Originally Posted by Mario
This is a huge, huge security issue. I'm a software developer and I can already think of several abusive ways to use these APIs to track people.
Malware writers I'm sure can too. Adds a whole new meaning to the "pedofile/sexual predator" expression.
People who think they can just turn it off by using some setting in the preferences are really naive.
And yes, I can write malware today that will send me your IP address, and I could locate the city you are in and your ISP, but I still can't quite pin point where your house is.
This is just taking it a step further. I hope Apple know that the direction they are taking is scary.
Perhaps it really is a good time to be looking into switching to Linux for all computing before it becomes illegal to own one.
I agree with you, I usually don't mind the government methods of tracking people as things like security cameras, phone tapping etc are proven to catch criminals. People will say 'oh wait no they're not, studies have found that is not the case' but they are.
Stuff like CoreLocation just isn't needed and most certainly adds a security risk. Sexual predators are a good example that people are dismissing too easily.
You can't track an IP address down that easily but geographical co-ordinates can pinpoint you to within meters. A global preference would set a plist setting that can be turned on by a simple 3rd party app. If the developer kit is open for 3rd party apps, which I would image it should be then it can be exploited to send the locations out over the internet.
Think of this scenario:
- kid logs on to some IM program or whatever they are into these days, bebo or mysace
- predator logs on and messages them with a file to open, which may be a file like this one:http://www.macworld.com/article/4945.../leapafaq.html
- instead of installing malware, it simply executes code to turn on the location sending plist setting if it's off and push out the co-ordinates within just one chat session
- if it's a video chat, they have a face and a location within a few meters and this will come enabled on every Mac by default
- if you assume that people are smart enough to know to turn it off, check the Safari preferences and tell me if open safe files after downloading is turned off on your machine. That comes enabled by default on Macs.
I think it's most definitely a security risk. The iphone is different because it's sandboxed and predators can't send malware to people on an iphone. Not to mention, it's mobile so the location isn't completely accurate and also has no way of sending video chats, just photos manually.
The single advantage is that you would possibly know where your stolen laptop is, but a thief can certainly just turn the feature off as no-one is sending them malware to turn it on.
When it comes to the camera in the screen feature Apple are rumored to be working on, I can see how that would be convenient despite having some privacy concerns. However, I don't see any benefit in having CoreLocation on a computer system beyond maybe using maps on a laptop somewhere but even then, they should just allow you to use those features on your iphone as well as the internet connection by plugging it into a laptop. It sells more iphones too.