If it is in plaintext HTTP, why not post the actual packets/requests instead of fear mongering with what "could" be sent? I'm guessing it literally is just a GET request for a static A-GPS file. No private data exfiltration. This is just an ad, provides no evidence of actual wrong doing by Qualcomm...