Radio resource location services (LCS) protocol (RRLP) applies to GSM and UMTS Cellular Networks. It is used to exchange messages between a handset and an SMLC in order to provide geolocation information;[1] e.g., in the case of emergency calls. The protocol was developed in order to fulfil the Wireless Enhanced 911 requirements in the United States. However, since the protocol does not require any authentication, and can be used outside of a voice call or SMS transfer, its use is not restricted to emergency calls and can be used by law enforcement to pinpoint the exact geolocation of the target's mobile phone. RRLP was first specified in 3GPP TS 04.31 - Location Services (LCS); Mobile Station (MS) - Serving Mobile Location Centre (SMLC); Radio Resource LCS Protocol (RRLP).[2]
Harald Welte proved at HAR2009[3] that many high-end smart-phones submit their GPS location to the mobile operator when requested. This happened without any sort of authentication.
RRLP supports two positioning methods:
The method type indicates whether MS based or assisted location is to be performed.
In this mode, the network typically needs to send so-called assistance data to the phone.