CID info via API and SCREEN_STATE

Created by: andr3jx

We know that Google has more accurate information about cell towers in comparison to OpenCellID. I did some research on their non-public api. I downloaded Gmaps.apk and decompiled it to smali. There I found a url "http://www.google.com/glm/mmap", which I googled. Here info how to use this api (redundant):

http://www.open-electronics.org/how-to-find-the-location-with-gsm-cells/ (later I realized that it was already posted here). https://code.google.com/p/birdnest/source/browse/branches/gae/birdnest/glm.py?spec=svn82&r=82 https://gist.github.com/creotiv/3713832 http://www.codeproject.com/Articles/31965/Learn-How-to-Find-GPS-Location-on-Any-SmartPhone-a https://code.google.com/p/mwop/source/browse/sandbox/server/mwop-server/src/com/mwop/server/cellID/AbstractCellIDProvider.java?r=18 http://cdacians.blogspot.de/2012/08/convert-celllocation-to-real-location.html

So what we can do is simply use their hidden api to check if they have a particular cell in their database and if they do we can get GPS coordinates of the cell + submit it to OpenCellID. We can also get the coordinates of Neighbour-Cells and calculate a more or less precise location based on signal stregth of the cells. The question is how reliable is Googles mobile network info? If we have a cell which is not in Google's database, it could be an indicator that it is an IMSI Catcher.

It would be better if we could download all mobile network info in an area. I'm interested which data is stored in Google's offline maps and if it is possible to access this data somehow. I tried to intercept offline maps data but couldn't bypass SSL encryption (Certificate pinning and other problems). But I found these tools so I'm sure there is a way to bypass SSL or attach a debugger to GMaps.

There is also the official Google Geolocation API, but you need to pay for an API key.

Want to back this issue? Post a bounty on it! We accept bounties via Bountysource.