IIRC, it involves someone keeping track of the SSIDs and location data (from a GPS) together and building up a database of that information. Google got caught doing that with the vans they use to take pictures for street view a couple years back and a bunch of people got mad about it.

When you connect to the Internet, you are given an IP address.

IP addresses, to some degree, can be traced to locations. It’s kind of like how you can roughly tell where a car is from just based on the design of the license plate, even if the actual number on it doesn’t tell you anything. In a somewhat similar way, the first several digits of your I.P. address can tell certain in-the-know parties a lot about where you must be physically located.

Lots of people have devices with applications that have permission to see the user’s network information. This includes your I.P. address and the SSID of the Wi-Fi network you’re connected to. Those same applications may phone that data home to the parent entity who keeps a log of that information, e.g. “NSA Surveillence Van #69420 has IP address xx.xx.xx.xx”.

Now, if another user with a mobile device that’s also scraping network data to that entity sees the Wi-Fi network named “NSA Surveillence Van #69420”, that entity can infer that that device must be somewhere within Wi-Fi range of that I.P address it has on record. And since I.P. addresses can be traced to physical locations, that can thus be used to get the physical location of that device, to some degree of accuracy.

Throw in some triangulation based on relative signal strengths to all of those nearby Wi-Fi networks and you can get a surprisingly clear picture of where a device is located based only on the Wi-Fi networks it can see nearby.

This is essentially the same technique that phone companies can use to geolocate your phone using only mobile data. Just replace “Wi-Fi network” with “cell phone tower”.

In order to reach the internet, you need to go through an ISP (internet service provider). The ISP is a for profit company that only gives internet to devices that have paid it money. The ISP can do this because it has a list of devices/access points that have paid it, and every time a device asks it for internet it checks against that list to see if this request has paid enough to be allowed the internet. And, just like most service providers, billing information and location will be connected to the account.

So the ISP knows what account is accessing the internet based on what WiFi you are connected to. And it knows the approximate location of each WiFi account it allows. Combined, anything that has access to the ISP data can know your approximate location. Even things that don’t have the inner ISP data can still have a guess within a city or so, because they get the internet request from your ISP and the ISP has an approximate location as well (this is how location targeted ads can work).

When your phone connects to the GPS satellites, it also periodically takes a snapshot of any wireless networks that it can see nearby. The company that creates your phone’s OS (Apple/Google) keeps a database of this information so that it basically knows the physical location of every publicly available wireless network (based on the unique MAC address of each access point). So when your phone tries to find its location and it can’t get a good GPS signal, it will instead compare what wireless networks it can see against that database, and it will determine your location based on that instead.

If you ever move and take your wireless router with you, you might notice that your phone will incorrectly report your location as your old address for a while when you’re at home, until the database gets a chance to update with the new location for your wireless network.

​

FYI, if you want to opt your own wireless network out of this location database, you can append “_nomap” to the end of your SSID. I know that Google will respect this, I’m not sure if Apple or anyone else does though.

When anyone approaches your location with Google Maps running in the foreground Google records GPS position and the signal strength of all nearby wi-fi access points and Bluetooth devices. Google also collects that information using a background service running on all Android phones. They don’t do that aggressively all the time but occasionally so it takes time. Just a single measurement is enough to associate a wi-fi ssid a GPS location with a 300 ft uncertainty. The more measurements they collect the lower the uncertainty.