Security researcher Brian Krebs said in a report Tuesday that Apple’s iPhone 11 Pro models may continue to collect and transmit location data when users disable optional location service settings, a behavior that could pose a potential security risk,media outlet AppleInsider reported.
Krebs demonstrated the activity in a video captured on the 11 Pro running Apple’s latest iOS 13.2.3 software, which continues to collect GPS data for certain applications and system services despite manually disabling the location services in iPhone Settings. The iPhone 11 Pro searches for GPS data even if the app’s location service is set to Never.
“But obviously, there are some system services that require location data on this model (and possibly other iPhone 11 models), and users can’t disable it if the location service isn’t turned off completely, because the arrow icon will appear regularly even after all system services are disabled individually.” Krebs explains.
As the movie shows, Apple’s iOS Location Service indicator (a small arrow icon indicating recent or currently in use GPS data) appears next to apps and services that have been manually disabled in Settings.
In iOS, users can enable and disable system location services through the user interface provided in the Privacy section of the Settings app. The management device is very granular and controls first- and third-party applications, basic iOS services, and other Apple features. These tools have been enhanced in iOS 13 to greatly increase user control over data sharing and reduce the likelihood of unexpected location tracking.
Previously, third-party applications could request persistent device location data at the initial setup, but iOS 13 removed the feature. In addition, when always online tracking is manually enabled in the Settings menu, a pop-up window periodically appears to alert the user to the configuration and provide the option to turn it off.
Apple does not impose the same restrictions on its apps, but will inform the iPhone owner of its location service practices in the software user agreement.
Krebs can’t spot potential security issues on the iPhone 8. It is unclear whether Apple’s iPhone 11 will run in the same way.
Krebs believes the strange activity may be related to the new iPhone hardware launched to support the Wi-Fi 6, but this theory has not been proven.