I am not sure if there is a public API for UWB right now. I believe there is no public API yet because if there is the developers should be the first to notice this feature.
The attack that i am imagining is not on the UWB because that would be pointless but on the system process/apps that keeps on requesting location information.
If such attack is successful then a malicious app can actually monitor your location information even if it is restricted by the system.
Another issue is, while location service is running and providing location data to this system apps/service are data being saved locally even though they are not sent remotely? This is important because privacy does not only means sending private information remotely but saving private information locally.
Anyway, I know its hard to swallow because you would think I am just bashing Apple or I am an Apple hater
App Store guidlines are for App Store apps. Does this mean iOS can't use any private API because App Store doesn't allow it.
There's really no insult, just basically some irrelevant personal commentary that at the very least needlessly takes away from the discussion.Well, I am sorry if I insulted you. It was never my intention to do so.
To dismiss right away that this vector of attack is not present is concerning specially that this feature is not tested by time yet. This is a new feature for all new iPhones including iPhone 11. I believe this is in preparation for the their new device that lets you find your lost items. Recently Apple has been releasing a lot of patches to resolve bugs and software issues. I am saying all this without bias or malice against Apple, this is simply an observation in a security context perspective nothing more nothing less. Like I said before, you may dismiss it but it is what it is.
But I thought no data was being logged if you turn off location services completely?
I’m curious why you think it’s a privacy violation for something that is on device and can only be accessed by you (or the on device hardware/software).
I turn off location services because I do not want that information collected (on device or otherwise) and I expect that it will not be [...] Apple provides an option to turn something off that doesn't turn something off.
not a single sane person will manually tap on each app's location setting to off.
What doesn't currently work correctly there in relation to that?But the real issue is Apple's handling of this stuff. If I turn something off, let's turn it off, don't just pretend. Then they issue a statement saying, "Oops, our bad," when it shoudn't have happened in the first place.
Yes, that's theoretically possible, but for whatever it's worth, there hasn't been a single incident of this in 12 and a half years of third-party apps on iOS.
There are instances of breaking out of the sandbox altogether / jailbreaking, sure.
That's true, but I would argue it's circular reasoning. If an app can circumvent the privacy mechanism, it can circumvent the privacy mechanism. But for that to happen, a lot of failsafes would need to be overridden. It's not impossible, but it's not very likely, and this story and/or the U1 chip don't really make it any more likely.
There's definitely local storage of private information, sure. Maybe on flash storage, and almost certainly in RAM.
However, it doesn't follow that apps can actually access this information. iOS is heavily sandboxed.
Nah. Your concerns are valid, if a bit far-fetched. I just don't see what any of your scenarios have to do with this particular story.
Bugs in location services are concerning. But this particular bug actually has location services working exactly right: it alerts the user that location data is being accessed. Which is unexpected, as there isn't a separate toggle or at least label in Settings that would say as much.
There is no toggle for this particular service, so there isn't an option that says its off when it's not off.But like I said before the issue is not about UWB but about location service is always on even if in the UI side it says its off.
That seems unrelated to any of this.It is possible to escape a sandbox as demonstrated in a hacking competition in 2017 where a group of hackers found an exploit in Edge browser and use it to escape the guest os remotely and gain access to the host os.
Logic like that doesn't really make much sense. It's along the lines of proving a negative when the positive hasn't even been shown to be true or real.And also, just because there is no public information about a certain exploit doesn't mean it does not exist.
You’re missing the point. People care more about the broken promise. “Privacy bla bla, customer bla bla”. They keep babbling about it then secretly track you. Why should I thrust Apple in the future?Come on, do people really not think Apple doesn't know where every iPhone is at all times, who it's registered to, etc.? Even with it off I assume they can turn it on remotely, listen, you name it. To think otherwise is just naive. I have an iPhone and couldn't care less what they track on me, but I guess if you're paranoid or cooking meth or having affairs then it might bother you.
Your iPhone tracking your location is normal because [insert tech jargon here] BUT since you found out we'll just stop tracking your location for real this time.
What a joke
How are they tracking you? Aside from a separate dedicated switch specifically for that one service not being there currently what's different about this and pretty much any other location services that have been in iOS for a long time when it comes to supposed tracking?You’re missing the point. People care more about the broken promise. “Privacy bla bla, customer bla bla”. They keep babbling about it then secretly track you. Why should I thrust Apple in the future?
Which people care? I personally don't care, nor do I think there is anything nefarious behind this, or can lead to some type of data leak, or that this is the broken promise of Apple privacy.You’re missing the point. People care more about the broken promise. “Privacy bla bla, customer bla bla”. They keep babbling about it then secretly track you.
You don't and maybe you shouldn't. Maybe the better question that I would ask is, do I believe that Apple is walking the walk and talking the talk when it comes to privacy, even though every little "i" isn't yet dotted and "t" crossed? Answer: Yes.Why should I thrust Apple in the future?
the issue is not about UWB but about location service is always on even if in the UI side it says its off.
Yup your right the icon is showing but all the toggle for location services is OFF. Confusing.Err, did you read the article at all? The UI shows it being on.
It's a service that doesn't have a toggle yet.Yup your right the icon is showing but all the toggle for location services is OFF. Confusing.
It shows it has a toggle to disable Location Services.. I dont have an iPhone but I watch the source of this article and it has a video showing this issue.It's a service that doesn't have a toggle yet.
There's nothing not to trust. It's a service that doesn't have a separate toggle which will be added. Turning off all location services still works, just as turning off different individual ones does too.I have never ever trusted these on/off toggle options on smartphones and in particularly the Android ones but now it's seems like Apple is on board as well. I can see China doing stuff like this amongst other states and countries but this is not good to come from Apple
https://www.forbes.com/sites/gordon...-privacy-security-ios-13-update/#1123fb4b72af
I trust Apple over Google but just hope that Apple does not take Google and Window’s path down the same paths that they do where end users pretty much have no privacy.There's nothing not to trust. It's a service that doesn't have a separate toggle which will be added. Turning off all location services still works, just as turning off different individual ones does too.
Doesn't seem like this is really affecting privacy in this case. More of a service that didn't get an individual end-user toggle.I trust Apple over Google but just hope that Apple does not take Google and Window’s path down the same paths that they do where end users pretty much have no privacy.
My point is that the chip is useless at the moment. There are no use cases for it (besides a marginally upgraded airdrop).What is your legitimate privacy concern being griped about? Explain with facts not Apple opinion this or that.
If the ultra-wideband chip can only function in certain countries due to licensing issues, and the chip says to the processor, check gps location, am I in country x? No? Ok good I will stay on. And keeps doing that to check status to turn the UWB chip on or off.
If all of that stays on device, what is the legitimate privacy concern there?