Submitted via IRC for TheMightyBuzzard
As it turns out, turning off location services (e.g., GPS) on your smartphone doesn't mean an attacker can't use the device to pinpoint your location.
A group of Princeton University researchers has devised of a novel user-location mechanism that exploits non-sensory and sensory data stored on the smartphone (the environment's air pressure, the device's heading, timezone, network status, IP address, etc.) and publicly-available information to estimate the user's location.
The non-sensory and sensory data needed is stored on users' smartphones and can be easily accessed by any app without the user's approval, which means that the data can be captured through a malicious app or harvested from databases of many legitimate fitness monitoring apps.
Source: https://www.helpnetsecurity.com/2018/02/07/location-tracking-no-gps/
(Score: 1, Insightful) by Anonymous Coward on Friday February 09 2018, @08:53PM
Those APs might all be called linksys but most of them had different MAC addresses.
Speaking of recent developments nowadays many GSM/etc cells are smaller. So the telcos and "friends" have more and more accurate info on where your phones are. It's not like most people turn off their phones for hours or carry them permanently in airplane mode.
So this fancy barometer stuff isn't necessary for 99% of the scenarios. Only in a few scenarios does your malicious app get installed on a phone that never has any cellular or WiFi access and it also doesn't matter that the app can't communicate via cellular network or WiFi.