{"id":38352,"date":"2023-02-01T15:46:10","date_gmt":"2023-02-01T20:46:10","guid":{"rendered":"https:\/\/mjtsai.com\/blog\/?p=38352"},"modified":"2023-02-01T15:56:44","modified_gmt":"2023-02-01T20:56:44","slug":"bypassing-ios-16-2-location-privacy","status":"publish","type":"post","link":"https:\/\/mjtsai.com\/blog\/2023\/02\/01\/bypassing-ios-16-2-location-privacy\/","title":{"rendered":"Bypassing iOS 16.2 Location Privacy"},"content":{"rendered":"

Rodrigo Ghedin<\/a>:<\/p>\n

iFood, Brazilian largest food delivering app evaluated at USD 5.4 billion<\/a>, was accessing his location when not open\/in use, bypassing an iOS setting that restrict an app’s access to certain phone’s features. Even when the reader completely denied location access to it, iFood’s app continued to access his phone’s location.<\/p>\n

[…]<\/p>\n

An educated guess was revealed by iOS 16.3 release notes<\/a>, launched on January 23th. Apple mentions a security issue in Maps in that “an app may be able to bypass Privacy preferences”.<\/p><\/blockquote>\n\n

Via Nick Heer<\/a>:<\/p>\n

\n

I do not want to spread fear or uncertainty, but it is hard to believe iFood would be the only app interested in using location data even if the user has opted out of it. There were several<\/a> privacy-related bugs fixed in this most recent round of operating system updates.<\/p>\n<\/blockquote>\n\n

John Gruber<\/a>:<\/p>\n

\n

If the iFood app was really doing this, why is it still in the App Store? If circumventing location privacy by exploiting a bug doesn’t get you kicked out of the store, what does?<\/p>\n<\/blockquote>\n\n

Previously:<\/p>\n