aside, this is when I realized that even with my other OPSEC/privacy measures a bad actor could probably track me, and I turned location services off for good.
Fast forward to today and I'm running GrapheneOS, always-on VPN, and I'm very cognizant of what permissions are used/allowed for every app/site. I notice a number of folks here and on other privacy/security forums mentioning using location, for example for navigation, which makes me wonder:
Do y'all think that by locking down location permissions in GrapheneOS (etc) you can safely utilize GPS for something like offline OSM Maps? Or do you think that even with these countermeasures, turning on location is likely to allow a location leak? Or do you not include location tracking as something you can mitigate in your threat model?
TL/DR: Can you effectively mitigate location leaks such that it is safe to turn phone GPS location on?