iPhone 11 Pro found to collect location data against user settings
A report on Tuesday suggests Apple's iPhone 11 Pro, and potentially iPhone 11 models, continuously collect and transmit location data when user-selectable location services settings are disabled, behavior that could pose a potential security risk.
Outlined by security journalist Brian Krebs, iPhone 11 Pro appears to periodically ping its GPS module to gather location data in the face of user wishes.
Krebs demonstrated the activity in a video captured on an 11 Pro running Apple's latest iOS 13.2.3 software, which continues to collect GPS data for certain apps and system services despite manual disablement of individual Location Services in iPhone Settings. Interestingly, iPhone 11 Pro seeks GPS data even when an app's Location Services switch is set to "never" request said information.
Apple in a privacy policy available for perusal in iPhone's Location Services settings screen says the handset "will periodically send the geo-tagged locations of nearby Wi-Fi hotspots and cell towers (where supported by a device) in an anonymous and encrypted form to Apple, to be used for augmenting this crowd-sourced database of Wi-Fi hotspot and cell tower locations." The company states location-based system services can be disabled individually in Settings, but Krebs found iPhone or iOS makes exceptions for certain services.
"But apparently there are some system services on this model (and possibly other iPhone 11 models) which request location data and cannot be disabled by users without completely turning off location services, as the arrow icon still appears periodically even after individually disabling all system services that use location," Krebs explains.
As evidenced in the short clip, Apple's iOS location services indicator, a small arrow icon that denotes recent or current use of GPS data, appears next to apps and services that have been manually disabled in Settings.
In iOS, users can enable and disable system location services through a user interface provided in the Privacy > Location Services section of the Settings app. The management apparatus is highly granular and offers control over first- and third-party apps, basic iOS services and other Apple features. These tools were bolstered in iOS 13, which greatly enhances user control over data sharing features and reduces the possibility of inadvertent location tracking features.
Previously, third-party apps could request persistent device location data upon initial setup, but iOS 13 removes that ability. Further, when always-on tracking is manually enabled in the Settings menu, a pop-up window periodically appears to remind users of the configuration and provides an option to turn it off.
Apple does not apply those same restrictions to its own apps, but does inform iPhone owners of its location services practices in software user agreements.
Krebs was unable to replicate the potential security issue on an iPhone 8. Whether Apple's iPhone 11 operates in an identical manner is unknown.
When contacted about the possible bug that seemingly contravenes its own privacy policy, Apple said the behavior was expected.
"We do not see any actual security implications," an Apple engineer said. "It is expected behavior that the Location Services icon appears in the status bar when Location Services is enabled. The icon appears for system services that do not have a switch in Settings."
Krebs believes the curious activity might be related to new iPhone hardware introduced to support Wi-Fi 6, but that theory remains unconfirmed.
For now, the only surefire way to avoid intermittent GPS pings on iPhone 11 Pro is to completely disable Location Services in Settings. Doing so, however, renders many iPhone features useless.
Outlined by security journalist Brian Krebs, iPhone 11 Pro appears to periodically ping its GPS module to gather location data in the face of user wishes.
Krebs demonstrated the activity in a video captured on an 11 Pro running Apple's latest iOS 13.2.3 software, which continues to collect GPS data for certain apps and system services despite manual disablement of individual Location Services in iPhone Settings. Interestingly, iPhone 11 Pro seeks GPS data even when an app's Location Services switch is set to "never" request said information.
Apple in a privacy policy available for perusal in iPhone's Location Services settings screen says the handset "will periodically send the geo-tagged locations of nearby Wi-Fi hotspots and cell towers (where supported by a device) in an anonymous and encrypted form to Apple, to be used for augmenting this crowd-sourced database of Wi-Fi hotspot and cell tower locations." The company states location-based system services can be disabled individually in Settings, but Krebs found iPhone or iOS makes exceptions for certain services.
"But apparently there are some system services on this model (and possibly other iPhone 11 models) which request location data and cannot be disabled by users without completely turning off location services, as the arrow icon still appears periodically even after individually disabling all system services that use location," Krebs explains.
As evidenced in the short clip, Apple's iOS location services indicator, a small arrow icon that denotes recent or current use of GPS data, appears next to apps and services that have been manually disabled in Settings.
In iOS, users can enable and disable system location services through a user interface provided in the Privacy > Location Services section of the Settings app. The management apparatus is highly granular and offers control over first- and third-party apps, basic iOS services and other Apple features. These tools were bolstered in iOS 13, which greatly enhances user control over data sharing features and reduces the possibility of inadvertent location tracking features.
Previously, third-party apps could request persistent device location data upon initial setup, but iOS 13 removes that ability. Further, when always-on tracking is manually enabled in the Settings menu, a pop-up window periodically appears to remind users of the configuration and provides an option to turn it off.
Apple does not apply those same restrictions to its own apps, but does inform iPhone owners of its location services practices in software user agreements.
Krebs was unable to replicate the potential security issue on an iPhone 8. Whether Apple's iPhone 11 operates in an identical manner is unknown.
When contacted about the possible bug that seemingly contravenes its own privacy policy, Apple said the behavior was expected.
"We do not see any actual security implications," an Apple engineer said. "It is expected behavior that the Location Services icon appears in the status bar when Location Services is enabled. The icon appears for system services that do not have a switch in Settings."
Krebs believes the curious activity might be related to new iPhone hardware introduced to support Wi-Fi 6, but that theory remains unconfirmed.
For now, the only surefire way to avoid intermittent GPS pings on iPhone 11 Pro is to completely disable Location Services in Settings. Doing so, however, renders many iPhone features useless.
Comments
revolving back door.
back foot gets discovered. Said company “patches” it - only for a new opening to be “discovered” and “patched, etc. etc.
- 3rd party apps that abuse this feature (privacy, ads, irrelevant location fishing, etc.),
- Disablement of certain stock-features that the user doesn't want to involve themselves in for privacy/data/policy reasons.
While I think it's a good idea to pull this thread to see where it goes, phones are an inherently trackable device and coverage relies on it. Over time this has become more advanced to provide better service to the user, optimisations for the network provider and also other users of their own devices.Additionally there is a level of consent (implied and directly granted) between the user and the device maker when the consumer makes the positive decision to buy an electronic device with such features (especially when those features are extensively marketed to entice purchase.)
So yes, while I think this should be further investigated. There is a chasm of difference between Apple using your location and a 3rd party app using your location. Equating th two is a sensationalist mistake.
Apple has recently proved it is no different, indeed in some cases worst, then Amazon or Google or even Facebook with data collection recently. And appears to only be offering solutions once caught red handed with its hand in the cookie jar!. It really should be the polar opposite. Particularly considering all the health information the company gathers on you if you wear an Apple Watch.
Perhaps as suggested, it would be far better for Apple to be completely upfront and honest about it’s data collecting and tracking features, in plain English and not buried in cleverly worded text in a multi page end user agreement. Change it’s wording.
That way they won’t appear as the bad guys, and everyone knows where they stand. Location services are useful, just be up front with how they work.
A recent example is illustrative. Our transportation Dept wanted to understand traffic patterns on major thoroughfares. They installed Bluetooth sensors along the roadways. As cars passed these sensors, they read the Bluetooth pings, which sends the device’s Bluetooth ID. Using this information collected they were able to detect the routes taken — on ramps, off ramps, travel time between points. Now, this analysis was useful only in the aggregate for transportation planning, but if someone could map the Bluetooth ID to your particular device, they could report much about your activities on any given day.
duh.
Perhaps you could articulate how Apple is "worse" than Amazon, Google or FaceBook with respect to data collection ? That is an extraordinary claim that warrants extraordinary evidence to support it (given Amazon, Google and Facebook are 3 of the world's largest collectors of personal information, and all of them actively generate income from the personal information they collect, and two of them own two of the largest data brokerages in the world)
Second the arrows don't mean Apple has collected ANY data about location at all. Words have meaning to lets get specific - if Apple "collects" data then its sent from your device to Apple centrally, and in a form Apple can decrypt or read - ie it leaves your device in some form, and Apple itself can do something with the data. eg A lot of the "Find My" service data passes through Apple servers, but Apple can't decrypt it, as its encrypted with asymmetric keys that only exist on a users devices. So its not "collection". How "Find my" works was explained in a talk by Apple at BlackHat 2019 this year.
If a process or App running on the device does something that is requests location-related information, that does not automatically mean that Apple "collected" it. Even if data is sent to Apple, it doesn't mean Apple can read it. Saying any process triggering an arrow in the UI constitutes collection of data is wrong from both a technical and legal perspective.
Thirdly, the way that location services work, is things like monitoring for iBeacon region entry/exit, or "awareness of what country am I in" will by definition access location information.
Fourthly the arrow may not have anything to do with GPS, and the AppleInsider commentary is wrong in framing things that way. Apple devices use GPS, GLONASS, Baidu, Galileo and QZSS satellite systems, but they also use cell towers, Bluetooth and Wi-fi network mapping. All of that underlying location stuff has different levels of accuracy, and some of it works indoors, some of it only outdoors. Software doesn't access almost any of that directly - a developer usually has to set up a Core Location Manager instance to get called back when the device knows the location to the requested accuracy. eg Apple knowing what set of transit directions to supply in Maps, only requires a resolution to the city level - typically 10's of km, and wouldn't generally be considered a sensitive level of location, but it would totally trigger an arrow.
Also - take a look at apple.com/privacy - that's where their privacy policy is, and its in plain English as well !
Now having said that, Apple does need to explain what's going on here, and their response to Krebs was pretty poor, but these kind of situations aren't binary: ie an organisation isn't intrinsically either perfect, or evil, with nothing in between.