[kotajacob]

Sorry if this is a stupid question, but do we know if this location was collected by the operating system of the mobile devices? Or was it being collected simply by data from carriers? Also since this was just an API vulnerability would I be correct to assume it's still being exploited by this companies customers?

[kevcampb]

The information is likely to be provided by an API from AT&T and others, which is obtained from cell towers.

[kotajacob]

Makes sense... Thanks. There should be a law...

[bigiain]

There is. A law which requires carriers to provide sufficiently accurate cell phone location data so they can send it along with 911 calls.

https://www.fcc.gov/consumers/guides/911-wireless-services

"Phase II E911 rules require wireless service providers to provide more precise location information to PSAPs; specifically, the latitude and longitude of the caller. This information must be accurate to within 50 to 300 meters depending upon the type of location technology used."

Not the law I'm guessing you were after, huh?

[StudentStuff]

Sad thing is this has been going on since the late 1990s, back then they had lower level reps at AT&T handling law enforcement location requests manually. Knowing a few of them, it took forever for those former reps to get cellphones due to a fear of being tracked, having dealt with those requests.

I've also noticed multiple in that group will purposefully leave their phone behind & drive their older cars when they choose to have a tracking free day, even 2 decades later exposure to how easy it is to pull live location data still notably impacts their behavior.

[saltcured]

With firsthand experience of license plate scanning, they might reconsider their old cars. And who knows what they'd do if they also had firsthand experience of facial tracking cameras! Perhaps they'd invent a new cyberpunk costume, turn into night owls, or take of cave diving...

[nneonneo]

Almost certainly obtained from the carriers.