05
Dec 19

Apple Explains Mysterious iPhone 11 Location Requests

KrebsOnSecurity ran a story this week that puzzled over Apple‘s response to inquiries about a potential privacy leak in its new iPhone 11 line, in which the devices appear to intermittently seek the user’s location even when all applications and system services are individually set never to request this data. Today, Apple disclosed that this behavior is tied to the inclusion of a short-range technology that lets iPhone 11 users share files locally with other nearby phones that support this feature, and that a future version of its mobile operating system will allow users to disable it.

I published Tuesday’s story mainly because Apple’s initial and somewhat dismissive response — that this was expected behavior and not a bug — was at odds with its own privacy policy and with its recent commercials stating that customers should be in full control over what they share via their phones and what their phones share about them.

But in a statement provided today, Apple said the location beaconing I documented in a video was related to Ultra Wideband technology that “provides spatial awareness allowing iPhone to understand its position relative to other Ultra Wideband enabled devices (i.e. all new iPhone 11s, including the Pro and Pro Max).

Ultra-wideband (a.k.a UWB) is a radio technology that uses a very low energy level for short-range, high-bandwidth communications of a large portion of the radio spectrum without interfering with more conventional transmissions.

“So users can do things like share a file with someone using AirDrop simply by pointing at another user’s iPhone,” Apple’s statement reads. The company further explained that the location information indicator (a small, upward-facing arrow to the left of the battery icon) appears because the device periodically checks to see whether it is being used in a handful of countries for which Apple hasn’t yet received approval to deploy Ultra Wideband.

“Ultra Wideband technology is an industry standard technology and is subject to international regulatory requirements that require it to be turned off in certain locations,” the statement continues. “iOS uses Location Services to help determine if iPhone is in these prohibited locations in order to disable Ultra Wideband and comply with regulations. The management of Ultrawide Band compliance and its use of location data is done entirely on the device and Apple is not collecting user location data.”

Apple’s privacy policy says users can disable all apps and system services that query the user’s location all at once by toggling the main “Location Services” option to “off.” Alternatively, it says, users can achieve the same results by individually turning off all System Services that use location in the iPhone settings.

What prompted my initial inquiry to Apple about this on Nov. 13 was that the location services icon on the iPhone 11 would reappear every few minutes even though all of the device’s individual location services had been disabled.

“It is expected behavior that the Location Services icon appears in the status bar when Location Services is enabled,” Apple stated in their initial response. “The icon appears for system services that do not have a switch in Settings” [emphasis added].

Now we know more about at least one of those services. Apple says it plans to include the option of a dedicated toggle in System Services to disable the UWB activity in an upcoming update of its iOS operating system, although it didn’t specify when that option might be available.

The one head-scratcher remaining is that the new iPhone seems to check whether it’s in a country that allows UWB fairly frequently, even though the list of countries where this feature is not yet permitted is fairly small, and includes Argentina, Indonesia and Paraguay. A complete list of countries where iPhones can use UWB is here. The principal remaining concern may be that these periodic checks unnecessarily drain the iPhone 11’s battery.

It is never my intention to create alarm where none should exist; there are far too many real threats to security and privacy that deserve greater public attention and scrutiny from the news media. However, Apple does itself and its users no favors when it takes weeks to respond (or not, as my colleague Zack Whittaker at TechCrunch discovered) to legitimate privacy concerns, and then does so in a way that only generates more questions.

Tags: , , , ,

42 comments

  1. Sounds like a bull*cough&t answer from Apple to me. I translate it to mean ‘oops, we got caught’

    • That sounds right to me. I’m sad there’s no way to upvote comments here.

      • Got caught – doing nothing actually in any way harmful, by their own status indicator light showing status in nitpickingly honest detail.

        • Every some minutes is very often.
          Legislation doesn’t change that fast.

          Who knows what else they want to know.
          Is this “Ultra Wide band” thingy a SDR?

          Wonderful to map the world’s radios of many kinds.
          In real time.
          I dream come true, for certain people.

          Who knows what the complete capabilities of said thingy are?

  2. With respect Brian,

    Your previous article / report of a POTENTIAL privacy leak in its new iPhone 11 line a legitimate call and (in my opinion) not a fake alarm.

    Thanks for the update (and keeping us informed!)

  3. It’s a feature, not a bug…riiighht….

  4. The Sunshine State

    Over priced tracking device !

    • Eric Goebelbecker

      Yep.

      Savvy shoppers should stick with Android, the lower-priced tracking device that doesn’t even pretend to be anything else.

      • As if Android doesn’t do the same or worse since their company is based on using your data to make money. Tried the Pixel 4 moving from iPhone XS and i can say it was a huge downgrade. Battery life is much worse, UX is nowhere near as good as iOS, the list goes on.

        • If you want to trust your data to a company that has consistently lied or misinformed their users, then feel free to stay and defend your choice.

          Yes, Android devices can use your information for selling ads if you consent to it (you can always replace Google services).

          So do i-devices, but they just don’t tell you about it. APL still sells ads — they’re the sole provider really, since everyone has to go through them. Next time, take a look at how eerily accurate the ads are in this supposed “privacy focused” device.

      • Just grab a decent Android device and replace Google’s espionage system with LineageOS or SailfischOS ((beforehand of course you checked the availability of a custom ROM for your device)).
        By this you regain complete control over everything your phone does.

      • Yep, if you want absolute certainty about the degree to which your privacy is compromised, use Android.

  5. Wouldn’t it make more sense, from both a privacy and a battery life perspective, to only perform this check when UWB functions are expected to occur? The OS knows when it wants to enable AirDrop (and similar functions that might exist). Why not just do the check at that point?

    Before anyone says that this will degrade performance in those scenarios, let me say that anytime I use AirDrop it takes a few seconds before I can find the person I’m sending to. It’s not like it’s an instantaneous experience today. An extra second or two to determine whether I suddenly popped up in Paraguay wouldn’t degrade the performance so much. Even if it did, an extra couple of seconds is worth the privacy enhancement, at least to me.

    As for Apple’s denial about actually collecting this data, all I will say is that several tech giants have denied collecting personal data in the past, only to be proven untruthful later on. Trust is earned, and none of the tech giants are worthy of our full trust at this point in history.

    • Agreed! TNO!
      I’m only a wannabe IT guy, I don’t have any mini computer(aka “smart” phone), but I think it’s all a bit “shady”.

    • I am assuming UWB wants to announce its presence to neighbors, hence a ping of sorts. This sounds like a white space technology. That is it uses spectrum known not to be in use in a particular area. That however can be very localized such as in who is broadcasting on what TV channel, so the location is needed if you want to ping.

      Personally I turn off anything I can on my phone that announces my presence such as Bluetooth and wifi.

    • I think the check is performed routinely because it requires both the sender and reciever to have their UWB chips communicating to each other.
      e.g. if I wanted to Airdrop you something and I pointed my iPhone at you there would need to have been a location check on both phones to enable each phone’s UWB chip.
      I do trust that they’re not collecting data from this (because they can collect location data from so many other services such as Maps, or ‘iPhone Analytics’, or ‘System Customization’).
      It’s interesting how much attention this is drawing considering how much data is sent back home regardless of that location setting, not just on iPhones but any smartphone really.
      If you really want to get your privacy guns blazing then search up ‘”iphone device trust score”.

    • I think the check is performed routinely because it requires both the sender and receiver to have their UWB chips communicating to each other.
      e.g. if I wanted to Airdrop you something and I pointed my iPhone at you there would need to have been a location check on both phones to enable each phone’s UWB chip.
      I do trust that they’re not collecting data from this (because they can collect location data from so many other services such as Maps, or ‘iPhone Analytics’, or ‘System Customization’).
      It’s interesting how much attention this is drawing considering how much data is sent back home regardless of that location setting, not just on iPhones but any smartphone really.
      If you really want to get your privacy guns blazing then search up ‘”iphone device trust score”.

  6. How many country borders can one cross in a few minutes? The polling frequency seems…a bit high to be purely for regulatory compliance.

    • “ How many country borders can one cross in a few minutes? The polling frequency seems…a bit high to be purely for regulatory compliance.”

      On foot? Probably 1.
      By automobile? Depends on the size of the country & where you are.
      By airplane? Probably quite a few.

      • In an airplane flying at cruising altitude, the passengers are not subject to the individual regulations of each flyover nation.

  7. This sounds like Brian may have omites some of the original response. you know the part that didn’t conform to his story. Apple then had to make it clearer to other news sources.

    • What did I omit? There’s a link back to the original story if you’d care to enlighten us.

      • I know you know Brian, but don’t feed the trolls!

        Anyone who consistently reads hear knows you do a great job sidelining your bias (if you have any) for facts like all good journalists should. I see plenty of tech blogs that use your site as a source.

  8. While it’s cute to use GPS, I’m surprised they aren’t willing to rely on cellular network to determine whether they’re allowed to operate.

    Certainly if cellular network is disabled and someone wants to use this feature, I’m not opposed to the phone checking. But cellular networking is generally enabled and thus relatively cheap vs the GPS subsystem.

    • I believe that in iOS, the only way for an app to request the phone’s location is to use the Location Services API.

      Internally Location Services manages (and hides away) all of the complexities of determining the location using all of the data sources available on that particular device, which may include GPS, GLONASS, cellular-based location information, WiFi-based location data, and possibly others that I’m not aware of.

      The client does not get to choose which technologies do or do not get used to fulfill its requests.

      Any use of Location Services causes the indicator to appear in the status bar.

  9. Who buys and uses iphone anyway? Android is a way to go for any normal person.

  10. Airdrop is how you wind up with illegal and offensive content that is sent by strangers and jerks in an office. With such small on-device torage, there’s no reason why any iphone owner would bother keeping Airdrop on.

    I don’t believe Apple that anyone uses it with enough regularity that it needs to constantly poll for other nearby iphones.

    This UWS is just another battery and privacy killing unwanted feature.

    • If you set Airdrop to only receive content from your contacts, you won’t have problems with unwanted material.
      Storage is not an issue on my phone. I’m using 50GB of the 256GB storage on my iPhone 8+. I clean up unwanted / unneeded items on my phone and don’t try to document my entire life on my phone. In this respect, YMMV.

      • I live comfortably in my little 16gb space, offloading my personal life, photos, and music to other places. Something small enough to steal while I make a call on the bus isn’t where I’d leave my life’s data.

        So even if it were set up to only receive Airdrop files from contacts who aren’t into creepy things, I wouldn’t want their files on my phone.

  11. Haha! I can see in the future celebrities accidentally sharing their nude pictures and sex videos by “accidentally” pointing their iPhones towards someone else’s…

  12. It sounds like a porn distribution point. Interesting. An uncontrollable as of yet communication port. You cannot turn it on or off, but” it’s a new feature”. Ah? A spy point? A insecure function, useful to sneak secure items, thru a area, by local distribution, and recollect that information elsewhere? Sounds like a bond movie, a bad one.

  13. I’m pretty sure Apple lied by omission about the UWB feature.

    What they’ve been doing is using everyone to beta test this feature/function to work out the optimum ping Tx power and required Rx sensitivity (roughly equals filtering DSP power consumption) by having all capable iphones search for other iphones and try various settings out and then phone home what settings give what ranges with what tradeoffs.

    It’s actually a sensible way to do this, but why be so disengenuous about it?

  14. anthony werdein

    Doesn’t GPS tell where are and if so it sounds like Apple didn’t link the two together to be smarter. If the UWB looked at GPS and determined you were in a “good area” have UWB on, if GPS determined you were in a prohibited area UWB off. Simple solution that is if GPS can make the determination.

  15. Jeffrey Strubberg

    Sounds eminently hackable to me. Wait until someone carries one of these to a Black Hat conference…

  16. Someone at Apple screwed up here, maybe a few people.

    The location usage should have been noted but they probably thought that, since it was local-only, that wasn’t required.

    The more serious problem is blowing off the queries about it. We al know the old adage, “If the customer says you have a problem, there’s a problem”. Exactly. It might not be YOUR problem but there is A problem, and one that must be addressed.

    In this case, the hardware and software didn’t have a problem and the person(s) at Apple thought that was all there was to it. Wrong. The problem is that Apple hadn’t explained what was going on, and blew off the queries. Bad call.

  17. Thanks for your efforts.

  18. I use Apple devices and yet I don’t fall into the status quote of defending Apple by default. I think their privacy pitch is just that, a marketing ploy that Apple believes makes them look less evil against the likes of Google. I never believe devices like smartphones are by design privacy focused. Much of their usefulness comes from tracking you and certainly apps do this as well. You can only mitigate this to a point and then it start to affect how well the smartphone actually benefits you as a user. I agree over reach into gathering personal information is a problem and controlling it by the user is difficult and sometimes confusing.

  19. Apple isn’t more or less evil than Google. It just thinks differently than Google. AirDrop – yet another proprietary Apple non-standard feature.

  20. Thanks for these articles, I had been wondering about this since I got mine and figured it out through trial and error, am looking forward to an update that eliminates this, even if it’s more an annoyance than anything (I think/hope

  21. It would seem to me, that the statement:

    “Ultra Wideband technology is an industry standard technology and is subject to international regulatory requirements that require it to be turned off in certain locations,” the statement continues. “iOS uses Location Services to help determine if iPhone is in these prohibited locations in order to disable Ultra Wideband and comply with regulations. The management of Ultrawide Band compliance and its use of location data is done entirely on the device and Apple is not collecting user location data.”

    is a cop-out.

    The device has more than enough sensors to determine from the last known location + sensor data + math to see if you’re in the region before ever ASKING YOU to TURN ON any radios.

    Welcome to your new tracking device… that you paid for.

    Have you ever asked yourself WHY smartphones have so many sensors? Who is gaining from knowing withing 3m where your phone is, and what it’s current position is? Are you looking at it? Are you reading this page on your phone?

    Someone is monetizing that data.

  22. Apple has never said deactivating the geolocation of each app would fully disable system geolocation (in this case for UWB: only when setting airplane mode on, it is written on their doc..).
    You are saying the opposite through two consecutive posts; everyone here and on the mutiple press articles are missing this fact, I guess mainly because Apple said they will create an option to activate UWB or not.

    Btw, interestingly you are switching of person when talking about yourself, first it is “KrebsOnSecurity ran a story this week that puzzled over”, next paragraph it becomes “I published Tuesday’s story mainly because Apple’s initial and somewhat dismissive response — that this was expected behavior and not a bug — was at odds with its own privacy policy”.