@jksc @taoeffect

> A major caveat is that I don’t know if RRLP and LPP are the exact techniques, and the only techniques, used by DEA, Shin Bet, and possibly others to collect GNSS data; there could be other protocols or backdoors we’re not privy to.

You should not be basing your understanding on an article written by someone making assumptions about how things work without knowing how things are actually implemented. They're claiming the changes made by Apple aren't useful without evidence.

@GrapheneOS @taoeffect To be clear, you have answered "No" to the question "Are Pixel devices running GOS vulnerable to this GNSS baseband processor tracking?"

How does the operating system mitigate Control Plane LCS for all modems running on Pixel devices? Is this even publicly documented anywhere?

I'm fine with the article cited being inaccurate, but it's unclear on what you're basing your answer that GOS Pixels "are not vulnerable".

@jksc @taoeffect

> To be clear, you have answered "No" to the question "Are Pixel devices running GOS vulnerable to this GNSS baseband processor tracking?"

Correct.

> How does the operating system mitigate Control Plane LCS for all modems running on Pixel devices? Is this even publicly documented anywhere?

Location detection based on the cellular connection itself can only be avoided with airplane mode. Apple hasn't changed that for iPhones, they're only trying to reduce the precision.

@jksc @taoeffect

> I'm fine with the article cited being inaccurate, but it's unclear on what you're basing your answer that GOS Pixels "are not vulnerable".

The cellular radio has no direct connection to GNSS on Pixels and doesn't control it. It's the operating system implementing support for providing supplementary location data to the cellular radio for E911 support. Many regions including Europe don't use E911 in the first place but rather a different standard not implemented by AOSP.