An increasing number of mobile applications and services require that devices are aware of their location. Global navigation satellite systems (GNSS) are the predominant enabling technology. But location information provided by commercial GNSS is not secure, unlike what is the usual assumption. There are only few exceptions in the literature that present GNSS vulnerabilities. In this paper, we contribute the first detailed quantitative analysis of attacks against GNSS-based localization. We show how replay attacks against GNSS can have a significant impact: even against cryptographically secured GNSS instantiations, an adversary can manipulate the location and time calculated by victim GNSS receivers. We explain in detail how such attacks can be mounted, measure their impact, and discuss the effectiveness of possible countermeasures.