It may have a reasonable explanation of benefits it provides, but so does Intel Management Engine and nearly every privacy-invading feature ever.

I know you didn't personally design it so I'm not asking you these questions, more just thinking through this (although anybody knows the answers I'd appreciate hearing them so I can be more informed).

Why does this need to be built in at such a low level that not even flashing a new OS can see it/stop it? Why can't it be something users can opt in to, or at a minimum opt out of? Whether sinister or not, it's a "call home" mechanism built into to the lowest levels of the hardware, an area where users are powerless, even though they "own" the device.

> Why does this need to be built in at such a low level that not even flashing a new OS can see it/stop it? Why can't it be something users can opt in to, or at a minimum opt out of? Whether sinister or not, it's a "call home" mechanism built into to the lowest levels of the hardware, an area where users are powerless, even though they "own" the device.

It's done by the ROM, at the OS level, not the chipset. Some custom ROMs will proxy this request to mask your IP.

> Why does this need to be built in at such a low level that not even flashing a new OS can see it/stop it?

Nobody has shown evidence of that. The article certainly didn't

Leaving aside the opt-in/opt-out possibility.

You can remove the services that download the extra GPS data, nothing stops you from doing that, aside making GPS unusable :)

How?

You have to manually strip the QCOM additions in the vendor side. It's just a matter of removing files, but I wouldn't expect to do it without some knowledge how the whole thing works in Android, without breaking GPS as a whole.

And it isn’t the case that the baseband processor is somehow accessing wifi without the knowledge of the kernel. That was a bizarre accusation.

But it's still sharing personal data over an unencrypted connection. That's pretty much illegal under the GDPR laws.