**This article was originally posted as a LinkedIn Article on 12/05/2019. The original material can be found here: https://bit.ly/37fb7Nb
Security researcher Brian Krebs found something interesting when investigating the functionality of the iPhone 11 Pro’s Location Services: it was still polling for the user’s location data even when all individual location services were disabled but the main Location Services toggle is left on. In this situation, ostensively, it should not be utilizing the geolocation services at all despite the core functionality remaining enabled on the device.
Apple’s privacy policies state that “If Location Services is on, your iPhone will periodically send the geo-tagged locations of nearby Wi-Fi hotspots and cell towers (where supported by a device) in an anonymous and encrypted form to Apple, to be used for augmenting this crowd-sourced database of Wi-Fi hotspot and cell tower locations.” While this language is open for interpretation, one reasonable assumption is that by leaving the functionality on at all, Apple has the right to and the intent to collect anonymized user location data for its internal research and development purposes.
However, Apple’s policy continues and states: “You can also disable location-based system services by tapping on System Services and turning off each location-based system service.” Again, this language is open for interpretation. A reasonable Apple iPhone 11 Pro user may read that and expect that by turning off all the individual Location Services, they have effectively disabled the Location Services entirely on their phone, an alternate reading of the above would indicate that in this section of the policy Apple is defining “System Services” to mean something closer to “Application Utilization of System Services.”
KrebsOnSecurity did reach out to Apple for comment. An Apple engineer responded this week by saying to Krebs “‘We do not see any actual security implications… It is expected behavior that the Location Services icon appears in the status bar when Location Services is enabled. The icon appears for system services that do not have a switch in Settings [emphasis added]'”.
I believe that Apple should at least refine the language in their policy to make it clearer to the consumer that disabling the individual Location Services for each application does not completely disable the Location Services system service and, by leaving the main Location Services toggle enabled the user is accepting Apple’s use of anonymized location data.
Today, Under Armour formalized the announcement that it will “disconnect” its smart scale product, UA Record app, and, its HealthBox line in general. Also today, Sony announced the final discontinuation of its PlayStation Vue product, slated for January 31st of this month.
The beginning of the year is always my favorite time to be able to reflect on where we’ve been and where I think we may be going in the upcoming year. This past Monday, I got to speak with many young adults thinking about entering the technology field at my local high school’s career fair. I was lucky enough to be able to speak with these engaged young minds about these predictions and others that they may see in the years before they enter the workforce.
Update: KrebsOnSecurity: iPhone 11 Pro Polls for Location Even when All Location Services Turned Off
Earlier this week, KrebsOnSecurity published a post regarding a peculiar finding related to their iPhone 11 product line in which the device would continue to poll for location even when all of the individual applications had their location services turned off.