I set a simple task to turn off WiFi when my home network is not detected so my phone doesn’t scan and report my location to businesses.
I was under the impression that BSSID scanning was entirely passive, and that a phone that scans for beacons doesn’t actually reveal itself to anyone.
I get how it works with wifi connections, and Bluetooth scanning (since that’s a peer to peer protocol that needs to broadcast its availability), and obviously the OS-level location services, but I’m still not seeing how seeing wifi beacons would reveal anything. For one, pretty much every mobile device OS now uses MAC randomization so that your wifi activity on one network can’t be correlated with another. And for another, I think the BSSID scanning protocol is listen only for client devices.
Happy to be proven wrong, and to learn more, but the article linked doesn’t seem to explain anything on this particular supposed threat.