Mobile devices with GPS capabilities typically run what are known as location services. These services map a GPS-acquired location to the corresponding businesses or other entities close to that location.
In terms of organization security and personal privacy, mobile devices with location services enabled are at increased risk of targeted attacks because it is easier for potential attackers to determine where the user and the mobile device are, and to correlate that information with other sources about who the user associates with and the kinds of activities they perform in particular locations. This situation can be mitigated by disabling location services or by prohibiting use of location services for particular applications such as social networking or photo applications.
Users may also be trained to turn off location services when in sensitive areas. However, a similar problem can occur even if GPS capabilities or location services are disabled. It is increasingly common for websites and applications to determine a person's location based on their Internet connection, such as a Wi-Fi hotspot or IP address range. The primary mitigation for this is to opt out of such location services whenever possible.
Organizations should be aware that keeping location services enabled can also have positive effects on information security. For example, different security policies can be enforced depending on whether the mobile device is being used within the organization's facilities or outside the organization's facilities.