“The strange, unintuitive way Bluetooth and Wi-Fi toggles work in iOS 11 has drawn ire from many quarters,” Mark Wycislik-Wilson reports for BetaNews. “The latest voice is that of digital rights group the Electronic Frontier Foundation (EFF) which says that the ‘off-ish’ setting now offered is misleading.”
“Apple has changed the behaviour of the two toggles so that when they are flicked to the off position, the Bluetooth and wireless radios are not actually switched off. EFF says that this is ‘bad for user security’ and calls for greater clarity from Apple,” Wycislik-Wilson reports. As EFF points out, recent Bluetooth vulnerabilities mean that it is good practice to disable both Wi-Fi and Bluetooth when not in use. The group goes on to reiterate the problem introduced in iOS11 so that flicking the toggles to the off position actually just disconnects from networks and devices.”
Read more in the full article here.
MacDailyNews Take: Apple sometimes makes questionable choices (see iPhone X’s notch and Apple TV’s Siri Remote, for just two examples).
EFF’s statement, with which we agree, verbatim:
Turning off your Bluetooth and Wi-Fi radios when you’re not using them is good security practice (not to mention good for your battery usage). When you consider Bluetooth’s known vulnerabilities, it’s especially important to make sure your Bluetooth and Wi-Fi settings are doing what you want them to. The iPhone’s newest operating system, however, makes it harder for users to control these settings.
On an iPhone, users might instinctively swipe up to open Control Center and toggle Wi-Fi and Bluetooth off from the quick settings. Each icon switches from blue to gray, leading a user to reasonably believe they have been turned off—in other words, fully disabled. In iOS 10, that was true. However, in iOS 11, the same setting change no longer actually turns Wi-Fi or Bluetooth “off.”
Instead, what actually happens in iOS 11 when you toggle your quick settings to “off” is that the phone will disconnect from Wi-Fi networks and some devices, but remain on for Apple services. Location Services is still enabled, Apple devices (like Apple Watch and Pencil) stay connected, and services such as Handoff and Instant Hotspot stay on. Apple’s UI fails to even attempt to communicate these exceptions to its users.
It gets even worse. When you toggle these settings in the Control Center to what is best described as “off-ish,” they don’t stay that way. The Wi-Fi will turn back full-on if you drive or walk to a new location. And both Wi-Fi and Bluetooth will turn back on at 5:00 AM. This is not clearly explained to users, nor left to them to choose, which makes security-aware users vulnerable as well.
The only way to turn off the Wi-Fi and Bluetooth radios is to enable Airplane Mode or navigate into Settings and go to the Wi-Fi and Bluetooth sections.
When a phone is designed to behave in a way other than what the UI suggests, it results in both security and privacy problems. A user has no visual or textual clues to understand the device’s behavior, which can result in a loss of trust in operating system designers to faithfully communicate what’s going on. Since users rely on the operating system as the bedrock for most security and privacy decisions, no matter what app or connected device they may be using, this trust is fundamental.
In an attempt to keep you connected to Apple devices and services, iOS 11 compromises users’ security. Such a loophole in connectivity can potentially leave users open to new attacks. Closing this loophole would not be a hard fix for Apple to make. At a bare minimum, Apple should make the Control Center toggles last until the user flips them back on, rather than overriding the user’s choice early the next morning. It’s simply a question of communicating better to users, and giving them control and clarity when they want their settings off—not “off-ish.”