Qualcomm has acknowledged the issue as being known since 2014 and has
released guidance for their OEM customers on fixing the issue. The fix
includes the use of SSL servers to retrieve the XTRA and XTRA2 data
files, and the eventual switchover to the new XTRA3 data format which
includes a digital signature as described above.<p>Google has acknowledged that this issue affects the Android OS. A fix
for this issue is included in the December 2016 Android bulletin.<p>Apple and Microsoft have indicated to us via email that GPS-capable
devices manufactured by them including iPad, iPhones, etc. and
Microsoft Surface and Windows Phone devices are not affected, since
they use an internal secure delivery mechanism for this data, and do
not retrieve data directly from Qualcomm’s servers.