From Newsgroup: alt.internet.wireless

Marion wrote:

FACT:

1. Apple and Google both crowd source Wi-Fi and cellular identifiers.
Their goal is stated to be in order to improve location accuracy.

Most Apple/Android mobile devices are configured by default to
upload nearby BSSIDs, cell tower IDs & sometimes Bluetooth beacons.

2. Apple
A. The Apple Wi-Fi Positioning System is openly queryable.
Researchers have shown it can be used to locate routers worldwide.
B. Even if you do not own Apple devices, nearby iPhones may upload
your router BSSID & location, adding your home to Apple's database.
C. This openness has been exploited in studies to track troop
movements and to track destruction in war zones.

3. Google
A. Google collects similar data but restricts access to its database.
B. It is not openly queryable in the same way Apple's database is.
C. Android defaults to "Google Location Accuracy" being on,
but it can be turned off in settings by intelligent people.

4. Limits of exposure
A. Neither Apple nor Google databases DIRECTLY contain your name
B. Neither Apple nor Google databases DIRECTLY contain your address
C. But that name & address is easily found in USA public databases
D. Attackers would need to cross-reference BSSID data with public
records to infer identities from the BSSID tied to GPS location.

5. Privacy risks
A. Apple openness means outsiders can query Wi-Fi locations globally.
B. Google restricts queries but still collects the same identifiers.
C. Both raise concerns about involuntary participation in crowdsourced
location systems (but intelligent people can turn some of it off).

6. Summary
Both Apple & Google collect Wi-Fi and cellular identifiers
Apple & Google claim they do it in order to improve location accuracy.
Apple allows open queries, Google restricts them.
Neither exposes your name or device list directly, but both raise
huge privacy concerns when that information is combined with other data.

Bearing in mind intelligent people listen to what Apple & Google say,
but if you're intelligent, you also notice what Apple & Google do.

Which isn't always the same thing.
There are other motives beyond simply improving location accuracy.
--
One advantage of owning intelligent thought processes is we can listen to what Apple & Google say, but then take into account what they actually do.

But... there are other motives beyond just improving location accuracy.

1. Advertising
A. Google has long tied location data to advertising.
B. Location history and signals from Android devices feed
into ad targeting, letting advertisers know where you go
and how long you stay there.
C. Apple has historically avoided ads in Maps, but reports
suggest Apple may add ads to Maps search results similar
to Google Maps and Waze.
<https://www.bloomberg.com/news/articles/2022-08-15/apple-plans-to-expand-ads-to-maps-tv-and-books>

2. Data monetization
A. Apple claims it does not sell personal data, but dozens of
iOS apps have been caught selling location data to marketing firms.
<https://9to5mac.com/2022/02/28/apps-sell-your-location-data/>
<https://umatechnology.org/dozens-of-ios-apps-caught-quietly-selling-localization-data-to-marketing-firms/>
<https://www.apple.com/legal/privacy/data/en/location-services/>
B. Google uses aggregated location data to power advertising products
and analytics for businesses.

3. Behavioral tracking
A. Both ecosystems can measure dwell time at stores or kiosks
if Bluetooth beacons are present.
B. This data is valuable for retailers who want to know how
long customers linger and what paths they take.

4. Policy differences
A. Apple introduced App Tracking Transparency, which forces apps
to ask permission before tracking across apps and sites.
B. Apple also restricts developers from making apps whose primary
purpose is location-based advertising.
C. Google allows more integration of location data into its
ad ecosystem.

5. Summary
Improving location accuracy is the official reason, but location data
is also used for advertising, analytics and behavioral insights.

Apple positions itself as more privacy focused, yet its ecosystem
still enables location data monetization through apps.

Google openly integrates location into its ad business.
Both companies benefit financially from the collection.
--
An intelligent person listens to what Apple & Google say but then uses
his intellect to also fuse what they both say with what they both do.
--- Synchronet 3.21a-Linux NewsLink 1.2

From Newsgroup: alt.internet.wireless

Marion wrote:

Apple positions itself as more privacy focused, yet its ecosystem
still enables location data monetization through apps.

Google openly integrates location into its ad business.
Both companies benefit financially from the collection.

With regard to app tracking transparency on the two platforms...

1. Apple
A. App Tracking Transparency launched in iOS 14.5 in 2021, forcing
apps to ask permission before tracking across apps and sites.
B. Apple restricts developers from making apps whose primary purpose
is location-based advertising.
C. Apple markets itself as privacy focused, though iOS apps have
still been caught selling location data.

2. Google
A. Google announced its own App Tracking Transparency-style control
in 2021, letting users opt out of sharing their Advertiser ID.
When opted out, advertisers receive a string of zeros.
B. Google introduced Privacy Sandbox for Android in 2022, a multi-year
project to reduce cross-app tracking and replace identifiers with
more privacy-preserving systems. Rollout continues into 2025.
C. Android provides ad-privacy settings where users can manage ad
personalization and opt out of interest-based ads.

3. Summary
Both Apple and Google have tracking transparency features.

Apple rolled out App Tracking Transparency sooner & more aggressively.
Google is rolling out Privacy Sandbox gradually.
Both companies still integrate location and behavioral data
into advertising systems.

In summary, both ecosystems track & both ecosystems have well-publicized initiatives to limit tracking.
--
The trick is for intelligent people to listen to what Apple & Google say;
but then to watch what Apple & Google actually do. They are not the same.
--- Synchronet 3.21a-Linux NewsLink 1.2

From Newsgroup: alt.internet.wireless

Marion wrote:

Both companies still integrate location and behavioral data
into advertising systems.

FACTS:

1. Wi-Fi scanning
A. iOS: Always scans nearby networks even if Wi-Fi is off.
B. Default: ON. User control: None.
The only user-selectable option is disabling Location Services
entirely, which breaks many features.
C. Save: Nearby BSSIDs saved locally for positioning, no user control.
D. Upload: BSSIDs uploaded to Apple servers by default, no user control.
E. Android: Scans Wi-Fi only when Wi-Fi scanning is enabled in settings.
F. Default: ON. User control: Toggle at Settings > Location > Wi-Fi
scanning. Disables scan, save, and upload together.

2. Bluetooth scanning
A. iOS: Scans for beacons even if Bluetooth is "off" in Control Center.
B. Default: ON. User control: Must disable Bluetooth in Settings or
disable Location Services entirely.
C. Save: Beacon IDs saved locally, no user control.
D. Upload: Beacon IDs uploaded to Apple servers by default.
E. Android: Scans when Bluetooth scanning is enabled in settings.
F. Default: ON. User control: Toggle at Settings > Location > Bluetooth
scanning. Disables scan, save, and upload together.

3. Cellular towers
A. iOS: Tower IDs always collected for service and uploaded to Apple if
Location Services is on.
B. Default: ON. User control: None, short of disabling cellular service.
C. Save: Tower IDs saved locally.
D. Upload: Tower IDs uploaded to Apple servers.
E. Android: Same situation, tower IDs always collected.
F. Default: ON. User control: None, short of disabling cellular service.
G. Save: Tower IDs saved locally.
H. Upload: Tower IDs uploaded to Google servers.

4. GPS
A. iOS: GPS enabled if Location Services is on.
B. Default: ON. User control: Disable Location Services globally or
restrict per-app ("Never," "While Using," etc.).
C. Save: GPS fixes calculated and stored locally by the chip.
D. Upload: GPS coordinates are not automatically uploaded. They are
transmitted to Apple servers only when system services (Maps,
Find My, etc.) or apps request them.
E. Android: GPS enabled if Location is on.
F. Default: ON. User control: Disable Location globally or restrict
per-app ("Allow all the time," "While using," "Deny").
G. Save: GPS fixes calculated and stored locally by the chip.
H. Upload: GPS coordinates are not automatically uploaded. They are
transmitted to Google servers only when system services (Maps,
Find My Device, Location Accuracy, etc.) or apps request them.

5. Access point fingerprints
A. iOS: Nearby router BSSIDs uploaded to Apple servers.
B. Default: ON. User control: None if Location Services is on. Even if
you never use Maps, other iPhones upload your router.
C. Save: Fingerprints saved locally.
D. Upload: Fingerprints uploaded to Apple servers.
E. Android: Nearby router BSSIDs uploaded to Google servers.
F. Default: ON. User control: Disable Location Accuracy, but other
people's phones still upload your router.
G. Save: Fingerprints saved locally.
H. Upload: Fingerprints uploaded to Google servers.

6. Sensors (motion, compass, barometer, etc.)
A. iOS: Sensor data available to apps with permissions.
B. Default: ON. User control: Per-app permissions only,
there is no global toggle.
C. Save: Sensor data saved locally when used.
D. Upload: Sensor data uploaded if app/server requests.
E. Android: Same - sensor data available to apps with permissions.
F. Default: ON. User control: Per-app permissions only,
there is no global toggle.
G. Save: Sensor data saved locally when used.
H. Upload: Sensor data uploaded if app/server requests.

7. Bottom line
A. iOS: Defaults always ON for Wi-Fi and Bluetooth scanning, saving,
and uploading. No granular toggles, only the nuclear option of
disabling Location Services.
B. Android: Defaults ON, but provides explicit toggles for Wi-Fi and
Bluetooth scanning. Users can disable scan, save, and upload while
keeping other location features.
C. Both: Cellular towers and router fingerprints are unavoidable if
other people's devices are in range. Neither platform gives full
control there.
--
The whole point of being well educated is so that you can listen to what
Apple & Google say they do but you're smart enough to see what they do.
--- Synchronet 3.21a-Linux NewsLink 1.2

From Newsgroup: alt.internet.wireless

Marion wrote:

C. Both: Cellular towers and router fingerprints are unavoidable if
other people's devices are in range. Neither platform gives full
control there.

CORRECTION

C. Both: Cellular towers are used whenever you connect to cellular
service so practical user control is limited on both platforms.

However, router fingerprints can be avoided on Android by disabling
Wi-Fi scanning or Location Accuracy, but iOS provides no equivalent
toggle. So Android is far more private than iOS is in this matter.

However, most people are rude so billions of other people's
devices will still collect and upload nearby router fingerprints
(because rude people are everywhere), so neither platform gives
full protection from rude people uploading Wi-Fi fingerprints.

So this is a correct technical summary of iOS/Android differences...

Router fingerprints (Wi-Fi BSSIDs):

iOS:
Scan: Always scans nearby networks when Location Services is on,
even if Wi-Fi is off in Control Center.
Save: BSSIDs cached locally.
Upload: Transmitted to Apple servers when Location Services is on.
No user toggle to disable scanning or uploading except
disabling Location Services entirely.

Android:
Scan: Scans nearby networks when Wi-Fi scanning is enabled in
Location settings.
Save: BSSIDs cached locally.
Upload: Transmitted to Google servers only if Location Accuracy
is enabled. User can disable Wi-Fi scanning or Location
Accuracy to prevent upload while keeping other location
features.
--
Rude people are stupid people. And most people are stupid. Not me.
But that's why most owners of iOS & Android devices are rude people.
--- Synchronet 3.21a-Linux NewsLink 1.2

From Newsgroup: alt.internet.wireless

Marion wrote:

However, most people are rude so billions of other people's
devices will still collect and upload nearby router fingerprints
(because rude people are everywhere), so neither platform gives
full protection from rude people uploading Wi-Fi fingerprints.

Notwithstanding most iOS/Android owners are stupid and rude (not me, but
most are) if we ignore that observation of the fact most people are stupid, then in purely technical terms, to combat those people (who will destroy
your privacy), this applies for the access point of your home router...

1. Autoconnect behavior

A. iOS
1. Autoconnect: Enabled by default for saved networks.
2. Control: No per-network autoconnect toggle; you must "Forget
This Network" or disable Wi-Fi entirely.

B. Android
1. Autoconnect: Enabled by default for saved networks.
2. Control: Per-network "Auto-connect" toggle available; trivial
to disable without forgetting the network.

Note that again and again, Android is far more private than iOS.

2. Evil twins (same SSID/security)

A. iOS
1. Exposure: Will attempt to connect if SSID/security match and
autoconnect is on.
2. Control: No granular per-network autoconnect toggle; defense
requires forgetting the network or disabling Wi-Fi.

B. Android
1. Exposure: Same base risk if SSID/security match.
2. Control: Disable autoconnect per SSID; developer options for
stronger MAC randomization reduce device traceability.

Note that again and again, Android is far more private than iOS.

3. Wi-Fi scanning, saving, uploading (router fingerprints/BSSIDs)

A. iOS
1. Scan: Occurs when Location Services is on.
2. Save: BSSIDs cached locally.
3. Upload: Sent to Apple when Location Services is on.
4. Control: No toggle to stop scanning/upload short of disabling
Location Services globally.

B. Android
1. Scan: Controlled by "Wi-Fi scanning" in Location settings.
2. Save: BSSIDs cached locally.
3. Upload: Controlled by "Location Accuracy."
4. Control: User can disable Wi-Fi scanning and/or Location
Accuracy to avoid upload while keeping other features.

Note that again and again, Android is far more private than iOS.

4. MAC address privacy

A. iOS
1. Private Wi-Fi Address: Per-SSID randomized MAC.
2. Control: No per-connection randomization.

B. Android
1. Per-SSID randomization: Supported.
2. Per-connection randomization: Available in developer options;
stronger device identity protection.

Note that again and again, Android is far more private than iOS.

5. Hidden SSID and _nomap

A. Hidden SSID
1. Scan: Passive SSID discovery is eliminated; detection relies on
active probes or association. BSSID remains visible.
2. Upload: Can still be uploaded when discovered; hiding does not
prevent upload.

B. _nomap
1. Effect: Does not stop scanning/saving/upload; it signals do-not-
index in location databases. Indexing is affected, not capture.

I note that this post crosses into the domain of your router setup.
Most people don't know what I know so their router is in the database.

Mine isn't in the database.
See my prior comments about only stupid people being in the database.

Also, most people rudely upload everyone else into the database.
I don't.

Again, see my prior comments about stupid people destroy your privacy.
Unless you're intelligent about protecting it.
--
The difference between intelligent & stupid people is in what they do.
--- Synchronet 3.21a-Linux NewsLink 1.2

From Newsgroup: alt.internet.wireless

SUMMARY

1. Wi-Fi scanning
A. iOS: Always scans nearby networks when Location Services is on,
even if Wi-Fi is off. No user toggle; only disabling Location
Services stops it.
B. Android: Scans only if Wi-Fi scanning is enabled. User can toggle
at Settings > Location > Wi-Fi scanning. Disables scan, save, and
upload together.

Take a guess which is more private...

2. Bluetooth scanning
A. iOS: Always scans for beacons when Location Services is on, even
if Bluetooth is off in Control Center. No granular toggle.
B. Android: Scans only if Bluetooth scanning is enabled. User can
toggle at Settings > Location > Bluetooth scanning.

Take a guess which is more private...

3. Cellular towers
A. iOS: Tower IDs always collected for service. Uploaded if Location
Services is on. No user control short of disabling cellular.
B. Android: Same situation. Tower IDs always collected and uploaded
if Location Accuracy is on. No viable user control short of disabling
cellular (or using a second phone as I described in another thread).

Both are about the same in terms of tower ID privacy.

4. GPS
A. iOS: GPS fixes calculated locally. Uploaded only when system
services or apps request them. User can disable Location Services
globally or per app.
B. Android: Same. GPS fixes calculated locally. Uploaded only when
system services or apps request them. User can disable Location
globally or per app.

Both are about the same in terms of GPS privacy.

5. Access point fingerprints (Wi-Fi BSSIDs)
A. iOS: Always scanned and uploaded when Location Services is on.
No user toggle. Other iPhones upload your router even if you do
not use Maps.
B. Android: Scanned and uploaded only if Location Accuracy is on.
User can disable Location Accuracy to prevent upload, but other
people's phones still upload your router.

Take a guess which is more private...

6. Sensors (motion, compass, barometer, etc.)
A. iOS: Available to apps with permissions. No global toggle.
B. Android: Same. Available to apps with permissions. No global
toggle.

Both are about the same in terms of sensor privacy.

7. Router-level and connection controls
A. Autoconnect
1. iOS: Enabled by default. No per-network toggle. Must forget
network or disable Wi-Fi.
2. Android: Enabled by default. Per-network toggle available.
Easy to disable without forgetting.

Take a guess which is more private...

B. Evil twins
1. iOS: Will connect if SSID/security match. No granular defense
beyond forgetting or disabling Wi-Fi.
2. Android: Same base risk, but autoconnect can be disabled per
SSID. Developer options allow stronger MAC randomization.

Take a guess which is more private...

C. MAC address privacy
1. iOS: Private Wi-Fi Address randomizes per SSID only.
2. Android: Randomizes per SSID and per connection (developer
options). Stronger identity protection.

Take a guess which is more private...

D. Hidden SSID
1. Scan: Passive SSID discovery eliminated; detection relies on
active probes. BSSID remains visible.
2. Upload: Hidden SSIDs can still be uploaded if discovered.

E. _nomap
1. Effect: Signals do-not-index in databases.
Does not stop scanning, saving, or uploading.

8. Bottom line
A. iOS: Defaults ON for Wi-Fi and Bluetooth scanning, saving, and
uploading. No granular toggles; only disabling Location Services
stops it.
B. Android: Defaults ON, but provides explicit toggles for Wi-Fi and
Bluetooth scanning. Users can disable scan, save, and upload while
keeping other location features.
C. Both: Cellular towers and router fingerprints remain outside full
user control because other people's devices upload them.

Almost always, Android is far more private than iOS, but both suck.

What matters is, my router isn't in the database and I am not adding your router to the database; but are you set up as privately as I am set up?
--
The difference between intelligent people and everyone else is that
smart people can handle an inordinate amount of technical details.
--- Synchronet 3.21a-Linux NewsLink 1.2