Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
New iPhones Access Location Info When Settings are Disabled Due to Ultra Wideband, Toggle Coming in Future Update
- Thread starter MacRumors
- Start date
- Sort by reaction score
If there were a separate public API for UWB, it would undoubtedly depend on Location Services.
We know in theory that that is true, because it would be consistent with how iOS third party access to location information has always worked. And we know for a fact, too, that that is true, because location services going active is how this story broke in the first place.
Yes, that's theoretically possible, but for whatever it's worth, there hasn't been a single incident of this in 12 and a half years of third-party apps on iOS.
There are instances of breaking out of the sandbox altogether / jailbreaking, sure.
That's true, but I would argue it's circular reasoning. If an app can circumvent the privacy mechanism, it can circumvent the privacy mechanism. But for that to happen, a lot of failsafes would need to be overridden. It's not impossible, but it's not very likely, and this story and/or the U1 chip don't really make it any more likely.
There's definitely local storage of private information, sure. Maybe on flash storage, and almost certainly in RAM.
However, it doesn't follow that apps can actually access this information. iOS is heavily sandboxed.
Anyway, I know its hard to swallow because you would think I am just bashing Apple or I am an Apple hater
Nah. Your concerns are valid, if a bit far-fetched. I just don't see what any of your scenarios have to do with this particular story.
Bugs in location services are concerning. But this particular bug actually has location services working exactly right: it alerts the user that location data is being accessed. Which is unexpected, as there isn't a separate toggle or at least label in Settings that would say as much.
[automerge]1575637306[/automerge]
Apple should strive to try and follow those guidelines wherever possible (it's not always possible), in order to ensure a level playing field.
There's really no insult, just basically some irrelevant personal commentary that at the very least needlessly takes away from the discussion.
As far as the topic, there's really nothing to dismiss as there really isn't anything that indicated any exploits or even potential for some sort of exploits or anything else of that sort.
If you are simply worried in general about anything new or just anything in general, that's certainly your prerogative, but that on its own doesn't mean there's actually something to it and something to actually worry about. That type of worry can apply to basically anything and everything, so it wouldn't really be surfaced just by this one particular use of location services as it would apply to any use of location services (or pretty much any other functionality) that has been around in iOS for a long time.
Last edited:
Had Apple *NOT* done the checking to make sure ultra-wideband was not used where it's prohibited... someone would have been arrested or fined for using ultra-wideband in a restricted area and they would have tried to start a class-action suit against Apple for not staying within the law. It's one of those cases where someone is going to point the bad-guy finger at Apple no matter which way they decide in one of these cases.
Perhaps. If I've learned anything from my years of using a computer there's an absolute ton of meta data that is logged. It doesn't matter whether I'm digging through a macOS, Debian, or Windows machine; the amount of information that is recorded significant.
I addressed that my concern in my previous comment:
At the end of the day, I wouldn't use UWB so turning off location services for it and having that chip disabled would be completely fine with me.
But the real issue is Apple's handling of this stuff. If I turn something off, let's turn it off, don't just pretend. Then they issue a statement saying, "Oops, our bad," when it shoudn't have happened in the first place.
No, of course not, that would be silly since there's a master toggle switch at the top of that settings page to turn the whole thing off. And, yes, on all but one of my devices that switch is in fact set to Off. The only device that has location services enabled is the one that I use for GPS navigation and on that device the only app that has access to location services is Maps.
There hasn't been a single incident in 12 years because this is a new feature. UWB is only present in new iPhones. Although its not a new tech but I believe Apple is the first to implement this. But like I said before the issue is not about UWB but about location service is always on even if in the UI side it says its off.
It is possible to escape a sandbox as demonstrated in a hacking competition in 2017 where a group of hackers found an exploit in Edge browser and use it to escape the guest os remotely and gain access to the host os.
And also, just because there is no public information about a certain exploit doesn't mean it does not exist.
There is no toggle for this particular service, so there isn't an option that says its off when it's not off.
[automerge]1575677656[/automerge]
That seems unrelated to any of this.
[automerge]1575677777[/automerge]
Logic like that doesn't really make much sense. It's along the lines of proving a negative when the positive hasn't even been shown to be true or real.
Your iPhone tracking your location is normal because [insert tech jargon here] BUT since you found out we'll just stop tracking your location for real this time.
What a joke
What a joke
You’re missing the point. People care more about the broken promise. “Privacy bla bla, customer bla bla”. They keep babbling about it then secretly track you. Why should I thrust Apple in the future?
How are they tracking you? Aside from a separate dedicated switch specifically for that one service not being there currently what's different about this and pretty much any other location services that have been in iOS for a long time when it comes to supposed tracking?
Which people care? I personally don't care, nor do I think there is anything nefarious behind this, or can lead to some type of data leak, or that this is the broken promise of Apple privacy.
You don't and maybe you shouldn't. Maybe the better question that I would ask is, do I believe that Apple is walking the walk and talking the talk when it comes to privacy, even though every little "i" isn't yet dotted and "t" crossed? Answer: Yes.
And obviously there is wide range of opinions on MR.
I wondered if it has been considered that with iOS 13 that there is a background process that enables FindMy devices even if they are off network, presumably when stolen and in range of other iOS devices. I think most people would want this capability enabled. Hopefully if this new toggle affects this capability, Apple will make it clear.
https://bgr.com/2019/06/06/ios-13-features-how-find-my-app-tracks-an-offline-iphone-or-mac/
https://bgr.com/2019/06/06/ios-13-features-how-find-my-app-tracks-an-offline-iphone-or-mac/
Yup your right the icon is showing but all the toggle for location services is OFF. Confusing.
It shows it has a toggle to disable Location Services.. I dont have an iPhone but I watch the source of this article and it has a video showing this issue.
Let me try to watch it again.
I guess your right..
I have never ever trusted these on/off toggle options on smartphones and in particularly the Android ones but now it's seems like Apple is on board as well. I can see China doing stuff like this amongst other states and countries but this is not good to come from Apple
https://www.forbes.com/sites/gordon...-privacy-security-ios-13-update/#1123fb4b72af
https://www.forbes.com/sites/gordon...-privacy-security-ios-13-update/#1123fb4b72af
There's nothing not to trust. It's a service that doesn't have a separate toggle which will be added. Turning off all location services still works, just as turning off different individual ones does too.
I trust Apple over Google but just hope that Apple does not take Google and Window’s path down the same paths that they do where end users pretty much have no privacy.
Doesn't seem like this is really affecting privacy in this case. More of a service that didn't get an individual end-user toggle.
My point is that the chip is useless at the moment. There are no use cases for it (besides a marginally upgraded airdrop).
