Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
×
Iphone Privacy Apple

The iPhone 11 Pro's Location Data Puzzler (krebsonsecurity.com) 74

Brian Krebs: One of the more curious behaviors of Apple's new iPhone 11 Pro is that it intermittently seeks the user's location information even when all applications and system services on the phone are individually set to never request this data. Apple says this is by design, but that response seems at odds with the company's own privacy policy. The privacy policy available from the iPhone's Location Services screen says, "If Location Services is on, your iPhone will periodically send the geo-tagged locations of nearby Wi-Fi hotspots and cell towers (where supported by a device) in an anonymous and encrypted form to Apple, to be used for augmenting this crowd-sourced database of Wi-Fi hotspot and cell tower locations."

The policy explains users can disable all location services entirely with one swipe (by navigating to Settings > Privacy > Location Services, then switching "Location Services" to "off"). When one does this, the location services indicator -- a small diagonal upward arrow to the left of the battery icon -- no longer appears unless Location Services is re-enabled. The policy continues: "You can also disable location-based system services by tapping on System Services and turning off each location-based system service." But apparently there are some system services on this model (and possibly other iPhone 11 models) which request location data and cannot be disabled by users without completely turning off location services, as the arrow icon still appears periodically even after individually disabling all system services that use location.

This discussion has been archived. No new comments can be posted.

The iPhone 11 Pro's Location Data Puzzler

Comments Filter:
  • All modern devices are going to poll your location. There're just too many useful things that can be done with it.

    If you don't trust whoever is gathering the data to use it in a benign / privacy sensitive manner, don't use the device.

    • Issue with this is, Apple claims that this doesn't happen, in fact they claim the exact opposite ("What happens on your iPhone, stays on your iPhone"). Its not as simple as "If you trust whoever is gathering the data", its the fact they are claiming they don't collect it at all, and yet here they are doing it.

      • Considering that the summery states that you can eliminate this problem by turning location services off entirely it would seem to indicate that they don't do always or automatically do it. They even ask for permission to do it, which can be denied, so it's hard to claim that Apple is being underhanded or dishonest.

        What they really should do though is decouple location services from this reporting functionality. I should be able to have location services turned on for other applications while deciding no
    • There're just too many useful things that can be done with it.

      There're just too many ways that monetizing can be done with it.

      FTFY.

      • That's true of anything useful though. Useful implies that something is valuable and monetization is just representing that value in the form of currency. If it wasn't useful or no one thought it was useful, we wouldn't even bother collecting it.
      • Except that there's no evidence that Apple is monetizing your location info, and in fact, they explicitly state that they don't keep your data (in general) for more than 6 months or something similar.
        • Re:All devices (Score:4, Informative)

          by farble1670 ( 803356 ) on Wednesday December 04, 2019 @05:55PM (#59485752)

          Except that there's no evidence that Apple is monetizing your location info, and in fact, they explicitly state that they don't keep your data (in general) for more than 6 months or something similar.

          It's it right in the TFA.

          "If Location Services is on, your iPhone will periodically send the geo-tagged locations of nearby Wi-Fi hotspots and cell towers (where supported by a device) in an anonymous and encrypted form to Apple, to be used for augmenting this crowd-sourced database of Wi-Fi hotspot and cell tower locations."

          That's Apple using location services to build a database of wifi hotspots, to be used to improve their products and services, which makes them money.

          • So, apparently your guesses are wrong.

            https://slashdot.org/comments.pl?sid=15338782&cid=59488660
        • Except that there's no evidence that Apple is monetizing your location info, and in fact, they explicitly state that they don't keep your data (in general) for more than 6 months or something similar.

          What if (deep breath) they're lying?

          • Here. For you.

            https://slashdot.org/comments.pl?sid=15338782&cid=59488660
            • That's just what they want you to believe. Since the deep state new world order secret society has taken over the gubmints, they can pass all the fake laws they want to keep us calm while the chemtrail commandos round us up and put us in the secret FEMA concentration camps. It was just on FOX News so it's gotta be true.

        • Except that there's no evidence that Apple is monetizing your location info, and in fact, they explicitly state that they don't keep your data (in general) for more than 6 months or something similar.

          The problem is the theft of data in the first instance not whether or not those doing thieving are turning a profit.

    • by spun ( 1352 )

      I have a better idea, how about crafting sensible legislation that protects user's privacy and imposes large fines on companies that misuse it?

      • What does that legislation even look like though? You might as well claim we should just develop a sensible solution to world hunger so we can be good and rid of it for a change.

        It's rather difficult to go about detecting whether or not some company is violating their users' privacy unless you allow the government unparalleled access to companies' information and could determine if you've even been given all of it since no company would just hand over incriminating documents. The government won't even ap
        • by spun ( 1352 )

          Government gets to do all sorts of things others can't. That is fair because the government is by the people, for the people, while corporations are by the rich, for the rich. I wouldn't want a private company policing me, would you? Private fire companies would be (and were) a nightmare. Some things are best done by government alone.

          As to what the legislation would look like, have you heard of HIPAA? It works fairly well at keeping your medical information private, and there is a huge profit motive for sha

          • That is fair because the government is by the people, for the people, while corporations are by the rich, for the rich.

            You can't possibly believe this.

            • by spun ( 1352 )

              Of course I do. Corporations are, on the whole, psychopathic. Government works well when we, the people are active in managing it.

              The problem is that we get lazy. Look at history, and you will find many examples of our government doing great things. We regulate the terrible behavior of "evil" types (psychopaths, narcissists, and paranoid personality disorder) and create a wealthy, prosperous society. But that prosperity causes us to become lazy, and we forget how active we had to be to create it. Evil creep

      • I have a better idea, how about crafting sensible legislation that protects user's privacy and imposes large fines on companies that misuse it?

        I can't believe I'm saying this, but I actually trust Apple a slight bit more than I trust the US, CA, or Cupertino governments.

        But I'm not buying an Apple product anytime soon, because I can no longer hold my breath waiting for sensible legislation.

        • by spun ( 1352 )

          In the USA, we have government by the people, what is known as a "democratic republic." If you don't like the way it works, you yourself can do something about it. It's not a tyranny imposed from above like Russia or China. Write your representatives, vote, get others to vote, or even run for office yourself. If things are not how you like them, and you've done nothing to rectify that fact, you are part of the problem.

          • Write your representatives, vote, get others to vote, or even run for office yourself.

            If this issue were dear enough to you, what plan would you personally enact that would end with Apple being legislated out of the ability to flick on location services to geotag cell and wifi radios?

            Maybe just a high level outline of what a letter might look like that would convince your representative(s) to do what it would take to pass such legislation, assuming they had enough to trade to get it there. Who they are and how you'd convince them to take up your cause over other lobbying efforts they may b

            • by spun ( 1352 )

              To be honest, this issue is fairly low priority for me. Maybe after we address rampant wealth inequality; our terrible, overpriced health care system, and our housing crisis I'll have more time to worry about issues like this.

              I'm just saying, claiming "all government sucks and is incapable of doing any good" is pure propaganda.

        • I have a better idea, how about crafting sensible legislation that protects user's privacy and imposes large fines on companies that misuse it?

          I can't believe I'm saying this, but I actually trust Apple a slight bit more than I trust the US, CA, or Cupertino governments.

          But I'm not buying an Apple product anytime soon, because I can no longer hold my breath waiting for sensible legislation.

          Ok, so, in the meantime, you'll (remain?) on Android, where you absolutely know your data (and not just your location!) is being mined and sold long, wide, and con-tinuously, right?

          Makes sense to me!

          • Makes complete sense. Apple charges a lot more, based on a fraud that you privacy is more protected. Sure, pay more if you like, for an illusion. Android is more open, do really it's more likely that onerous features will be discovered. Apple thrives on an opaque "trust us" closed design.

          • Ok, so, in the meantime, you'll (remain?) on Android, where you absolutely know your data (and not just your location!) is being mined and sold long, wide, and con-tinuously, right?

            https://lineageos.org/ [lineageos.org]

            Android is open source. You have a real choice.

      • I have a better idea, how about crafting sensible legislation that protects user's privacy and imposes large fines on companies that misuse it?

        The purpose of this is not collecting the location of your phone. The purpose is collecting the location of wifi routers. If Apple has the location of many WiFi routers, then your devices can figure out their location (which is something you want) by checking which WiFi routers are nearby and asking Apple for their location. That database of locations of WiFi routers needs to be updated when you move home and take your router with you, or when someone buys a brand new router.

        Here's the question: Apple s

      • I have a better idea, how about crafting sensible legislation that protects user's privacy and imposes large fines on companies that misuse it?

        I would rather see existing Anti-trust laws vigorously enforced.

        • by spun ( 1352 )

          Why not both? I mean, do you think HIPAA is a failure? It works, and compliance is not that expensive. We can protect privacy with good laws.

          • Why not both? I mean, do you think HIPAA is a failure? It works, and compliance is not that expensive. We can protect privacy with good laws.

            I disagree with this characterization. HIPPA Compliance is an extra 9 billion a year process oriented rather than results oriented tax on top of an already out of control insanely expensive health care industry.

            You can't legislate corporations into being nice because they will always outsmart and or capture the regulators. The only way to protect people is to insist upon vigorously competitive markets.

  • "...will periodically send the geo-tagged locations of nearby Wi-Fi hotspots and cell towers (where supported by a device) in an anonymous and encrypted form to Apple"

    "Anonymous", lol, sure it is. No one could ever de-anonymize data like that. It's impossible, there's no way it could ever be done. The system is totally 100% safe and will never be compromised, ever.

    • "...will periodically send the geo-tagged locations of nearby Wi-Fi hotspots and cell towers (where supported by a device) in an anonymous and encrypted form to Apple"

      "Anonymous", lol, sure it is. No one could ever de-anonymize data like that. It's impossible, there's no way it could ever be done. The system is totally 100% safe and will never be compromised, ever.

      Why would that even need "anonymizing"?

      The point of the data-collection is not to target the individual User's location; but rather the location of near-by WiFi hotspots and Cell Towers. All that is necessary to transmit is to say "An iPhone (never mind who's) located at (GPS location) can "see" WiFi Hotspots located at (their reported locations) and Cell Towers located at (their reported locations).

      Until you can prove that they are transmitting the User info, and selling/sharing it with anyone outside of w

      • then I suggest you take them at their published word.

        Why of course I will, no corporation would ever lie about what they're doing, and especially not Apple.

  • Although likely a small amount of data, this function consumes billable 4G data.
  • One swipe (Score:5, Insightful)

    by NateFromMich ( 6359610 ) on Wednesday December 04, 2019 @03:37PM (#59485334)

    with one swipe (by navigating to Settings > Privacy > Location Services, then switching "Location Services" to "off").

    Is this some new definition of "one swipe"?

    • by darkain ( 749283 )

      I just built an entire web site by pressing one key, the "enter" key... after doing literally all of the other work that doesn't count.

      • I just built an entire web site by pressing one key, the "enter" key... after doing literally all of the other work that doesn't count.

        At least that’s deterministic. I had a compiler once that took at least three tries to build the same code without errors.

      • "By holding down this special key it plays a little melody"

    • Re:One swipe (Score:4, Informative)

      by Lanthanide ( 4982283 ) on Wednesday December 04, 2019 @04:04PM (#59485422)

      Navigating != swiping.

    • It's just one swipe...after about a half dozen taps to get there.

    • with one swipe (by navigating to Settings > Privacy > Location Services, then switching "Location Services" to "off").

      Is this some new definition of "one swipe"?

      Really? Parent is "Insightful"?

      What "Insight" have we been favored with? The ability to count UI actions? Woooo...

    • Is this some new definition of "one swipe"?

      The one swipe will be Apple swiping your location data, like it or not.

  • by U8MyData ( 1281010 ) on Wednesday December 04, 2019 @03:48PM (#59485382)
    When, if ever, will they stop lying? Anonymous data, my BS meter just broke. It's only anonymous until someone wants to know.
  • They are personal tracking units. Your every move is analysed and scrutinized packaged and sold to whomever wants it.
  • QUIT TRYING to turn it off.

    We know where you live. (Really.)
  • by vix86 ( 592763 ) on Wednesday December 04, 2019 @04:44PM (#59485544)

    Google/Android has been doing this for years. This is pretty much why you can get a somewhat reasonable location in your browser if you have wi-fi on a laptop without gps.

    Here [mozilla.org] you can see Mozilla mentioning Google in the Geolocation API docs (very bottom of the page if the tag didn't work).

    Here [google.com] is a privacy policy I dug up on Google that also mentions this.

    The Firefox Geolocation Feature will make requests to Google only if you tell the feature to do so. For information about your choices, please consult the Firefox privacy policy.

    So this is basically Apple trying to build a location database all of their own so they don't have to rely on Google for location information.

    • Google/Android has been doing this for years. This is pretty much why you can get a somewhat reasonable location in your browser if you have wi-fi on a laptop without gps.

      So this is basically Apple trying to build a location database all of their own so they don't have to rely on Google for location information.

      This chronology is backwards. Apple has been doing this via Skyhook since long before Google play services even existed.

      These location tracking schemes are evil and wrong not just for those being unwittingly tracked but for the operators of WiFi APs who were never asked if they wanted their systems to be located and leveraged in this way.

    • The Firefox Geolocation Feature will make requests to Google only if you tell the feature to do so. For information about your choices, please consult the Firefox privacy policy.

      Google asks during Android setup whether you want to use enhanced location services, and explains to you that it will use WiFi APs for that purpose. So it's not a secret when Google does it, either.

    • Apple started this (with help from the EU), not Google. Google used to collect the locations of hotspots via their Google Streetview cars. In addition to driving around taking pictures of all the streets in the world, they also recorded hotspot SSIDs and their locations. That's how Google built up their database of hotspot locations which could be used to give you a position estimate when your GPS was off.

      Apple used to use a similar database leased from Skyhook [wired.com]. But in 2010 they surreptitiously change
    • by AmiMoJo ( 196126 )

      Yes, but the difference is that in Android if you turn it off it is actually off.

      Settings -> Location -> Wifi and Bluetooth Scanning

      You also have fine grained control over which apps can use location services and if any data is logged or shared with Google. You can easily verify it does what it claims to in the same way they verified that Apple are lying.

  • by backslashdot ( 95548 ) on Wednesday December 04, 2019 @04:59PM (#59485594)

    Face it, knowing your location is useless to Apple. If anything they make you feel important just by tracking it. I mean how much value can be extracted by knowing your location? Probably an F ton less than you've deluded yourself into believing.

    • "Just relax and everything will be all right "

    • Face it, knowing your location is useless to Apple. If anything they make you feel important just by tracking it. I mean how much value can be extracted by knowing your location? Probably an F ton less than you've deluded yourself into believing.

      Are you joking or is this genuinely your belief?

  • by WoodstockJeff ( 568111 ) on Wednesday December 04, 2019 @06:36PM (#59485864) Homepage

    They simply lied.

  • The policy explains users can disable all location services entirely with one swipe (by navigating to Settings > Privacy > Location Services, then switching "Location Services" to "off").

    How can this statement be true? Is there really a single swipe that goes through ALL those screens? Sometimes Apple is really full of shit...

  • They might be forced to do this.
  • New "Find My..." (Score:4, Interesting)

    by glowworm ( 880177 ) on Thursday December 05, 2019 @01:39AM (#59486704) Journal
    Before the Pro was released there was a lot of talk about how the new "Find My..." would work with crowdsourcing, transmitting encrypted location and macs so one could better find a lost device.

    https://www.wired.com/story/ap... [wired.com]

    One could guess the periodic updates are this happening.

  • You cannot opt out of profiling for the state, because that would be unlawful. Somewhere, your location history needs to be tracked and correlated against the locations of crimes and dissent against the state.

  • by the_B0fh ( 208483 ) on Thursday December 05, 2019 @02:24PM (#59488660) Homepage
    https://techcrunch.com/2019/12/05/apple-ultra-wideband-newer-iphones-location/

    From the article:

    “Ultra wideband technology is an industry standard technology and is subject to international regulatory requirements that require it to be turned off in certain locations,” an Apple spokesperson told TechCrunch. “iOS uses Location Services to help determine if an iPhone is in these prohibited locations in order to disable ultra wideband and comply with regulations.”

    “The management of ultra wideband compliance and its use of location data is done entirely on the device and Apple is not collecting user location data,” the spokesperson said.

    That seems to back up what experts have discerned so far. Will Strafach, chief executive at Guardian Firewall and iOS security expert, said in a tweet that his analysis showed there was “no evidence” that any location data is sent to a remote server.
    • Mod parent up. Ten pages of frothing conspiracy in a low-information context and finally someone just looks up the relevant regulation in the spec.

GREAT MOMENTS IN HISTORY (#7): April 2, 1751 Issac Newton becomes discouraged when he falls up a flight of stairs.

Working...