Fair enough "if" data are not being sent to Apple server. But for a hackers perspective, this is a point of vulnerability and attack. If a hacker can find a way to capture the data in memory or by any other means then they can create an app that does not request location services but still can access your location data. And this is a much more dangerous type of attack because user are confident that there location are not being accessed by third party app but the truth is they are dead wrong.
Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
New iPhones Access Location Info When Settings are Disabled Due to Ultra Wideband, Toggle Coming in Future Update
- Thread starter MacRumors
- Start date
- Sort by reaction score
At the end of the day, the fact that a feature is functional doesn't mean much if it has zero impact on the user of the device. That applies here. You're referring to cases where a feature is used and abused!
For a company that touts privacy and provides an option to disable location services there is an expectation that when location services are disabled, location services are not used and the data not logged. That is the privacy violation. I turn off location services because I do not want that information collected (on device or otherwise) and I expect that it will not be because Apple brags about its privacy... Only to find that, in fact, Apple is actually using location services and possibly storing that data on my device. It's that simple. Apple provides an option to turn something off that doesn't turn something off.
If someone were to gain access to my device, what other information is Apple recording on there that I don't want people (or even myself) to have?
Edit: Again, my original point is that Apple's whole "Opps, sorry.. We'll fix that," after things are public is the real issue here.
Last edited:
That is weird, because I never see the wifi turn on, enven when it’s in AP mode ?
I have some functions like I told before, but it doesn’t allow me to check battery level or auto unlock the mac ?
I also have the battery bug on my MBP 15” from late 2013, but have blocked trustd to see if it makes a difference. Haven’t crashed the last two days ? Have had the battery bug for at least a year, because I remember it came with mojave ?
That was a side track. It is actually new for the watch to connect to my devices over Bluetooth. Maximum a month ?
[automerge]1575598825[/automerge]
I don’t have a cellular ?
not a single sane person will manually tap on each app's location setting to off. this issue affects 0 actual customers.
take off your tinfoil hat.
It's not a big deal right now, but there are legitimate concerns in China like health insurers knowing what everyone is buying, so people are on guard.
I really don't care as long as we haven't addressed the real problem: Without location services enabled, cell service by itself reveals your realtime location to the cell carrier with pretty good accuracy, and it's been proven repeatedly that they intentionally give that info to other parties.
[automerge]1575603792[/automerge]
One of the guidelines is not to use Apple's private APIs, and another is to not allow downloading of apps, so...
Last edited:
I’d say if One finds any of this a legitimate concern to them, they shouldn’t be using smartphones or be in the Internet.
[automerge]1575604050[/automerge]
No they aren’t.
This was driving my nuts when I first got my iPhone 11. I couldn't figure out what was accessing my location. Glad I have an explanation now.
So airplane mode no longer works? Let them explain this to the FAA.
Ignorance can make you a victim
One scenario is a burglar able to get your real time location and with that information he/she can steal things in your home without having to worry that you might suddenly comes home. This already happened in FB, someone posted in their FB account that they will be out for a week for a vacation and when they came home they found out that they are victim to burglary.
This is just but one scenario why it is a legitimate concern.
Doesn't seem like anything of the sort happened here.
Why doesn't it work?
[automerge]1575605147[/automerge]
By that logic anything on the device has always been at risk since much more sensitive data stored on the device could then supposedly be similarly accessed, completely unrelated to this one particular system service using location services.
What does that have to do with anything related to this particular scenario? Location data and all kinds of other important data has been stored on devices forever, and if that can be somehow accessed by someone it's certainly an issue, but that kind of concern has been there last year, the year before, a decade before, and pretty much always.Ignorance can make you a victim
One scenario is a burglar able to get your real time location and with that information he/she can steal things in your home without having to worry that you might suddenly comes home. This already happened in FB, someone posted in their FB account that they will be out for a week for a vacation and when they came home they found out that they are victim to burglary.
This is just but one scenario why it is a legitimate concern.
Something like hacking can certainly be a concern, it's just not one that's anything new or somehow specifically associated with anything here.
Last edited:
Exactly how many times has this happened in the real world. (Except for the stupid use of Facebook to broadcast your location)Ignorance can make you a victim
One scenario is a burglar able to get your real time location and with that information he/she can steal things in your home without having to worry that you might suddenly comes home. This already happened in FB, someone posted in their FB account that they will be out for a week for a vacation and when they came home they found out that they are victim to burglary.
This is just but one scenario why it is a legitimate concern.
Lots of leaps of faith. Wearing a tin foil hat is just as bad as ignorance.
To me this is not a real concern. Hacking into my phone I’m not worried about. Ymmv.
I know you love Apple and you will defend it to the death but it is what it is, this feature is a vector of attack.
If this feature means that when the location service is turn off it is not really turn off in kernel or core os level but only restrict apps from accessing it but some other system apps can still use location services then that is something that can be exploited.
The way I see it is its a compromise, either totally turn off location services and loss some features and functionality or always turn it on and just restrict apps from accessing it but exposes the system to exploit.
Last edited:
I have no idea what you think you know about anyone or why you think you need to somehow make some sort of an assumed statement about it, but trying hard to somehow make things unnecessarily personal in some way only undermines anything you might have to actually say.
It doesn't appear any that any of this is any more a vector of attack than any other location service that has been present on the iPhone for a long time. There's no exploit that is present in relation to it. Not sure where any of this supposed information is coming from.
Last edited:
Well, I am sorry if I insulted you. It was never my intention to do so.
To dismiss right away that this vector of attack is not present is concerning specially that this feature is not tested by time yet. This is a new feature for all new iPhones including iPhone 11. I believe this is in preparation for the their new device that lets you find your lost items. Recently Apple has been releasing a lot of patches to resolve bugs and software issues. I am saying all this without bias or malice against Apple, this is simply an observation in a security context perspective nothing more nothing less. Like I said before, you may dismiss it but it is what it is.
That makes no sense.
If they didn't want to "get caught", they wouldn't have shown the location services icon. They only "got caught" in the first place because their very own software explicitly said that location services are being used.
[automerge]1575628604[/automerge]
That's a huge leap that has nothing to do with the article. Yes, it's hypothetically possible that an attacker could circumvent location services. But that's not what's happening here.
Even if an attacker were to create an app that uses UWB to retrieve location, they'd still use location services to retrieve the data. It would still show up in the status bar. It would still require the user's consent.
Last edited:
But I thought no data was being logged if you turn off location services completely? I’m curious why you think it’s a privacy violation for something that is on device and can only be accessed by you (or the on device hardware/software). Apple never said they‘re fixing anything. Providing a toggle isn’t an admission of guilt. It’s just to shut up the tin foil hat crowd who probably shouldn’t be using smartphones or the internet if they’re that worried someone is always tracking them.
App Store guidlines are for App Store apps. Does this mean iOS can't use any private API because App Store doesn't allow it.
I am not sure if there is a public API for UWB right now. I believe there is no public API yet because if there is the developers should be the first to notice this feature.
I know this is all theoretical but this is in the realm of possibilities given that iOS 13 is showing a few bugs right after its release. The attack that i am imagining is not on the UWB because that would be pointless but on the system process/apps that keeps on requesting location information. If i am not mistaken what Apple is trying to say is that location service is always on and is never turned off. What the system does is restrict all apps from accessing it except for the app or service that checks whether to turn off or on UWB depending on the region the device currently is on. With that an attacker then targets that system apps or service that keeps on requesting location information. If such attack is successful then a malicious app can actually monitor your location information even if it is restricted by the system.
Another issue is, while location service is running and providing location data to this system apps/service are data being saved locally even though they are not sent remotely? This is important because privacy does not only means sending private information remotely but saving private information locally. Like a GPS in your car. If you don't want someone to know where you have been you should totally turn off your cars GPS tracking system. Same with this issue, if someone steal your phone then opens it using FaceID by scanning a 3d print of your face (im not sure if its possible
) then does a forensic data/analysis on it then they will be able to map out where you have been and possibly what you have been doing. You would say this is a far fetched scenario or a James Bond or Jason Bourne like story but for a journalist this can be an issue specially if she/he is meeting a source and does not want to be track he/she should have the option to do so.Anyway, I know its hard to swallow because you would think I am just bashing Apple or I am an Apple hater
but I am not, I dislike some of their practices and products but I like some of them too, but for me when it comes to data security and privacy I tend to be open minded, critical and avoid being bias.
Last edited:
"Saying that you don't care being spied cause you don't have anything to hide, is like saying you don't care about speech censorship cause you don't have anything to say." - Edward Snowden
It’s not that. Sometimes the path between theory and reality are light years apart. Sometimes not. That’s what makes conjectures and hypotheticals interesting. Any imagined scenario can become reality in an instant....
Anyway, I know its hard to swallow because you would think I am just bashing Apple or I am an Apple hater