iPhone 11 Pro discovered to still seek user location data despite settings
The discovery suggests a privacy vulnerability exists in the new flagship handset or the latest iOS, or both, KrebsOnSecurity reports.
The iPhone 11 Pro apparently has a habit of behaving in a way its users have expressly forbidden. Apple's flagship handset intermittently tries to collect people's location information, despite settings on applications and system services that indicate the data shouldn't be requested, according to a report published Tuesday by KrebsOnSecurity.
Apple's privacy policy for the iPhone's Locations Services says the handset "will periodically send the geo-tagged locations of nearby Wi-Fi hotspots and cell towers (where supported by a device) in an anonymous and encrypted form to Apple, to be used for augmenting this crowd-sourced database of Wi-Fi hotspot and cell tower locations."
The policy explains how to disable location-based services, but security reporter Brian Krebs found that some system services for the iPhone 11 Pro -- and possibly other iPhone 11 models – can't be disabled by users without turning off locations services. Krebs said his discovery suggests that a privacy vulnerability exists in either the new iPhone Pro or iOS 13 or both.
Apple has taken high-profile actions championing privacy. In 2016, for instance, it refused to alter its software so that the FBI could access an iPhone 5C tied to the San Bernardino terrorist incident, arguing that the change would create a back door to all other iPhones. Last year, it unveiled features for its Safari browser that could disable tracking tools Facebook and Twitter use to keep tabs on people's browsing habits.
Krebs said he sent a video to Apple in November that showed the phone still seeking location information when apps and system services were set to "never" request location information but main Location Data service was still active.
Apple's privacy policy explains that a small diagonal upward arrow appears to the left of the battery icon when you disable location services, but Krebs's video shows that the handset still periodically requests the data, even while the system services are disabled and the arrow icon still appears.
"We do not see any actual security implications," an Apple engineer wrote in a response to KrebsOnSecurity. "It is expected behavior that the Location Services icon appears in the status bar when Location Services is enabled. The icon appears for system services that do not have a switch in Settings."
Apple didn't immediately respond to a request for comment.