Apple: No apps circumvented user privacy controls

iPhone location services

According to a report from February 1, there was a security vulnerability in Apple Maps that could have allegedly allowed an app to bypass a user's privacy controls.

A blogger had claimed at least one firm had exploited the flaw, based on a reader who believed that a local company was monitoring his location on iOS 16.2.

Specifically, the iFood app was said to have been tracking the user. Even at the time of the report, it wasn't clear if this was the case, which, presumably, is why Apple started looking into the matter.

In a Friday statement to AppleInsider and other venues, Apple said that iOS was never at risk, and the app didn't circumvent privacy controls set by users.

At Apple, we firmly believe users should choose when to share their data and with whom. Last week we issued an advisory for a privacy vulnerability that could only be exploited from unsandboxed apps on macOS. The codebase that we fixed is shared by iOS and iPadOS, tvOS, and watchOS, so the fix and advisory was propagated to those operating systems as well, despite the fact that they were never at risk.

The suggestion that this vulnerability could have allowed apps to circumvent user controls on iPhone is false.

A report also incorrectly suggested an iOS app was exploiting this or another vulnerability to bypass user control over location data. Our follow up investigation concluded that the app was not circumventing user controls through any mechanism.

Apple has a web page that lists various security updates for the newest versions of its operating systems.