- Apple's new iPhone 11 Pro and its new operating system, iOS 13, might be susceptible to a new privacy bug.
- An investigation by KrebsOnSecurity has found that the iPhone 11 Pro tracks user location even when requests for data location information have been set to ‘never'.
- The tech giant has responded saying, "We do not see any actual security implications."
The investigation by KrebsOnSecurity revealed that there might be a possible privacy bug in the new iPhone 11 Pro. The phone's main location data service — while turned on — should not be tracking user location when every app is set to ‘never' request location information.
Defying Apple's privacy policy
According to Apple's privacy policy, as long as location services are turned on, the iPhone will "periodically send the geo-tagged locations of nearby Wi-Fi hotspots and cell towers (where supported by a device) in an anonymous and encrypted form to Apple."
But it goes on to add, "You can also disable location-based system services by tapping on ‘System Services' and turning off each location-based system service."
This means that if location services for all individual apps are turned off, then there should be no reasons for any location data to be shared.
According to the analysis, the problem persists on the new iPhone Pro or devices with iOS13 or both. No evidence of such behaviour has been found on older iPhone models.
Not an ‘actual security implication'
Apple is big on privacy, so much so that they had a billboard hoarding that said, "What happens on your iPhone stays on your iPhone," at CES 2019 just to take a jibe at Google. Even their most recent commercials also emphasise the importance of personal data and privacy choices.
But when KerbsOnSecurity contacted Apple about the issue on 13 November they responded saying, "We do not see any actual security implications."
"It is expected behaviour that the Location Services icon appears in the status bar when Location Services is enabled. The icon appears for system services that do not have a switch in Settings," they added.
But if some system services aren't listed in the settings, a user won't be able to completely disable location-based system services — ever.
KerbsOnSecurity isn't the only one to notice the glitch. It has also been reported by other users on Apple's support forum.
This isn't the first time that iOS 13's location privacy settings have been troublesome. In September this year, Fast Company reported that the operating system would not accept ‘never' access location as a command. It automatically kept changing it back to ‘ask next time'.
Apple quickly released a patch to fix the problem, but it seems like another one might be on the horizon.
See also:
Here are all of the new products Apple is expected to launch next year
Apple's iOS 13 shows the company is finally listening to users in India
Apple Store to arrive in India, most likely on the shores of Mumbai