KrebsOnSecurity reports a discovery that suggests a privacy vulnerability exists in Apple’s new flagship handset, the latest iOS version, or both.
The iPhone 11 Pro apparently has a habit of behaving in a way its users have expressly forbidden. Apple’s flagship handset intermittently tries to collect people’s location information, despite settings on applications and system services that indicate the data shouldn’t be requested, according to a report published Tuesday by KrebsOnSecurity.
The policy explains how to disable location-based services, but security reporter Brian Krebs found that some system services for the iPhone 11 Pro — and possibly other iPhone 11 models – can’t be disabled by users without turning off locations services. Krebs said his discovery suggests that a privacy vulnerability exists in either the new iPhone Pro or iOS 13 or both.
MacDailyNews Take: Brian Krebs has posted a video of the issue (below) and reports:
Apple responded that the company does not see any concerns here and that the iPhone was performing as designed.
“We do not see any actual security implications,” an Apple engineer wrote in a response to KrebsOnSecurity. “It is expected behavior that the Location Services icon appears in the status bar when Location Services is enabled. The icon appears for system services that do not have a switch in Settings” [emphasis added].
Apple has not yet responded to follow-up questions, but it seems they are saying their phones have some system services that query your location regardless of whether one has disabled this setting individually for all apps and iOS system services.
Granted, the latest versions of iOS give users far more granular control over the sharing of this data than in the past, especially with respect to third-party apps. And perhaps this oddity is somehow related to adding support for super-fast new WiFi 6 routers, which may have involved the introduction of new hardware.