Home / News

Researchers Expose Privacy Risks in Apple and Starlink’s Geo-Location Data, Uncovering Military and Civilian Tracking

Heatmap of Starlink routers in Ukraine. (Source)

Researchers from the University of Maryland have revealed significant privacy and security concerns related to the way Apple and Starlink geo-locate devices. Their study found that Appleā€™s Wi-Fi Positioning System (WPS) collects and publicly shares precise locations of Wi-Fi access points. This allows devices to determine their location without constantly relying on GPS. However, the researchers discovered that by querying Apple’s system, they could track movements and identify locations of military personnel in conflict zones, specifically in Ukraine and Gaza.

Global mapping: The team, led by Associate Professor David Levin and Ph.D. student Erik Rye, used Apple’s data to map over two billion Wi-Fi access points globally, with notable absences in China, central Australia, and parts of Africa and South America. By focusing on specific conflict zones, they identified Starlink terminals, revealing movements of Russian and Ukrainian troops, and tracked changes in Gaza during the Israeli-Hamas conflict.

Starlink updates: Starlink, owned by SpaceX, responded by implementing software updates to randomize the BSSID (a unique identifier for Wi-Fi access points) of their devices to enhance privacy. Despite these updates, Levin and Rye’s findings showed a significant decrease in trackable Starlink devices, indicating the changes were effective.

Apple has also addressed the issue by updating its privacy policy in March 2024, allowing users to opt-out of location data collection by adding “_nomap” to their Wi-Fi access point’s name. This change came after the researchers highlighted the lack of opt-out options.

Bottom line: The researchers caution that their findings present risks for vulnerable populations, such as those fleeing abusive relationships, and urge Apple to implement further safeguards to prevent misuse of its location data. They also noted that mobile hotspots, which randomize BSSIDs, do not pose the same privacy risks as static Wi-Fi access points.

By CircleID Reporter

CircleID’s internal staff reporting on news tips and developing stories. Do you have information the professional Internet community should be aware of? Contact us.

Visit Page

Filed Under


Comment Title:

  Notify me of follow-up comments

We encourage you to post comments and engage in discussions that advance this post through relevant opinion, anecdotes, links and data. If you see a comment that you believe is irrelevant or inappropriate, you can report it using the link at the end of each comment. Views expressed in the comments do not represent those of CircleID. For more information on our comment policy, see Codes of Conduct.

CircleID Newsletter The Weekly Wrap

More and more professionals are choosing to publish critical posts on CircleID from all corners of the Internet industry. If you find it hard to keep up daily, consider subscribing to our weekly digest. We will provide you a convenient summary report once a week sent directly to your inbox. It's a quick and easy read.

I make a point of reading CircleID. There is no getting around the utility of knowing what thoughtful people are thinking and saying about our industry.

Co-designer of the TCP/IP Protocols & the Architecture of the Internet




Sponsored byVerisign


Sponsored byDNIB.com

New TLDs

Sponsored byRadix

Threat Intelligence

Sponsored byWhoisXML API

Brand Protection

Sponsored byCSC

IPv4 Markets

Sponsored byIPv4.Global

Domain Names

Sponsored byVerisign