Why does Microsoft Remote Desktop app need my GPS location from my phone?
this post was submitted on 24 Oct 2024
174 points (100.0% liked)
Technology
58833 readers
5156 users here now
This is a most excellent place for technology news and articles.
Our Rules
- Follow the lemmy.world rules.
- Only tech related content.
- Be excellent to each another!
- Mod approved content bots can post up to 10 articles per day.
- Threads asking for personal tech support may be deleted.
- Politics threads may be removed.
- No memes allowed as posts, OK to post as comments.
- Only approved bots from the list below, to ask if your bot can be added please contact us.
- Check for duplicates before posting, duplicates may be removed
Approved Bots
founded 1 year ago
MODERATORS
I loved xprivacy_lua
You could hide almost everything.
No app knew the other apps I used.
No app had clipboard access. when I needed to paste something I used Xposed Edge.
You could spoof a lot of info, GPS coordinates, IMEI ...
The list goes on.
support stopped. I should check if there's a fork.
edit: AOSP permissions have improved and I now use almost exclusively FOSS apps, so I'm not worried, but I still miss the app.
edit2: there's a fork: https://xdaforums.com/t/xpl-ex-xprivacylua-ex-android-privacy-manager-hooking-manager-extended.4652573/
Use FOSS as much as possible, pressure your gov to implement laws against tracking (against what Snowden showed us).
There is no need to know the location and history, and the communication of everyone everywhere.
If you have a device that's actively connected to a cellular network, and has been while in your home or work, then your only option is to leave it behind or turn it off. That includes your car if it was made in the past decade, if nothing else, so it can catch OTA firmware updates, and send telemetry data.
GPS and location services don't mean shit when your carrier keeps logs of where you've been based on cell-tower triangulation.
Do we know how carrier shares cell data?
In another thread, it was suggested thet "cant" just sell it like they isp traffic data for example.
Obviously the state can get it since is logged. Not sure if they would need s warrant tho
I work for a telecom. In my country there is well regulated legislation that specifies how and when the police can ask the telecoms for cell location data, usually used for missing people.
They also provide large scale, anonymised data for crowd movement analysis. For example it was used to demonstrate how 60,000 people moved into and out of a stadium located for historical reasons in an old-fashioned, dense residential area, in preparation for the arrival of English football fans.
You also have to assume that your government has never illegally obtained data it shouldn't have in a shady manner.
It also doesn't bode well for what happens if your country falls into fascism, as all that data will still exist to be systematically, and retroactively used against you.
One of the good things about living in Ireland is that I'm 99% our government is neither competent enough to perpetrate elaborate crimes against its people without being exposed almost instantly, nor powerful enough that even fascists getting into government would have a meaningful impact bar providing a colourful humorous segment of the inevitable documentary on Europe's second fall to the Axis.
One thing I am always aware of are apps that want permission to access Bluetooth and/or Wi-Fi and/or Networks.
Even though Bluetooth is very short ranged it can still be used to tie you into a location within a database based on other database records that are more detailed.
Yeah, I love playing you “My Great Dog-sitting Simulator” (not a real app) but you do not need access to my BT. The OS handles sending your audio to my headphones!
I remember when Bluetooth started demanding location permissions. You'll never convince me that it's functionally required or provides any benefit other than furthering efforts to spy on the user.
When it started being rolled out, I avoided any app or hardware that made that demand. Sadly, that's no longer an option if I want any Bluetooth at all.
It's not like Bluetooth started demanding location permissions, the conceptual model of the permission was revised: having access Bluetooth means an app could determine your location via a form of lateration.
In earlier versions of smartphone operating systems, this was not transparent to users lacking the technical background, so Bluetooth also requiring location access is actually an attempt at making users aware of that. I'm not an iOS developer, so I can't comment on iPhones, but on Android versions prior to 11, having access to Bluetooth meant an app would be able to determine your location.
Today, you can require the permission ACCESS_FINE_LOCATION, which expresses that your app might use Bluetooth to obtain location information on Android. Also, if you're just scanning for nearby devices to connect your app to, but don't want users to be confused why your smart fridge app needs to know your precise location, you can declare a permission flag (neverForLocation) and Android will strip beacon information from the scan results, better asserting your intentions.
So, overall: no, there is nothing nefarious going on, it was always possible to determine your location via Bluetooth, and the update to the permission model was an honest improvement that actually benefits you as user.
Now, there are still plenty of shady apps around, and apps that are poorly written - don't use those.
I knew that someone would try to convince me. You won't convince me.
... Though your argument is pretty compelling.
I don't think he wanted to convince you, he just explained the backgroundon how you can track locations with bluetooth.
Teams is the worst, you can’t join any call if you don’t allow it to scan your local network. I wish the executives a very nice and agonizing death.
I haven't done an extensive survey or anything, but every modern router I've interacted with supports setting up a secondary WiFi network with guest isolation (so anything on that SSID can't see any network device besides the router and itself). This is useful for apps or hardware that is untrusted and/or demands unjustified permissions.
Correct, using the guest network is better but I think turning off WiFi and just using mobile data is sufficient. I wonder if the permission applies to cellular connectivity as well.
Pretty easy steps; get app you are interested in. Deny it access to things it doesn’t need when asked. If the app proceeds to not work until you enable, delete. Otherwise, enjoy app without the unnecessary permissions.
That's my approach with Rethink DNS. I get FOSS alternatives whenever acceptable for my use case, but isolate even them to only bare working minimum of outside connections.
Most apps literally don't work right is you do not enable all location services
11 out of 32 apps requesting location on my phone have the permission granted, because I actually need them to use location for one reason or another. the rest works perfectly fine with the permission disabled.
Don't just give location access to any app that requests it, especially background location access.
Even my taxi apps receive/lose location access automatically on open/close.
Don't give location access. Really not that hard.
In case you are not just trolling, you need to do way more to stay anonymous in the modern area.