[nimbius]

Trying to steer this thread back on topic. This article is incorrect. Cellular services aren't polling GPS data from the device, they're using imei and subscriber identification triangulation from the towers which the FBI and law enforcement overlay on google maps.

It works with big providers albeit I feel like this parlour trick becomes tougher if your target is using a resell carrier like mint or cricket.

[hocuspocus]

Devices can and will report AGPS positions to carriers, it's part of several 3GPP protocols. Other people in comments have mentioned location sharing with emergency services, but it's also used for network quality telemetry. It's implemented at the baseband firmware level and there's nothing you can do about it.

[Maxious]

As sibling comment has pointed out the protocol for a cellular service to request GPS data directly RRLP, is part of the LCS (LoCation Services) section of 3gpp.

And if you run your own cellular service using OpenBSC you can try it out...

> RRLP is not just a theoretical feature specified in the GSM/3GPP specs. It is implemented by numerous high-end smartphones. There is no authentication of the network. There is no notification of the user. There is no way for the user to disable this [mis]feature.

> Impact: Public debate about this feature is needed. Operators probably need to consider working on some terms about how they use this feature in their privacy policy.

https://web.archive.org/web/20160106074623/http://openbsc.os...