naive question, if you use f droid and you have location services on, use a bunch of social apps, have google maps on it, use it normally, what extra layer will f droid have with all of those leaks anyways?
F-droid is an app store that carries only FOSS apps that do not have any Google API's. These apps are generally safe. Some may require your location such as maps to function. The difference with most of these mapping apps based on OSM.org is that they do not transmit your location anywhere.
You can still install other proprietary location harvesting apps on your phone. If you do so, you are just minimizing the number of data harvesters.
To ensure nobody but you knows where you are:
1. Have only safe apps installed.
2. An OS that does not send your location to Google, Apple, or others
3. Your SIM must not be transmitting to the Telco's. This means no SIM or airplane mode.
You can make emergency calls without a SIM card. The phone identifies itself to the network (with IMEI), even if there is no SIM. The telcos, obviously, map IMEIs to SIMs. (Perhaps needless to say, but for basic operational purposes they have to quite efficiently triangulate your position, to know which cell tower to instruct your phone to use.)
Having no SIM does not help you conceal your phone's location at all, only perhaps to make it harder to map it to your identity.
I don't know if any location data might leak in airplane mode, but I would not be surprised if some did, for example, through NFC or Bluetooth.
This depends on what airplane mode means on your phone. With GrapheneOS, airplane mode blocks baseband transmission, but you can optionally still turn on Bluetooth and/or WIFI. If you dial 911, airplane mode is immediately turned off for the call to go through and stays off until you turn it back on.
WIFI triangulation or bluetooth mesh can be used for location tracking in particular areas. MAC address randomization and generic phone ID makes this more difficult, but broadcasts of known devices in WIFI or bluetooth scanning can give you away.
The worlds worst privacy offenders make/sell phones. Google. Samsung. Apple.
Google, no need to explain.
Samsung? All their apps, their keyboard, collect, collect collect.
Apple? Walled garden of share data with Apple.
And beyond this, for example on Samsung builds, the GPS daemon calls home(Qualcomm? looked into it a year ago...) to update agps data, but also... provide tracking info.
Any f-droid app that depends on location uses the standard android location APIs. That means you're submitting what RF networks (mobile and wifi) are visible, and Google then passes back an approximate location. Once you have a good GPS lock, the same data is submitted to Google again for inclusion in their database.
If you avoid installing Google Play services, you'll have to use a framework like microG that re-implements the Google APIs. microG lets you plug in a number of backends, with a default of sending the same data to Mozilla Location Services instead of Google. You can easily turn this off and use local-only location providers that either build their own database any time you have a GPS lock, or use downloads from opencellid.
Unified-nlp is another option to replace the Google location backbend. It similarly allows you to select location options or build your own local database.
None. F-Droid is just an app store whose apps tend to be very safe. It isn't a program to protect you from apps that you installed from other stores, or from google.
