[sapski]

This is something different: they just know when you visit a location with a router that they control. We show that you don't need to control any routers to track people's location, as long as you have an app with the "WiFi information" permission (and most of the apps do have it).

[chatmasta]

(Assuming you are the author of the post)

Did you watch the network traffic that apps send home? I would be curious to know, of the top games in the app store that see wifi data, how many of them actually send it back to their servers.

I've been running mitmproxy for a project, giving me rare insight into the data that leaves my phone. It's amazing how often android/ios apps "phone home." Every few seconds, apple and google servers receive a request from my phone with fingerprint information sufficient to pinpoint my location on a map. Usually the current WiFi SSID is included in that.

It has me wondering if there is viability in a consumer-grade "man in the middle" router for auditing/filtering the traffic leaving the user's home network.

[sapski]

Good point, thanks! We didn't watch the traffic of these apps yet, we just point out that they have the ability to report it back, beyond the user's control.

I did however read through the privacy policies of the apps, and one of the top 20 with WiFi but not location permission mentioned collecting your location data.