Services like this are actively in use by most Banks/ATMs around the world on most mobile carriers, just via creative but common reusing of long standing mobile/telco protocols.<p>GSMA are actively attempting to lockdown them existing methods, as they’re built on trust in a very untrustworthy environment between carriers, and in some cases state actors.<p>Sure on the face of it this isn’t brilliant to the average HN reader, but with context it’s a significant improvement vs where we are today.
This has been around for ages. At least 20 years now. Loc-Aid had been one of the biggest provider of location data.<p>Here are some articles:<p>* <a href="https://www.nytimes.com/interactive/2018/12/10/business/location-data-privacy-apps.html" rel="nofollow noreferrer">https://www.nytimes.com/interactive/2018/12/10/business/loca...</a><p>* <a href="https://readwrite.com/loc-aid-the-biggest-location-s/" rel="nofollow noreferrer">https://readwrite.com/loc-aid-the-biggest-location-s/</a><p>* <a href="https://www.technologyreview.com/2011/12/09/189247/startup-turns-your-cell-phone-number-into-a-location-fix/" rel="nofollow noreferrer">https://www.technologyreview.com/2011/12/09/189247/startup-t...</a>
Also further reading it<p>>Traffic management of drones: the Uncrewed Aircraft System Traffic Management or the drone operator can obtain drone location information from its GPS data, however this is vulnerable to jamming or spoofing. They can query the API to verify the drone location, e.g. for law enforcement purposes or to check compliance with approved flight plan.<p>That’s not the real use case since not a single drone (commercial or consumer) is using the builtin GNSS in the modem (if any as most don’t even have modems) as they are usually weak compared to professional ones, the real reason is<p>> or to check compliance with approved flight plan.<p>There! Quick background: consumer drones like DJI are easily trackable by DJI AeroScope [1] which is actively used by police to track these drones in specific events, and now FAA is also requiring the remote ID is an extension to that to cover other drones. However, that doesn’t cover all drones, you have a sub-category of drones that are un-trackable, not easily anyway, the ones that fly over cellular networks, which is a challenge to know since from network perspective it’s just another UE, so what’s the easiest way to know?! Exactly, the builtin gnss, a quick query and you can tell, although I’m still not sure how they will distinguish the normal UE from drone UE. So I wouldn’t be surprised that people are disabling the builtin gnss either by the AT commands or just disconnecting the antennas.<p>[1] <a href="https://www.dji.com/ca/mobile/aeroscope" rel="nofollow noreferrer">https://www.dji.com/ca/mobile/aeroscope</a>
The reference repository - with some more information - seems to be on [1]. It also includes meeting minutes other than some early API spec.<p>Ah! Meeting information are also included... you know, in case one is interested in attending.;-)<p>[1] <a href="https://github.com/camaraproject/DeviceLocation">https://github.com/camaraproject/DeviceLocation</a>
> The API allows an application to check if a mobile device is in proximity of a given location. The API request contains the location to be checked and an accuracy range in km (between 2km and 200km). The API response indicates whether the location is within the accuracy range of the last known location of the MSISDN.<p>I'd say this can only "give away" the location if you already roughly know where someone is AND no rate limit exists.
The network simply has to have a pretty good idea of where the given MS is and how fast it is moving in which direction. The network maintains some kind of CDMA/OFDM/whatever radio link to said MS and thus either has to know that or learns the same data from behavior of the link. What this does is formalisation of how these data can be queried and used and by whom.
> Retail marketing: a retailer Edge Application may query the API to verify that a user is close enough to a physical location before pushing a notification to them.<p>Hopefully by the time this is rolled out, GDPR enforcement would’ve actually caught up and forced them to make it opt-in only.
Wonder if this is in response to BeiDou having such tracking built in. There is a lot of potential value that businesses can derive from location data.