[xjay]

Android defaults to sending the IMSI (SIM ID) to Google.

> SUPL is used as part of the A-GPS (Assisted GPS) system to get a faster Time to First Fix. The problem is that Android's implementation automatically sends the IMSI (ID of the SIM card) to the SUPL provider for no apparent reason. And because Google is the default provider it's a big breach of privacy.

https://github.com/Magisk-Modules-Alt-Repo/supl-replacer

https://en.wikipedia.org/wiki/Assisted_GNSS

[_rdvw]

I document this more in depth here https://divestos.org/misc/gnss.txt

[sambazi]

and then proceeds to download a blob to be interpreted by the firmware over plain http

[tredre3]

The S in SUPL stands for secure, it's ssl encrypted. Whether or not the implementation is good, I don't know, but saying it uses plain http is patently false.

[sambazi]

last time i checked, there was a "http://" url in the agps.conf on android - been a few years though