Submitted via IRC for TheMightyBuzzard
As it turns out, turning off location services (e.g., GPS) on your smartphone doesn't mean an attacker can't use the device to pinpoint your location.
A group of Princeton University researchers has devised of a novel user-location mechanism that exploits non-sensory and sensory data stored on the smartphone (the environment's air pressure, the device's heading, timezone, network status, IP address, etc.) and publicly-available information to estimate the user's location.
The non-sensory and sensory data needed is stored on users' smartphones and can be easily accessed by any app without the user's approval, which means that the data can be captured through a malicious app or harvested from databases of many legitimate fitness monitoring apps.
Source: https://www.helpnetsecurity.com/2018/02/07/location-tracking-no-gps/
(Score: 0) by Anonymous Coward on Saturday February 10 2018, @01:23PM
Or - hacker hacks public Wi-Fi/payment system/whatever and users that to get into your phone that's running an outdated Android and install an app that has the appropriate permissions. Now, whenever you go to a CVS, Starbucks, etc., your phone is used to attack their systems, collect info, and whatever other nefarious things. They can also map the botnet spread and decide on additional targets.