Apple's use of Location Services data tied to UWB management & federal guidelines

Posted:
in iPhone edited December 2019
Apple has said that the iPhone 11 family is using location data to regulate Ultra Wideband emissions, but is not collecting the data, and everything is being done on-device.

iPhone 11 Pro


Apple has issued a statement to AppleInsider and other venues in response to security researcher Brian Krebs discovering that the iPhone 11 Pro appears to periodically utilize its GPS module to gather location data in the face of user wishes.
"Ultra Wideband technology is an industry standard technology and is subject to international regulatory requirements that require it to be turned off in certain locations. iOS uses Location Services to help determine if iPhone is in these prohibited locations in order to disable Ultra Wideband and comply with regulations."

"The management of Ultra Wideband compliance and its use of location data is done entirely on the device and Apple is not collecting user location data."
As evidenced by Krebs' research, Apple's iOS location services indicator, a small arrow icon that denotes recent or current use of GPS data, appears next to apps and services that have been manually disabled in Settings. Krebs was unable to replicate the potential security issue on an iPhone 8 -- which makes sense now, given Apple's statement about UWB management.

Apple said at the time that the Location Services notification to users was by design -- but wasn't specific as to why.

"We do not see any actual security implications," an Apple engineer said. "It is expected behavior that the Location Services icon appears in the status bar when Location Services is enabled. The icon appears for system services that do not have a switch in Settings."

In iOS 13, users can enable and disable system location services in the Privacy > Location Services section of the Settings app. Control is highly granular, with toggles available for first- and third-party apps, basic iOS services, and other Apple features. Additions in iOS 13 greatly enhance user control over data sharing features and reduces the possibility of inadvertent location tracking features.

Apple has also said that it will allow users to toggle the feature completely off in a future update. However, roll-out of that toggle appears to be related to government requirements which aren't presently under review in the US at least -- so when this will be provided to users isn't clear at this time.
«1

Comments

  • Reply 1 of 35
    Oops our bad. We’re installing an update, that turns off the status bar arrow (but will continue to track you).
    williamlondon
  • Reply 2 of 35
    Mike WuertheleMike Wuerthele Posts: 6,262administrator
    ralphie said:
    Oops our bad. We’re installing an update, that turns off the status bar arrow (but will continue to track you).
    Except not, as the location data isn't being sent to Apple?
    StrangeDaysmike1williamlondonJFC_PAmaltzlostkiwichasmbeowulfschmidtcharlesatlaswatto_cobra
  • Reply 3 of 35
    How to turn a mole hill into a mountain.
    Step 1.  Implement a function.  Tell no on about it.
    Step 2.  Have it discovered by someone outside the organization.
    Step 3.  Retroactively explain, then offer an opt out.

    Opt out after the fact gives the impression that "we're only offering an opt out because someone found out what we're doing".  Unnecessary self infliction.

    Apple stop punching yourself in the nuts.  The optics are always worse when "caught" doing something.  That vaunted Marketing department could have easily preemptively spun this as a security and safety bullet point  of the 11 series and 100% we would have had multiple articles extolling the virtues of UWB geofencing.  Not a negative peep would have been heard.
    minicoffeecy_starkmanwilliamlondonmuthuk_vanalingamlostkiwidysamoriagilly33jony0
  • Reply 4 of 35
    Can someone explain me this: “However, roll-out of that toggle appears to be related to government requirements which aren't presently under review in the US at least”?
    watto_cobra
  • Reply 5 of 35
    How to turn a mole hill into a mountain.
    Step 1.  Implement a function.  Tell no on about it.
    Step 2.  Have it discovered by someone outside the organization.
    Step 3.  Retroactively explain, then offer an opt out.

    Opt out after the fact gives the impression that "we're only offering an opt out because someone found out what we're doing".  Unnecessary self infliction.

    Apple stop punching yourself in the nuts.  The optics are always worse when "caught" doing something.  That vaunted Marketing department could have easily preemptively spun this as a security and safety bullet point  of the 11 series and 100% we would have had multiple articles extolling the virtues of UWB geofencing.  Not a negative peep would have been heard.
    It seems to me it’s others turning a mole hill into a mountain. It’s almost like tech media and security researchers want people to be in a constant state of panic or freakout.  It’s like when the news came out that Google was working with a big hospital system on analytics. Big freak out in tech media even though the number of people at Google working on this project was small and everything was HIPPA compliant. 
    randominternetpersonCarnagegilly33
  • Reply 6 of 35
    How to turn a mole hill into a mountain.
    Step 1.  Implement a function.  Tell no on about it.
    Step 2.  Have it discovered by someone outside the organization.
    Step 3.  Retroactively explain, then offer an opt out.

    Opt out after the fact gives the impression that "we're only offering an opt out because someone found out what we're doing".  Unnecessary self infliction.

    Apple stop punching yourself in the nuts.  The optics are always worse when "caught" doing something.  That vaunted Marketing department could have easily preemptively spun this as a security and safety bullet point  of the 11 series and 100% we would have had multiple articles extolling the virtues of UWB geofencing.  Not a negative peep would have been heard.
    It seems to me it’s others turning a mole hill into a mountain. It’s almost like tech media and security researchers want people to be in a constant state of panic or freakout.  It’s like when the news came out that Google was working with a big hospital system on analytics. Big freak out in tech media even though the number of people at Google working on this project was small and everything was HIPPA compliant. 
    Exactly. It used to be that when people discovered questionable things, they would ask the company for an explanation. Now, let’s just spread it all over social media first and create FUD.
    randominternetpersonrogifan_newStrangeDayschasmCarnagegilly33watto_cobrarepressthisjony0
  • Reply 7 of 35
    lkrupplkrupp Posts: 9,471member
    ralphie said:
    Oops our bad. We’re installing an update, that turns off the status bar arrow (but will continue to track you).
    You didn’t or can’t read the article?
    randominternetpersonwilliamlondonJFC_PAlostkiwichasmgilly33watto_cobrarepressthisjony0
  • Reply 8 of 35
    How to turn a mole hill into a mountain.
    Step 1.  Implement a function.  Tell no on about it.
    Step 2.  Have it discovered by someone outside the organization.
    Step 3.  Retroactively explain, then offer an opt out.

    Opt out after the fact gives the impression that "we're only offering an opt out because someone found out what we're doing".  Unnecessary self infliction.

    Apple stop punching yourself in the nuts.  The optics are always worse when "caught" doing something.  That vaunted Marketing department could have easily preemptively spun this as a security and safety bullet point  of the 11 series and 100% we would have had multiple articles extolling the virtues of UWB geofencing.  Not a negative peep would have been heard.
    It seems to me it’s others turning a mole hill into a mountain. It’s almost like tech media and security researchers want people to be in a constant state of panic or freakout.  It’s like when the news came out that Google was working with a big hospital system on analytics. Big freak out in tech media even though the number of people at Google working on this project was small and everything was HIPPA compliant. 
    Exactly. It used to be that when people discovered questionable things, they would ask the company for an explanation. Now, let’s just spread it all over social media first and create FUD.
    Yes, social media, which tracks people far more effectively than any Apple device ever could. 
    edited December 2019 lostkiwigilly33watto_cobrarepressthisjony0
  • Reply 9 of 35
    How to turn a mole hill into a mountain.
    Step 1.  Implement a function.  Tell no on about it.
    Step 2.  Have it discovered by someone outside the organization.
    Step 3.  Retroactively explain, then offer an opt out.

    Opt out after the fact gives the impression that "we're only offering an opt out because someone found out what we're doing".  Unnecessary self infliction.

    Apple stop punching yourself in the nuts.  The optics are always worse when "caught" doing something.  That vaunted Marketing department could have easily preemptively spun this as a security and safety bullet point  of the 11 series and 100% we would have had multiple articles extolling the virtues of UWB geofencing.  Not a negative peep would have been heard.
    It seems to me it’s others turning a mole hill into a mountain. It’s almost like tech media and security researchers want people to be in a constant state of panic or freakout.  It’s like when the news came out that Google was working with a big hospital system on analytics. Big freak out in tech media even though the number of people at Google working on this project was small and everything was HIPPA compliant. 
    Those are two different sides of the coin.  The media is always going to react with hyperbole.  It's what it does.  It's how it drives views.  It's the media and it's always going to overreact.  I know it.  You know.  More importantly, Apple knows it.  As I said, the UWB issue could have easily been presented in a positive light.  There would have been no reason for anyone to freakout.  An old adage comes to mind: ounce of prevention or a pound of cure.  The media is never going to change, but Apple can always smartly handle the narrative around their activities.  This is another instance where they didn't.
    williamlondonmuthuk_vanalingamlostkiwi
  • Reply 10 of 35
    SoliSoli Posts: 10,030member
    How to turn a mole hill into a mountain.
    Step 1.  Implement a function.  Tell no on about it.
    Step 2.  Have it discovered by someone outside the organization.
    Step 3.  Retroactively explain, then offer an opt out.

    Opt out after the fact gives the impression that "we're only offering an opt out because someone found out what we're doing".  Unnecessary self infliction.

    Apple stop punching yourself in the nuts.  The optics are always worse when "caught" doing something.  That vaunted Marketing department could have easily preemptively spun this as a security and safety bullet point  of the 11 series and 100% we would have had multiple articles extolling the virtues of UWB geofencing.  Not a negative peep would have been heard.
    It seems to me it’s others turning a mole hill into a mountain. It’s almost like tech media and security researchers want people to be in a constant state of panic or freakout.  It’s like when the news came out that Google was working with a big hospital system on analytics. Big freak out in tech media even though the number of people at Google working on this project was small and everything was HIPPA compliant. 
    That sounds like what he's saying. Apple's certainly not trying to make a mountain of this. It's about being proactive. For example, you may have no intention of being unfaithful toward your significant other and the very thought of that is offensive and insulting, but that doesn't mean you put yourself in a position where the optics look bad and seeds of doubt can be sewn, Because of human nature so you think ahead so that potential issues are mitigated before they are even exist.
    edited December 2019 CloudTalkinmuthuk_vanalingamchasmwatto_cobra
  • Reply 11 of 35
    So, the answer is a toggle to turn off ultra wideband?
  • Reply 12 of 35
    Mike WuertheleMike Wuerthele Posts: 6,262administrator
    Can someone explain me this: “However, roll-out of that toggle appears to be related to government requirements which aren't presently under review in the US at least”?
    There is no federal effort underway to dial back UWB geofencing requirements. Basically, US, UK, Canadian, French, and Spanish law, at a minimum, require that geofencing. Therefore, Apple's implementation of that toggle is likely related to that, unless it shuts off UWB entirely with that toggle.
    edited December 2019 watto_cobra
  • Reply 13 of 35
    Apple brought this on themselves. They displayed an icon in the status bar that by their own definition means location data is being used. It was just a matter of time before someone asked why this was happening despite individual location switches being turned off. 

    Apple markets iPhone as a privacy focused device. They put themselves in that position, no one else. Their choice. They put up billboards that read “what happens on iPhone stays on iPhone” (which is actually a lie). So they can bet that people will scrutinise them to the end of the earth about those claims. 
    muthuk_vanalingam
  • Reply 14 of 35
    It just goes to show lots of people don't understand Apple's privacy pledge. Apple wants to do everything not to know about you or your location. In this case, Apple doesn't collect your location info and send it back to Apple's servers or anyone else's, it's all on your iPhone. Even with a UWB switch, you can switch it off. I think that when you decide to switch it back on, the iPhone has to check its location to decide whether it can switch it on. Will you consider that's a violation of your privacy too? 
    StrangeDays
  • Reply 15 of 35
    mr lizard said:
    Apple brought this on themselves. They displayed an icon in the status bar that by their own definition means location data is being used. It was just a matter of time before someone asked why this was happening despite individual location switches being turned off. 

    Apple markets iPhone as a privacy focused device. They put themselves in that position, no one else. Their choice. They put up billboards that read “what happens on iPhone stays on iPhone” (which is actually a lie). So they can bet that people will scrutinise them to the end of the earth about those claims. 
    But according to their claims
    The management of Ultra Wideband compliance and its use of location data is done entirely on the device and Apple is not collecting user location data.
    This particular bugaboo is one of the things that lines up with their marketing. ;)   The marketing may not hold true in every instance, but here it does.  Unless you think they're lying.

  • Reply 16 of 35
    How to turn a mole hill into a mountain.
    Step 1.  Implement a function.  Tell no on about it.
    Step 2.  Have it discovered by someone outside the organization.
    Step 3.  Retroactively explain, then offer an opt out.

    Opt out after the fact gives the impression that "we're only offering an opt out because someone found out what we're doing".  Unnecessary self infliction.

    Apple stop punching yourself in the nuts.  The optics are always worse when "caught" doing something.  That vaunted Marketing department could have easily preemptively spun this as a security and safety bullet point  of the 11 series and 100% we would have had multiple articles extolling the virtues of UWB geofencing.  Not a negative peep would have been heard.
    Nah. Non-issue. No one will care in a week after it rolls off the front page. Not everything is a PR crisis, despite the desperate handwringing of those who always will. 
    edited December 2019 watto_cobra
  • Reply 17 of 35
    flydogflydog Posts: 1,005member
    How to turn a mole hill into a mountain.
    Step 1.  Implement a function.  Tell no on about it.
    Step 2.  Have it discovered by someone outside the organization.
    Step 3.  Retroactively explain, then offer an opt out.

    Opt out after the fact gives the impression that "we're only offering an opt out because someone found out what we're doing".  Unnecessary self infliction.

    Apple stop punching yourself in the nuts.  The optics are always worse when "caught" doing something.  That vaunted Marketing department could have easily preemptively spun this as a security and safety bullet point  of the 11 series and 100% we would have had multiple articles extolling the virtues of UWB geofencing.  Not a negative peep would have been heard.
    Under your absurd standard, Apple would need to disclose the existence of hundreds of thousands of background and service functions that are necessary for iOS to function, and which (as was the case here) are not used to spy or track users. 

    While we're at it, while not force Apple to release a hundred billions lines of source code so we can verify whether there is anything there that might be used to spy on us?

    Just FYI, mobile phones were doing this for years before the iPhone ever existed. It's nothing new. Get a grip on reality. 



    badmonkwatto_cobra
  • Reply 18 of 35
    flydog said:
    How to turn a mole hill into a mountain.
    Step 1.  Implement a function.  Tell no on about it.
    Step 2.  Have it discovered by someone outside the organization.
    Step 3.  Retroactively explain, then offer an opt out.

    Opt out after the fact gives the impression that "we're only offering an opt out because someone found out what we're doing".  Unnecessary self infliction.

    Apple stop punching yourself in the nuts.  The optics are always worse when "caught" doing something.  That vaunted Marketing department could have easily preemptively spun this as a security and safety bullet point  of the 11 series and 100% we would have had multiple articles extolling the virtues of UWB geofencing.  Not a negative peep would have been heard.
    Under your absurd standard, Apple would need to disclose the existence of hundreds of thousands of background and service functions that are necessary for iOS to function, and which (as was the case here) are not used to spy or track users. 

    While we're at it, while not force Apple to release a hundred billions lines of source code so we can verify whether there is anything there that might be used to spy on us?

    Just FYI, mobile phones were doing this for years before the iPhone ever existed. It's nothing new. Get a grip on reality. 



    Your hot taek is hyperbolic and ironically, a perfect example of what absurd really looks like.  This is case specific.  Apple highlights the granular control customers have over location services.  It's not unreasonable to expect there not to have hidden caveats to that granularity.  It was an unnecessary omission.  

    So you should probably 1. understand what you read and reply accordingly.  2. take a deep deep breath and ease up on the silly rhetoric.  3. at least have a modicum of understanding regarding the topic of the article.  Based on your comment, you have absolutely no idea what we're all discussing. 

    Proof that you have no idea what you're talking about here:
    Just FYI, mobile phones were doing this for years before the iPhone ever existed. It's nothing new. Get a grip on reality. 
    Since this is the case - according to your infinite wisdom- I'm sure you can point to one such phone.  Naaaaaaaaaaaaaah, who am I kidding.  I know you lied and made up some nonsense.  Apple is the first smartphone vendor to implement UWB tech in their smartphones and they only did it in 2019 with the 11 series.  So maybe you should take your own advice and get a grip on reality.
    edited December 2019 muthuk_vanalingamyuck9
  • Reply 19 of 35
    How to turn a mole hill into a mountain.
    Step 1.  Implement a function.  Tell no on about it.
    Step 2.  Have it discovered by someone outside the organization.
    Step 3.  Retroactively explain, then offer an opt out.

    Opt out after the fact gives the impression that "we're only offering an opt out because someone found out what we're doing".  Unnecessary self infliction.

    Apple stop punching yourself in the nuts.  The optics are always worse when "caught" doing something.  That vaunted Marketing department could have easily preemptively spun this as a security and safety bullet point  of the 11 series and 100% we would have had multiple articles extolling the virtues of UWB geofencing.  Not a negative peep would have been heard.
    Nah. Non-issue. No one will care in a week after it rolls off the front page. Not everything is a PR crisis, despite the desperate handwringing of those who always will. 
    No one said it was a big issue or a PR crisis.  It kinda seems you didn't understand the context of the comment.  The jist is this was a wholly avoidable issue.  Not every issue has to be judged as if it's Spinal Tap Turnt Up to 11.
    muthuk_vanalingamgatorguy
  • Reply 20 of 35
    davidwdavidw Posts: 1,330member
    flydog said:
    How to turn a mole hill into a mountain.
    Step 1.  Implement a function.  Tell no on about it.
    Step 2.  Have it discovered by someone outside the organization.
    Step 3.  Retroactively explain, then offer an opt out.

    Opt out after the fact gives the impression that "we're only offering an opt out because someone found out what we're doing".  Unnecessary self infliction.

    Apple stop punching yourself in the nuts.  The optics are always worse when "caught" doing something.  That vaunted Marketing department could have easily preemptively spun this as a security and safety bullet point  of the 11 series and 100% we would have had multiple articles extolling the virtues of UWB geofencing.  Not a negative peep would have been heard.
    Under your absurd standard, Apple would need to disclose the existence of hundreds of thousands of background and service functions that are necessary for iOS to function, and which (as was the case here) are not used to spy or track users. 

    While we're at it, while not force Apple to release a hundred billions lines of source code so we can verify whether there is anything there that might be used to spy on us?

    Just FYI, mobile phones were doing this for years before the iPhone ever existed. It's nothing new. Get a grip on reality. 



    Your hot taek is hyperbolic and ironically, a perfect example of what absurd really looks like.  This is case specific.  Apple highlights the granular control customers have over location services.  It's not unreasonable to expect there not to have hidden caveats to that granularity.  It was an unnecessary omission.  

    So you should probably 1. understand what you read and reply accordingly.  2. take a deep deep breath and ease up on the silly rhetoric.  3. at least have a modicum of understanding regarding the topic of the article.  Based on your comment, you have absolutely no idea what we're all discussing. 

    Proof that you have no idea what you're talking about here:
    Just FYI, mobile phones were doing this for years before the iPhone ever existed. It's nothing new. Get a grip on reality. 
    Since this is the case - according to your infinite wisdom- I'm sure you can point to one such phone.  Naaaaaaaaaaaaaah, who am I kidding.  I know you lied and made up some nonsense.  Apple is the first smartphone vendor to implement UWB tech in their smartphones and they only did it in 2019 with the 11 series.  So maybe you should take your own advice and get a grip on reality.
    I think the OP meant that cell phones has been giving away it's location, way before the iPhone came along. Not that cell phones were using UWB before the iPhone. 

    Just what do you think a cell phone pinging the nearest towers is doing? And that's been around way before the iPhone. Even when you're not using the phone, it will ping the nearest tower at regular intervals of non-use. It might be every 15 minute or every hour or every 2 hours or what ever the service provider program. But it will ping whether you know it or not, so long as the phone is powered on. 

    Now your service provider, who keeps this data, is not using this data in order to track you, but law enforcement can and have (with a court order). It's not as accurate as GPS but can show, that your phone at least, was in a certain area by way of tower triangulation. Could be within a square block or a square mile or a square 10 miles. It depends on how many towers are in the area. 

    Now why does your provider need for your cell phone to ping a tower every so often ...... so that when you have an incoming call, they don't have to search for your phone, every where they provide their service. They first search for your phone in the area where it was last used or where it last received a ping from your phone. The more often your phone pings a tower, the less time and effort, it takes for your provider to find your phone and make the connection.

    If you drove from SF to LA in 6 hours, and the last call you made before arriving in LA, was in SF, your provider would be wasting their time looking for your phone in SF, 3 hours into your drive. Put if your phone was still on and pings a tower every 1/2 hour or so, while driving, they would know that you are no longer in SF and concentrate in the area where they received the last ping from your phone. 

    If your provider don't receive a ping from your phone after so many hours, it will assume that you are in an area with no reception or you turned off your phone and will then  send the incoming call directly to voice mail. Your phone will always ping a tower if there's reception and will ping once it establishes a reception, after a period of no reception.  So long as it's on. And will ping a tower every time you power on and off your phone, whether you used it or not.    

    Now back in the days before the iPhone, this data wasn't of interest to anyone but the providers and law enforcement. But now of days with the likes of Google, Facebook, Amazon, Microsoft, cell phone makers and other data mining businesses, using location data for marketing purpose is big money. Specially now that it has gotten infinity more accurate with GPS. And yet, no one seems to be making a big deal about service providers collecting location data for their own internal operational use, by way of cell constantly pinging towers ..... unless it involves Apple. 
    badmonk
Sign In or Register to comment.