Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

>It's a matter of time before advertising SDKs within any ad-supported apps will start leveraging this to geolocate users without additional permissions.

They still need bluetooth permissions, which is going to be sus for your average flashlight/weather/game app.

>Especially for apps that already have location permissions (something as simple as a weather app) this will hardly be noticed.

If the app already has location permissions, why would they need to pull off this attack? They get the user's location directly.



> They still need bluetooth permissions, which is going to be sus for your average flashlight/weather/game app.

Looking at the apps I had to purge from family members' phones, I don't think that will be a problem.

> If the app already has location permissions, why would they need to pull off this attack? They get the user's location directly.

Accessing geolocation APIs will show an indicator and add an entry to a log (at least on Android). I don't believe accessing BLE APIs do the same.


> They still need bluetooth permissions, which is going to be sus for your average flashlight/weather/game app.

As if people would care about that...




Consider applying for YC's Summer 2026 batch! Applications are open till May 4

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: