[philipn]

It's worth noting that this technique only works if the target user is using a mobile app (not web) that's been granted persistent location sharing permissions. The app also has to support one of the ad networks allowing the targeting they used in the paper. They tested this with the Talkaphone app, which requires (not requests) persistent location sharing.

I'm not sure, but iOS's anti-ad tracking function(s) may have an effect as well (https://support.apple.com/en-us/HT202074)

[dx034]

Exactly, deactivating location sharing for apps that don't need it will help a lot. Wifis can still be located but tracking over mobile network won't really work. At least in London, IP geolocation of phone networks results in a large radius, too large for anything but long-distance travel.

And then you can (and should) obviously still use a VPN. The ad network can know it's a vpn and not necessarily present it as a location but they won't be able to guess you're real one.