Monday, December 9, 2019

iPhone 11 Location Data Puzzler

Brian Krebs (tweet, Hacker News):

One of the more curious behaviors of Apple’s new iPhone 11 Pro is that it intermittently seeks the user’s location information even when all applications and system services on the phone are individually set to never request this data. Apple says this is by design, but that response seems at odds with the company’s own privacy policy.

The privacy policy available from the iPhone’s Location Services screen says, “If Location Services is on, your iPhone will periodically send the geo-tagged locations of nearby Wi-Fi hotspots and cell towers (where supported by a device) in an anonymous and encrypted form to Apple, to be used for augmenting this crowd-sourced database of Wi-Fi hotspot and cell tower locations.”

Brian Krebs (Hacker News):

Today, Apple disclosed that this behavior is tied to the inclusion of a short-range technology that lets iPhone 11 users share files locally with other nearby phones that support this feature, and that a future version of its mobile operating system will allow users to disable it.

[…]

What prompted my initial inquiry to Apple about this on Nov. 13 was that the location services icon on the iPhone 11 would reappear every few minutes even though all of the device’s individual location services had been disabled.

“It is expected behavior that the Location Services icon appears in the status bar when Location Services is enabled,” Apple stated in their initial response. “The icon appears for system services that do not have a switch in Settings”.

[…]

It is never my intention to create alarm where none should exist; there are far too many real threats to security and privacy that deserve greater public attention and scrutiny from the news media. However, Apple does itself and its users no favors when it takes weeks to respond (or not, as my colleague Zack Whittaker at TechCrunch discovered) to legitimate privacy concerns, and then does so in a way that only generates more questions.

Nick Heer:

This makes complete sense to me and appears to be nothing more than a mistake in not providing a toggle specifically for UWB. It seems that a risk of marketing a company as uniquely privacy-friendly is that any slip-up is magnified a hundredfold and treated as evidence that every tech company is basically the same.

Jeff Johnson:

I never want any data sent to Apple unless I’m directly, intentionally using an Apple service such as browsing an online store, or manually checking for software updates.

Previously:

Update (2019-12-17): Dr. Drang:

As with the release notes, the instructions here focus more on connection history than connection maintenance. I suspect Panic doesn’t want to oversell connection maintenance because it’s not entirely under their control; they know Apple could kill it with another point release.

But until that happens, I’m enjoying SSH connections that last as long as I want them to.

2 Comments RSS · Twitter

Periodic polling of Wifi, GPS, & Bluetooth to figure out what *country* you're in is insane. The baseband already knows what country it's in at all times. Check at boot, populate a country property, and push an update notification if the country property changes. No Location Services needed. No privacy implications.

@Craig: what if you go somewhere there’s no cellular service at all?

Leave a Comment