Apple has said that the iPhone 11 family is using location data to regulate Ultra Wideband emissions, but is not collecting the data, and everything is being done on-device.
Apple has issued a statement to AppleInsider and other venues in response to security researcher Brian Krebs discovering that the iPhone 11 Pro appears to periodically utilize its GPS module to gather location data in the face of user wishes.
"Ultra Wideband technology is an industry standard technology and is subject to international regulatory requirements that require it to be turned off in certain locations. iOS uses Location Services to help determine if iPhone is in these prohibited locations in order to disable Ultra Wideband and comply with regulations."
"The management of Ultra Wideband compliance and its use of location data is done entirely on the device and Apple is not collecting user location data."
As evidenced by Krebs' research, Apple's iOS location services indicator, a small arrow icon that denotes recent or current use of GPS data, appears next to apps and services that have been manually disabled in Settings. Krebs was unable to replicate the potential security issue on an iPhone 8 — which makes sense now, given Apple's statement about UWB management.
Apple said at the time that the Location Services notification to users was by design — but wasn't specific as to why.
"We do not see any actual security implications," an Apple engineer said. "It is expected behavior that the Location Services icon appears in the status bar when Location Services is enabled. The icon appears for system services that do not have a switch in Settings."
In iOS 13, users can enable and disable system location services in the Privacy > Location Services section of the Settings app. Control is highly granular, with toggles available for first- and third-party apps, basic iOS services, and other Apple features. Additions in iOS 13 greatly enhance user control over data sharing features and reduces the possibility of inadvertent location tracking features.
Apple has also said that it will allow users to toggle the feature completely off in a future update. However, roll-out of that toggle appears to be related to government requirements which aren't presently under review in the US at least — so when this will be provided to users isn't clear at this time.
35 Comments
Oops our bad. We’re installing an update, that turns off the status bar arrow (but will continue to track you).
How to turn a mole hill into a mountain.
Step 1. Implement a function. Tell no on about it.
Step 2. Have it discovered by someone outside the organization.
Step 3. Retroactively explain, then offer an opt out.
Opt out after the fact gives the impression that "we're only offering an opt out because someone found out what we're doing". Unnecessary self infliction.
Apple stop punching yourself in the nuts. The optics are always worse when "caught" doing something. That vaunted Marketing department could have easily preemptively spun this as a security and safety bullet point of the 11 series and 100% we would have had multiple articles extolling the virtues of UWB geofencing. Not a negative peep would have been heard.
Can someone explain me this: “However, roll-out of that toggle appears to be related to government requirements which aren't presently under review in the US at least”?