Re: Why the OS can't enforce user selections?
It can, but this data was not location data, it was network data.
In order for the location APIs to function, the user must grant access. So if an app tries to get a GPS location, it can't if the access was not granted.
However, the BSSID is just network data (information about the WiFi connection). It just so happens that this one piece of data can actually pin-point you to a house or business location thanks to public snooping done by many companies (including Google).
So the BSSID does not tell someone where you are, but it can be used to find a location if you use a different service.
Ideally access point manufacturers would implement some sort of rolling BSSID (just as cell phones can roll their MAC address) to prevent tying a AP to a static location. But considering how shitty the security is in general, I don't think it's a major priority of theirs.
Biting the hand that feeds IT
