03
Dec 19

The iPhone 11 Pro’s Location Data Puzzler

One of the more curious behaviors of Apple’s new iPhone 11 Pro is that it intermittently seeks the user’s location information even when all applications and system services on the phone are individually set to never request this data. Apple says this is by design, but that response seems at odds with the company’s own privacy policy.

The privacy policy available from the iPhone’s Location Services screen says, “If Location Services is on, your iPhone will periodically send the geo-tagged locations of nearby Wi-Fi hotspots and cell towers (where supported by a device) in an anonymous and encrypted form to Apple, to be used for augmenting this crowd-sourced database of Wi-Fi hotspot and cell tower locations.”

The policy explains users can disable all location services entirely with one swipe (by navigating to Settings > Privacy > Location Services, then switching “Location Services” to “off”). When one does this, the location services indicator — a small diagonal upward arrow to the left of the battery icon — no longer appears unless Location Services is re-enabled.

The policy continues: “You can also disable location-based system services by tapping on System Services and turning off each location-based system service.” But apparently there are some system services on this model (and possibly other iPhone 11 models) which request location data and cannot be disabled by users without completely turning off location services, as the arrow icon still appears periodically even after individually disabling all system services that use location.

On Nov. 13, KrebsOnSecurity contacted Apple to report this as a possible privacy bug in the new iPhone Pro and/or in iOS 13.x, sharing a video showing how the device still seeks the user’s location when each app and system service is set to “never” request location information (but with the main Location Data service still turned on).

The video above was recorded on a brand new iPhone 11 Pro. The behavior appears to persist in the latest iPhone operating system (iOS 13.2.3) on iPhone 11 Pro devices. A review of Apple’s support forum indicates other users are experiencing the same issue. I was not able replicate this behavior on an older model iPhone 8 with the latest iOS.

This week Apple responded that the company does not see any concerns here and that the iPhone was performing as designed.

“We do not see any actual security implications,” an Apple engineer wrote in a response to KrebsOnSecurity. “It is expected behavior that the Location Services icon appears in the status bar when Location Services is enabled. The icon appears for system services that do not have a switch in Settings” [emphasis added].

Apple has not yet responded to follow-up questions, but it seems they are saying their phones have some system services that query your location regardless of whether one has disabled this setting individually for all apps and iOS system services.

Granted, the latest versions of iOS give users far more granular control over the sharing of this data than in the past, especially with respect to third-party apps. And perhaps this oddity is somehow related to adding support for super-fast new WiFi 6 routers, which may have involved the introduction of new hardware.

But it would be nice to know what has changed in the iPhone 11 and why, particularly given Apple’s recent commercials on how they respect user privacy choices — including location information. This post will be updated in the event Apple provides a more detailed response.

Update, Dec. 5, 2:53 p.m. ET: Apple disclosed today that this behavior is tied to the inclusion of a new short-range technology that lets iPhone 11 users share files locally with other nearby phones that support this feature, and that a future version of its mobile operating system will allow users to disable it. More information can be found at this story.

Tags: , ,

73 comments

  1. Is this feature needed to allow the iPhone to be remotely wiped in case it’s lost or stolen?

    Disclaimer: I don’t own an iPhone.

    • If you watch the video, it shows the option slider next to Find My iPhone service (and every other service that can request location info) also was unticked.

      • Take this with a grain of salt because:
        1. He did not turn off Location Services switch.
        2. He left Location Alerts alone and that is typically on by default.

        He should have at least done his due diligence before doing all this.

    • Take this with a grain of salt because:
      1. He did not turn off Location Services switch.
      2. He left Location Services alone and that is typically on by default.

      He should have at least done his due diligence before doing all this.

      • You keep repeating the same misinformation.
        Read the article again. Every sentence.

        Read up on what these toggle options are supposed to do and why.

        In previous versions of the iPhone, turning off all individual services was sufficient… as there were no “hidden” location services that could not be turned off independently of the main switch.
        The article says, “The policy explains users can disable all location services entirely with one swipe” and “some system services… cannot be disabled by users without completely turning off location services”.

        The “alerts” toggle switch being on, should not be a location service itself, so it being on, does not cause any other app or service from requesting location services.

        So yes, users “can” COMPLETELY disable location services. That’s not the concern here. The concern here is that there is a new service running in the background that is hidden and doesn’t have its own location toggle. This is not a security bug, correct… but it is a privacy concern every time a company like Apple adds a new function that is hidden from the user.

  2. Federal E911 rules require the devices to know where they are at all times. Won’t get into the weeds here, don’t own an iPhone and never will, but it seems likely to me that this behavior is connected to E911 services that nobody is allowed to opt out of.

    • If you watch the video, it shows the option slider next to Emergency Calls/SOS service (and every other service that can request location info) also was unticked.

      • My hunch: Providing location to law enforcement is “baked in” to iOS and cannot be turned off, and is not tied to the location indicator triangle. Emercengy Call/SOS has additional features beyond the FCC’s, such as providing location to designated contacts, and that can be turned off.

    • Have you read Snowden’s book?

  3. Brian, you are brilliant! Keep up the hard work and God bless you and your staff!

  4. “We do not see any actual security implications. It is expected behavior that Apple executive will tell you one thing off stage so that we can sell you more iPhones and prove that we’re better than Android but then do another thing behind your back. As long as it’s done in a whispering grandiose voice on stage nobody will notice.”

    Is that what the quote should’ve read, Bryan?

  5. It just seems to me like Apple is competing with Googles new requirement to have location services enabled in order to use bluetooth. The timing of these two things sure does look like quite a kawinky dink!

    Almost like as-if Apple is firing back in a data-turf war for who gets the most built-out database the soonest, mapping realtime networking nodes

    And the word that just keeps popping into mind is ‘disingenuous’, as I read through that post

    • Only that Apple in the past have been the ones who didn’t care much for doing such a thing. They just want our money, lots of it. And they’ve been one of the few who are not ashamed to just ask for it. In return we got none or significantly less bs like this.

    • I’m curious if this is Bluetooth related also. What happens when Settings->Bluetooth is also ticked off? Android considers background Bluetooth scanning to be “location awareness”, I wonder if iOS now does too.

  6. https://googleblog.blogspot.com/2011/11/greater-choice-for-wireless-access.html?m=1

    It has been a long time since Google set up the _nomap feature. I wonder if Apple also honors it since you can only have one SSID. For that matter, does Google even honor it.

    • The _nomap thing competes for the stupidest feature with websitess’ robots.txt and browsers’ Do-Not-Track header. All three are useless, and in case of robots.txt, potentially dangerous as they might unintentionally leak sensitive URIs.

    • Well that link has depressed me. I don’t have time to keep up with all this but WTF! Why should I need to opt out of anything when it’s related to my personal home and never has been something Google or any of the other tech giants have anything to do with.

      I think my only conclusion now is that if I ever meet someone that works for any of these communications/social networking companies the only thing I will say to them is “Are you not ashamed? How to you face yourself in the mirror every morning!”

  7. I wonder if this has to do with Apple’s new find-all-nearby-devices network to crowdsource location data for lost and stolen devices.

    https://www.wired.com/story/apple-find-my-cryptography-bluetooth/

  8. I ran into this issue when I was setting up my iPhone 11 from scratch a few weeks ago. I think it was triggered by my turning off location services by default in the first-time setup, and later turning individual ones on in airplane mode. When I reset the phone and set it up again with locations services on by default, and then manually turning nearly everything off, I haven’t yet seen an unexpected location ping.

  9. I didn’t understand what the big deal is until I read this comment on hacker news:

    “The menu allows you to turn off access to system services individually as well, it’s not just a menu for disabling app access case-by-case. That there are some system services which don’t have a toggle, while others do, is unexpected.”

    For those like me who didn’t bother to watch the video.

  10. It is also interesting to note that the cellular data usage of system services (iCloud, Siri, Push Notifications) are substantial even when those services are turned off.

  11. The Sunsine State

    The iPhone 11 is a highly “overpriced” cell phone, in my opinion .

  12. Jobs and his company very much respects privacy.

    Just not yours:

    “Even as the technology pioneer’s life is splashed across the big screen this week amid the opening of Aaron Sorkin’s “Steve Jobs” biopic, key aspects of the privacy Jobs fought to protect while alive endure many years after his death.

    At his family’s request, his grave is unmarked and the cemetery has not revealed its location. But that hasn’t stopped people from trying to find it.”

  13. man…. location services are on. check 0:35

    • Yeah after watching the video he never moved the slider to disabled “Location Services”.

      • Exactly, he NEVER toggled Location Services off, he did this on purpose, he is looking for attention.

        Take note he also did not go into Location Alerts, which is on by default.

        Clout chasing at its finest.

    • The article says, “The policy explains users can disable all location services entirely with one swipe” and “some system services… cannot be disabled by users without completely turning off location services”.

      So yes, users “can” COMPLETELY disable location services. That’s not the concern here. The concern here is that there is a new service running in the background that is hidden and doesn’t have its own location toggle. This is not a security bug, correct… but it is a privacy concern every time a company like Apple adds a new function that is hidden from the user.

  14. I remember Apple’s denial when caught with the battery life issue. As I recall they issued a new IOS release but never took responsibility. I’m guessing this is more of the same, intentional. Steve Jobs was concerned about privacy and government snooping but now he is gone. I suspect the new overseers have no such concerns.

    “Siri, Spymode on please!”

  15. I love my ZTE flip phone! 🙂

  16. So the next IOS hack will be to disable this or maybe even Set a fake permanent location.
    NSA office: Jim look at this, there are 3 million people in the Apple main office. How do they even fit in there?

  17. How does a casual Joe know if their phone is doing some kind of location sniffing? Or other background activity not shown?

  18. So I don’t see the issue, maybe you can give some more explanation. They probably don’t put sliders for system services that are not easily explainable. Are you saying because maybe they use your location data for traffic monitoring or something like that? At least they allow you to turn off location services completely if you choose. Also as long as you are connected to cell towers your phone is easily traceable by gov’t and service providers.

  19. I noticed the same thing happening on my iPhone 11 Pro Max. I only left the Find My iPhone location option enabled and disabled all the rest and still I would see the phone location arrow icon showing up every now and then. When I went to check which service used it (looking for the arrow next to it) I could never find out (also Fimd My iPhone didn’t use it) so I was really puzzled.

  20. Pall Ramanathan

    Many of the services would not work if location service is disabled. This has been true always not only in iPhone but all mobile phones. If location service is disabled, iPhone displayed location accuracy prompt to turn on location services, as far as I can remember.

    I have had pretty much all iPhone models.

    • Nobody is disputing that.
      The concern is that nobody knows which service is actually using location. All individual services are toggled off.

      In previous models, this would allow the user to have knowledge and granular control… now, there is something hidden going on.

      • The always-on service is stated in the policy: “If Location Services is on, your iPhone will periodically send the geo-tagged locations of nearby Wi-Fi hotspots and cell towers (where supported by a device) in an anonymous and encrypted form to Apple, to be used for augmenting this crowd-sourced database of Wi-Fi hotspot and cell tower locations”.

        • I get that…. it is just the wording is confusing, especially since there are several system services that do have toggles, that appear to do the same or similar functions of “augmenting this crowd-sourced database”

        • We called this war driving not so long ago.

  21. Hi Brian,

    I have a similar issue:

    iPhone 6, OS 12.1.3., location services turns on after starting fbook messenger, even if the app is running in the background.
    Have no option to turn off location services for this app in the phone.

    • Does not look similar.
      The video shows that no background apps are running. And the location icon doesn’t pop up when an app is opened…. but rather when airplane mode is turned off.

  22. ““We do not see any actual security implications,” an Apple engineer wrote in a response to KrebsOnSecurity.”

    – I think it has privacy issue implications and he (Apple Engineer) completely skirted that.

  23. “it seems they are saying their phones have some system services that query your location regardless of whether one has disabled this setting individually for all apps and iOS system services.”

    This is false. You’re stating that Apple is ignoring a setting that the user set. They aren’t. What they said, and what you emphasized, was that there isn’t a setting to individually disable certain unnamed services.

    “The icon appears for system services that ***do not have a switch in Settings***”

    They’ve stated the following quite clearly:

    1) A notification icon appears anytime Location Services is accessed.
    2) There is at least one Service that can access Location Services that does not have an individual setting to disable it.

    When you individually disable everything enumerated in the list but leave Location Services enabled, you will still see the notification because of the two above reasons.

    That means that you do not have 100% granular control over what accesses Location Services, Apple has decided that if Location Services is enabled then certain services will have access to it. AND more importantly the presence of the notification icon means that Apple isn’t hiding that access.

    That seems like a good thing. They’re saying “yes we feel like there are some things user can’t control AND they still should know about them.”

    • But they (Apple) don’t let them (users) know about them (services), as far as what they (services) are. All that is disclosed is the existence of some undefined access to location data for the device.

  24. Brian, this seems like there is a service without a Location Services toggle EXCEPT for the overall everything Location Services switch. Would an appropriate, more transparent solution, be to require any app/service accessing Location Services to have a toggle switch visible? That way recreating your video would work the way you are suggesting/expecting. If every app or service regardless of visibility had a toggle then theoretically turning them all of while leaving the overall Location Services on would still not trigger the menu bar Arrow icon, correct?

    – Sofa

  25. While the small diagonal upward arrow icon shows that location is being accessed, this indicator could easily be hidden. A “fix” would be to hide the arrow, while the location services are never fully turned off.

  26. It is a fundamental ask of consumers to be able to opt out of crowd sourced information gathering (like this wifi hotspot and cell tower database) even if anonymized.
    And to be able to opt out WITHOUT killing other services that may be useful to the user.

    This hidden service is not good… as it can only be turned off with the global switch… so any user wanting to disable only the analytics that don’t benefit the user themselves, is told by Apple that they don’t care. ‘You want some location based services, you MUST also participate in this crowd sourced database’.

  27. Whats the setting under Share my location and Location alerts?
    And Analysis sharing and roaming, etc

  28. My gut feeling (as an app developer):

    The Location Services is working as a broker service internally.
    In that roll, it periodically establishes and maintains a cached location for other services/apps to leverage.

    In other words…

    While the Location services is running:
    1 – On an established schedule, attempt to update the location as a cached value in memory. If it is not possible to update this value for some reason, maintain the original value and try to update again later.
    2 – If a service or app requests the location information from the location service, attempt to get the current location and serve the current location data to the requesting service/app and update the cached location data accordingly. If it is not possible to obtain the current location for some reason, provide the cached location data to the service or app as a fall back answer to “enhance” the user experience.

    The above is the only angle I can derive regarding the response that Apple provides.

    My thoughts/opinion:
    – Apple should take specific steps to describe – in detail if necessary – what the functionality of the Location Services is meant to be while enabled… and while disabled.
    – If the same beacon activity occurs while Location Services is turned off completely, then some I would have concerns.
    – When Location Services is enabled, does Apple (or any other cloud service) get data from the Location Services as a byproduct? If so, what is that information and how is it used/shared/leveraged?

  29. This feature is working the way it was intended to. Tracking all iPhone users at all times is what the government wants and should have. If you have nothing to hide and are doing nothing illegal, then you have nothing to worry about.

    The future is all about transparency. This is how we’re going to nab all the bad guys in the world.