**This article was originally posted as a LinkedIn Article on 12/06/2019. The original material can be found here: https://www.linkedin.com/pulse/update-krebsonsecurity-iphone-11-pro-polls-location-even-maser/
**This article follows up on the one written on 12/05/2019 with additional details provided by Apple.
Earlier this week, KrebsOnSecurity published a post regarding a peculiar finding related to their iPhone 11 product line in which the device would continue to poll for location even when all of the individual applications had their location services turned off. For additional detail about this finding, including a link to the KrebsOnSecurity finding, click the link below.
Apple responded with a technical explanation of what is occurring. It turns out that Apple’s implementation of Ultra-WideBand (UWB) technology includes a function to check the phone’s location periodically. This location polling data appears to not leave the phone for processing, storage, or analytics, but rather is utilized to ensure compliance with several regulatory requirements governing the implementation of UWB technology.
Ultra-WideBand services are disallowed in several locations in the United States and other countries. By periodically polling for the device location, Apple is able to adhere to these regulatory requirements by disabling UWB while in these restricted areas. Apple’s explanation came in a response to an inquiry by TechCrunch: “iOS uses Location Services to help determine if an iPhone is in these prohibited locations in order to disable ultra wideband and comply with regulations… The management of ultra wideband compliance and its use of location data is done entirely on the device and Apple is not collecting user location data.”
Apple came under pressure to explain what was occurring after an initial response to Krebs left more questions than answers. Apple’s more recent explanation is technically sound and backed up by the addition of the U1 chip in the newest line of iPhones which enables the Ultra-WideBand functionality.
It seems that a large portion of the headache caused by this news could have been avoided if Apple had quickly released the technical explanation of what was occurring when they were originally asked. TechCrunch has also reported that Apple intends to introduce a clearly labeled toggle switch in Settings to address this functionality. While that is an excellent step, the real lesson that Tim Cook and Co. should be hearing is that security and privacy are both important, and the consumer marketplace is going to be seeking more answers about what data is being collected and how it is being utilized moving forward.
Today, Under Armour formalized the announcement that it will “disconnect” its smart scale product, UA Record app, and, its HealthBox line in general. Also today, Sony announced the final discontinuation of its PlayStation Vue product, slated for January 31st of this month.
The beginning of the year is always my favorite time to be able to reflect on where we’ve been and where I think we may be going in the upcoming year. This past Monday, I got to speak with many young adults thinking about entering the technology field at my local high school’s career fair. I was lucky enough to be able to speak with these engaged young minds about these predictions and others that they may see in the years before they enter the workforce.
Security researcher Brian Krebs found something interesting when investigating the functionality of the iPhone 11 Pro’s Location Services: it was still polling for the user’s location data even when all individual location services were disabled but the main Location Services toggle is left on.