Android 15 may let you control when your location is shared with carriers

Your location is one of the most sensitive pieces of information about you that an app can collect. It could show where you live, what people or businesses you visit, and potentially what you’re currently doing. That’s why Android offers robust privacy settings to manage which apps can access your location. Still, the OS can do little to prevent your carrier (cellular network) from getting your location. In Android 15, though, the OS might get a way to prevent your location data from being sent to your carrier.

The Android OS can easily restrict or grant location access to Android apps because those apps have to use APIs provided by the OS to get the location. However, the firmware running on the device’s cellular radio is a different story. Cellular radios in mobile phones are often made by someone other than the phone’s OEM, and they often run proprietary firmware that the Android OS can only interact with using well-defined hardware abstraction layer (HAL) APIs that the radio vendor added support for. Starting in Android 15, radio vendors will be able to add support for Android’s new location privacy HAL, which can tell the radio not to share location data for any non-emergency requests.

According to the GSM standard for location services, there are a few ways to determine your device’s location. The most common scenario is the Mobile Originated Location Request (MO-LR), which is when the device itself pings the network to get its current location. A Mobile Terminated Location Request (MT-LR), on the other hand, occurs when a third party — such as emergency services during a non-emergency call — requests the device’s location through the network. There’s also a Network Initiated Location Request (NI-LR) which is when the cellular network itself triggers the process of determining the device’s location. NI-LR is typically used for critical purposes where getting the user’s permission might not be possible or immediate action is needed, such as during an emergency.

While both MT-LR and NI-LR are typically used for emergency scenarios, user privacy settings can influence whether the network fulfills an MT-LR. However, the same isn’t currently true for NI-LRs. Devices with radios that support Android 15’s new location privacy HAL, however, will be able to restrict location data from being shared for any non-emergency NI-LRs.

In the Android source code for the radio HAL, a new API is being implemented to set the location privacy setting. This API “updates the current user setting of sharing the location data,” which “must be used by [the] radio before honoring a network-initiated location request for non-emergency use cases.” However, “the radio shall ignore this setting during emergency call, emergency SMS, or emergency call-back modes and continue to provide the location information to the network-initiated location requests.”

This API was originally added in a patch to the radio HAL’s source code in Android 14 QPR2, but it was removed in a later patch. The reason given for the API’s removal from Android 14 QPR2 was that the feature was being moved to “Android V,” which refers to Android 15 (V is the first letter in the internal dessert name for Android 15, ie. Vanilla Ice Cream).

Given that this new location privacy feature requires support from the radio vendor, it’s likely that many devices upgrading to Android 15 will not support it. We can at least expect to see Google add support for it in its own Pixel devices, though, given that it designs its own Tensor chipsets. Tensor chipsets are known to use Exynos modems from Samsung, but it’s likely that Google has some say in what HAL features the modems support.

Although this new location privacy feature will prevent carriers from sending an NI-LR to access your exact location outside of emergency scenarios, it likely won’t prevent them from ever getting your approximate location. Carriers can still see which cell towers your device connects to, use the strength and angle of your device’s signal to the tower, and then look up your device’s unique cellular identifier to determine your general location. Your location may never be private when you’re connected to a cellular network, but at least Android 15 will give you more control over when your location is being shared. This feature could potentially also mitigate attacks from “Stingray” devices that mimic real cellular networks to trick your device into connecting and thus sending data to them.