For a company that prizes itself on its privacy credentials, Apple received a bit of a bloody nose earlier this week when long-time security journalist Brian Krebs revealed the iPhone 11 Pro intermittently seeks the user’s location — even when there are no applications with location permissions in use.
In recent years, Apple has heavily marketed the iPhone as a more secure and private alternative to Google's Android operating system. The fact that Cupertino's latest mobile periodically pings cell towers and GPS satellites to figure out where the user is, regardless of their settings, is obviously at odds with that messaging.
Krebs asked Apple, which said it didn't see any cause for concern. "We do not see any actual security implications," one Apple engineer said. "It is expected behavior that the Location Services icon appears in the status bar when Location Services is enabled. The icon appears for system services that do not have a switch in Settings.”
This lead the infoseccer to conclude that it was a deliberate feature within iOS. "It seems they are saying their phones have some system services that query your location regardless of whether one has disabled this setting individually for all apps and iOS system services," he wrote.
Look at me! Phone industry contracts nasty case of 5g-itisREAD MORE
That was a good guess. Earlier today, Apple confirmed the feature was part of its ultra-wideband technology, which is part of its flagship U1 chip available across its latest handset lineup. Apple claims this gives its devices "spatial awareness" to see where other ultra-wideband devices are.
Why would you need this? Apple touts the ability to give directionally aware suggestions to people using AirDrop to share files between devices. It is also believed that the technology will play a role in its upcoming Tile-style object tracking kit.
The problem is, ultra-wideband tech is heavily regulated (PDF), and there are certain parts of the world where you can't use it.
"Ultra-wideband technology is an industry standard technology and is subject to international regulatory requirements that require it to be turned off in certain locations," Apple told TC. "iOS uses Location Services to help determine if an iPhone is in these prohibited locations in order to disable ultra-wideband and comply with regulations."
Cupertino added that all location data pertaining to ultra-wideband compliance is processed on the device, with nothing sent to Apple's servers.
Further, Apple said it also planned on releasing a toggle to deactivate ultra-wideband — and thus the intermittent location tracking — in a future iOS update.
That said, it's awfully strange that Apple took the best part of the week to confirm this.
Well, it is, and it isn't. Apple, as we know first-hand at El Reg, is notoriously opaque. It only shares what it wants to share — and, of course, what gets leaked from its notoriously porous supply chain.
If Apple addressed people's concerns sooner, there would have been far less speculation about this mysterious (and ultimately innocuous) behaviour. ®