last updated: 2023/07/20

- Acronyms:
	- GNSS		global navigation satellite system		https://en.wikipedia.org/wiki/Satellite_navigation
	- A-GNSS	assisted GNSS					https://en.wikipedia.org/wiki/Assisted_GNSS
	- SBAS		satellite based augmentation systems		https://en.wikipedia.org/wiki/GNSS_augmentation
	- GBAS		ground based augmentation systems		https://en.wikipedia.org/wiki/GNSS_augmentation
	- TTFF		time to first fix				https://en.wikipedia.org/wiki/Time_to_first_fix
	- NLP		network location provider			https://en.wikipedia.org/wiki/Wi-Fi_positioning_system
	- PSDS		predicted satellite data service
	- SUPL		secure user plane location			https://en.wikipedia.org/wiki/Assisted_GPS#SUPL
	- MSA		mobile station assisted				https://en.wikipedia.org/wiki/Assisted_GPS#Modes_of_operation
	- MSB		mobile station based				https://en.wikipedia.org/wiki/Assisted_GPS#Modes_of_operation
	- RRLP		radio resource location services protocol	https://en.wikipedia.org/wiki/Radio_resource_location_services_protocol
	- LPP		location positioning protocol			https://www.rohde-schwarz.com/br/file/LTE_LBS_White_Paper.pdf
	- LPPE		LPP extensions


- GNSS is any of GPS (US), GLONASS (RU), Beidou (CN), and Galileo (EU).
	- GNSS satellites can be further helped via SBAS and GBAS.
		- These are land towers or ocean buoys or even alternative satellites systems.
- GNSS TTFF is slow due to the data rates and distances.
- GNSS TTFF can be sped up by using PSDS or A-GNSS.


- While waiting for a GNSS lock or when an accurate location isn't necessary a NLP can be used instead.
	- NLP does not reduce the GNSS TTFF.
	- NLP typically works by using Wi-Fi access points against a database of their locations and can be very accurate.
	- Examples of NLP are Google Play Services, Qualcomm IZat, and microG's UnifiedNlp.
		- Google and Qualcomm NLP handling performs lookups on their servers allowing them to effectively know your location.
		- UnifiedNlp has both online (eg. Ichnaea) and offline (eg. Deja Vu) databases.
	- Google NLP
		- Can be avoided by not having Google Play Services.
		- Likely is tied to your Google account.
	- Qualcomm NLP
		- Is typically opt-in.
		- Is not on all Qualcomm devices as they charge vendors extra to license it.
		- Includes lots of additional personal or device information:
			- "Qualcomm Location Service": https://www.qualcomm.com/site/privacy/services
		- DivestOS explicitly removes most of the Qualcomm location stack, including this NLP, since 2017/01.


- A-GNSS control plane (needs more research/verification)
	- These are protocols such as RRLP, LPP, and LPPE
	- RRLP is a basic signal strength based mechanism to determine location
	- LPP extends that by taking into account the extra antennas that LTE has and their angles
	- LPPE extends that with extra sensor data like barometer and visible Wi-Fi networks
	- DivestOS has disabled LPP and LPPE since 2023/07/10: https://gitlab.com/divested-mobile/divestos-build/-/commit/f699e1bc86ff433d25dce3c8bda341fdcb8dc786


- A-GNSS user plane (SUPL)
	- SUPL is a two-way street, as in the server and client can ask each other to do things.
	- SUPL can provide the almanac as well as ephemeris data.
	- SUPL MSA works by the client sending the server everything it knows so the server can calculate location.
		- This mode allows the server to effectively know your location.
		- DivestOS has disabled MSA since 2018/08/08: https://gitlab.com/divested-mobile/divestos-build/-/commit/bf717204e3ecabb1c87201929fedc0ab9a4632cf
	- SUPL MSB works by the server sending everything it knows to the client so the client can calculate location.
	- SUPL requests may contain visible cell towers and their signal strengths.
	- SUPL (MSB) requests on Android typically include the IMSI, MCC, and MNC.
		- Kuketz publicized the IMSI issue first on 2018/10/04: https://www.kuketz-blog.de/android-imsi-leaking-bei-gps-positionsbestimmung/
		- Many aftermarket systems do not include the IMSI:
			- MSe1969 authored the original patch sometime around or before 2018/10/29
			- DivestOS since 2019/06/02: https://gitlab.com/divested-mobile/divestos-build/-/commit/bb72bccbe
			- GrapheneOS since 2023/01/25: https://grapheneos.org/releases#2023012500
				- DivestOS sent MSe1969's patch to GrapheneOS on 2021/08/08: https://github.com/GrapheneOS/platform_frameworks_base/pull/87
			- CalyxOS since 2023/03/16: https://calyxos.org/news/2023/03/16/march-update/
				- DivestOS sent MSe1969's patch to CalyxOS on 2021/08/08: https://gitlab.com/CalyxOS/calyxos/-/issues/618
			- LineageOS 20.0 since 2023/03/12: https://review.lineageos.org/c/LineageOS/android_frameworks_base/+/350287
			- iodéOS since late 2021/early 2022?
	- Android uses supl.google.com as a fallback SUPL server.
		- Carrier config or SIM card can override this.
		- An emergency call can also override this.
			- This functionality may have been abused (by carriers) to gather accurate locations when not actually in an emergency call.
				- https://nvd.nist.gov/vuln/detail/CVE-2018-9526
		- supl.google.com only supports MSB.
		- GrapheneOS provides a proxy override for this since 2023/03/04: https://grapheneos.org/releases#2023030400
		- Some aftermarket systems change the fallback to supl.vodafone.com which is actually just a CNAME to supl.google.com.
	- Some aftermarket systems allow the user to disable use of SUPL:
		- GrapheneOS since 2023/02/10: https://grapheneos.org/releases#2023021000
		- DivestOS 17.1+ since 2023/02/11: https://gitlab.com/divested-mobile/divestos-build/-/commit/49f5f1c6740eb36153af2cb8032322dcca7df84b
		- CalyxOS since 2023/03/16: https://calyxos.org/news/2023/03/16/march-update/
			- LineageOS has this same SUPL/PSDS/XTRA toggle since 2023/06/06: https://review.lineageos.org/q/topic:agps
				- DivestOS & iodéOS also inherit this toggle on 20.0
		- iodéOS since 2023/02/11?


- PSDS is used to download the almanac of the current satellites and their paths.
	- Fetching this file over the Internet is much quicker than waiting for it to be slowly broadcasted.
	- This is typically a static request for a file.
	- Broadcom GPS chips (eg. Samsung Exynos, Google Tensor, and NVIDIA Tegra)
		- The PSDS server is typically defined by the carrier config.
			- Tensor devices use agnss.goog.
			- Others use the plain gllto.glpals.com.
				- DivestOS overrides Tensor to this as well since 2023/01/20: https://gitlab.com/divested-mobile/divestos-build/-/commit/9558a7d0e9a8de04c7c9b5c4c5cb637834ed52dc
			- GrapheneOS provides a proxy for this request since 2022/04/19: https://grapheneos.org/releases#2022041900
		- The PSDS requests are performed by the Android system (frameworks/base), not the GPS stack.
		- These PSDS requests are not known to contain any personal or device information.
	- Qualcomm GPS chips
		- The PSDS server is typically defined by the GPS stack.
			- This is usually xtrapath[1-9].izatcloud.net.
			- The Android system could override the server chosen.
				- GrapheneOS provides a proxy override for this since 2023/05/05: https://grapheneos.org/releases#2023050500
		- The PSDS requests are performed by the GPS stack, specifically xtra-daemon or libloc.
		- The PSDS requests have a User-Agent containing Android version, device manufacturer & model, carrier, and chipset serial number.
			- "Qualcomm GNSS Assistance Service": https://www.qualcomm.com/site/privacy/services
			- With `strings` this can be seen grep'ing for: `/sys/devices/soc0/serial_number` and `XTRA_UA`
			- With libloc source code access this can be seen as: setXtraUserAgent(), proc(), saveUserAgentString(), and getChipsetSerialNo()
		- The PSDS requests may be performed over plain-HTTP, especially if they were before 2018 or so
			- https://nvd.nist.gov/vuln/detail/CVE-2016-5341
		- DivestOS has removed xtra-daemon since 2017/01: https://divestos.org/pages/network_connections#psds
		- DivestOS has removed serial number access since 2023/05/03
		- DivestOS has removed the User-Agent from source-built libloc since 2023/05/05
		- GrapheneOS removes serial number access and User-Agent from xtra-daemon since 2023/04/29: https://grapheneos.org/releases#2023042900
		- CalyxOS removes serial number access since 2023/06/02: https://calyxos.org/news/2023/06/02/feature-update/
			- LineageOS has this same patchset since 2023/06/09: https://review.lineageos.org/q/I6254ef6e160ff0d3c3ce2e51f20f557e75826dff
	- Some aftermarket systems allow the user to disable use of PSDS & XTRA:
		- GrapheneOS has a toggle since 2023/05/05: https://grapheneos.org/releases#2023050500
		- CalyxOS has a toggle since 2023/06/02: https://calyxos.org/news/2023/06/02/feature-update/
			- LineageOS has this same SUPL/PSDS/XTRA toggle since 2023/06/06: https://review.lineageos.org/q/topic:agps
				- DivestOS & iodéOS also inherit this toggle on 20.0


- TODO
	- Geofencing
		- DivestOS has disabled geofencing since 2018/09/19: https://gitlab.com/divested-mobile/divestos-build/-/commit/289b110d8f9644ccf1fc17388120d4e9bad886f3
	- OMA-DM
		- DivestOS has removed OMA-DM blobs since 2017/01/25: https://gitlab.com/divested-mobile/divestos-build/-/commit/80a20859845e5cb4b071138d15929f2b8b11b2e2
		- GrapheneOS has removed OMA-DM blobs since 2017/02/13: https://github.com/GrapheneOS-Archive/android-prepare-vendor/commit/ea4b42c617991607970471f6eee2615f29570dc4
		- CalyxOS since ???
	- CarrierLocationServices
		- DivestOS has removed CarrierLocation blobs since 2020/10/20: https://gitlab.com/divested-mobile/divestos-build/-/commit/0958df7de54fde71ba4ecb742bf76d80424d652d
		- GrapheneOS since ???
		- CalyxOS since ???


See something wrong? Open an issue or merge request:
- https://gitlab.com/Divested-Mobile/DivestOS-Website/-/blob/master/static/misc/gnss.txt
- https://github.com/Divested-Mobile/DivestOS-Website/blob/master/static/misc/gnss.txt
- https://codeberg.org/divested-mobile/divestos-website/src/branch/master/static/misc/gnss.txt