Mobile carriers can get your GPS location

Original Article ↗ Hacker News Discussion ↗

Emergency Location Systems and What’s New

  • Many commenters note that precise mobile location for emergency calls (E911 in US, 112/999 with AML/EISEC in EU/UK) has existed for years.
  • Typical pipelines: phone detects an emergency number, enables GPS, and sends coordinates (often via a special hidden SMS or protocol) to carriers, then to dispatch systems (e.g., RapidSOS).
  • Some rescuers report only ever receiving cell-tower triangulation, not GNSS, suggesting uneven real-world deployment.

Direct GNSS Access vs Triangulation

  • The thread repeatedly distinguishes:
    • Traditional network-based location: TDoA, timing advance, multi‑lateration, Wi‑Fi/Bluetooth databases; now very accurate, especially in dense 4G/5G.
    • Newer concern: standards‑defined commands that let the network query the device’s GNSS module for exact coordinates, potentially turning on the GNSS radio.
  • Several point out that GNSS is often implemented in or alongside the baseband SoC; the OS may have no veto or visibility.

Apple / Android Controls

  • iOS 26.3 adds “Limit Precise Location” per‑carrier for devices with Apple’s newer C‑series modems; initially only a handful of carriers support it.
  • This setting does not reduce precision for emergency calls.
  • Pixels can surface notifications about network‑level location queries. Android also has user‑visible emergency location features separate from baseband‑level mechanisms.

Privacy, Consent, and Abuse

  • Strong disagreement over whether this is acceptable:
    • One camp argues it’s obvious, longstanding, and life‑saving (suicides, crashes, missing persons).
    • Another argues that silent, always‑available, meter‑level tracking by carriers is inherently abusive if users can’t opt out or even see when it’s used.
  • Multiple comments highlight carriers and app ecosystems selling or leaking location data to brokers, with governments simply buying it.

Law, Regulation, and Accountability

  • References to E911 rules, FCC accuracy mandates (including vertical/barometric data), and EU AML obligations.
  • Debate over GDPR: carriers clearly must be able to locate devices for emergencies, but whether they may store and reuse high‑precision data is disputed.
  • Broader political discussion about privatized surveillance, qualified immunity, and how hard it is to constrain state use once such data streams exist.

Mitigations and Limits

  • Suggested defenses: phones with hardware kill switches, Faraday bags, turning off radios, privacy OSes with strong radio isolation, or simply not carrying a phone.
  • Others counter that baseband‑side tracking and tower‑level multi‑lateration mean any connected device is inherently trackable, and that eliminating the surveillance capability entirely may be politically unrealistic.