Affiliate Disclosure
If you buy through our links, we may get a commission. Read our ethics policy.

iPhone 11 Pro found to collect location data against user settings

Last updated

A report on Tuesday suggests Apple's iPhone 11 Pro, and potentially iPhone 11 models, continuously collect and transmit location data when user-selectable location services settings are disabled, behavior that could pose a potential security risk.

Outlined by security journalist Brian Krebs, iPhone 11 Pro appears to periodically ping its GPS module to gather location data in the face of user wishes.

Krebs demonstrated the activity in a video captured on an 11 Pro running Apple's latest iOS 13.2.3 software, which continues to collect GPS data for certain apps and system services despite manual disablement of individual Location Services in iPhone Settings. Interestingly, iPhone 11 Pro seeks GPS data even when an app's Location Services switch is set to "never" request said information.

Apple in a privacy policy available for perusal in iPhone's Location Services settings screen says the handset "will periodically send the geo-tagged locations of nearby Wi-Fi hotspots and cell towers (where supported by a device) in an anonymous and encrypted form to Apple, to be used for augmenting this crowd-sourced database of Wi-Fi hotspot and cell tower locations." The company states location-based system services can be disabled individually in Settings, but Krebs found iPhone or iOS makes exceptions for certain services.

"But apparently there are some system services on this model (and possibly other iPhone 11 models) which request location data and cannot be disabled by users without completely turning off location services, as the arrow icon still appears periodically even after individually disabling all system services that use location," Krebs explains.

As evidenced in the short clip, Apple's iOS location services indicator, a small arrow icon that denotes recent or current use of GPS data, appears next to apps and services that have been manually disabled in Settings.

In iOS, users can enable and disable system location services through a user interface provided in the Privacy > Location Services section of the Settings app. The management apparatus is highly granular and offers control over first- and third-party apps, basic iOS services and other Apple features. These tools were bolstered in iOS 13, which greatly enhances user control over data sharing features and reduces the possibility of inadvertent location tracking features.

Previously, third-party apps could request persistent device location data upon initial setup, but iOS 13 removes that ability. Further, when always-on tracking is manually enabled in the Settings menu, a pop-up window periodically appears to remind users of the configuration and provides an option to turn it off.

Apple does not apply those same restrictions to its own apps, but does inform iPhone owners of its location services practices in software user agreements.

Krebs was unable to replicate the potential security issue on an iPhone 8. Whether Apple's iPhone 11 operates in an identical manner is unknown.

When contacted about the possible bug that seemingly contravenes its own privacy policy, Apple said the behavior was expected.

"We do not see any actual security implications," an Apple engineer said. "It is expected behavior that the Location Services icon appears in the status bar when Location Services is enabled. The icon appears for system services that do not have a switch in Settings."

Krebs believes the curious activity might be related to new iPhone hardware introduced to support Wi-Fi 6, but that theory remains unconfirmed.

For now, the only surefire way to avoid intermittent GPS pings on iPhone 11 Pro is to completely disable Location Services in Settings. Doing so, however, renders many iPhone features useless.



47 Comments

9secondkox2 8 Years · 3148 comments

What the heck. It seems every other month a major privacy invasion of our iPhones gets discovered. It’s almost like a built in...

revolving back door. 


back foot gets discovered. Said company “patches” it - only for a new opening to be “discovered” and “patched, etc. etc. 

mcdave 19 Years · 1927 comments

Easy fix. Change the “Location Services” to “Location Access” with the explanation this is 3rd party access to the device’s location.

cpsro 14 Years · 3239 comments

N.B.

With location services disabled, 3rd parties can still get your general location, if not your specific location, from your IP address.

loopless 16 Years · 343 comments

Bad AppleInsider.   Stop posting misleading nonsense clickbait. Turn off location services. “Problem”solved. 

EsquireCats 8 Years · 1268 comments

One needs to be mindful that location controls are there to rein in:

  1. 3rd party apps that abuse this feature (privacy, ads, irrelevant location fishing, etc.), 
  2. Disablement of certain stock-features that the user doesn't want to involve themselves in for privacy/data/policy reasons.

While I think it's a good idea to pull this thread to see where it goes, phones are an inherently trackable device and coverage relies on it. Over time this has become more advanced to provide better service to the user, optimisations for the network provider and also other users of their own devices.

Additionally there is a level of consent (implied and directly granted) between the user and the device maker when the consumer makes the positive decision to buy an electronic device with such features (especially when those features are extensively marketed to entice purchase.)

So yes, while I think this should be further investigated. There is a chasm of difference between Apple using your location and a 3rd party app using your location. Equating th two is a sensationalist mistake.