Is the Apple iPhone 11 Pro keeping a log of your location data, even if you have told it specifically to not do that? A new security research seems to suggest that the Apple iPhone 11 Pro is tracking your every move. The discovery was made by Brian Krebs of KrebsonSecurity on an iPhone 11 Pro running iOS 13.2.3 update. Krebs says that the iPhone 11 Pro uses its GPS module to track location periodically, even when the Location Services may be turned off. The hint is the Location Data icon in the notification bar that pops up from time to time, he says. But is it really that?
Interestingly enough, in the video which Krebs shares (you can see that here) as proof to suggest that the iPhone 11 Pro is collecting data even though he says location services are turned off, it is perhaps important to note a few things in the settings of the iPhone 11 Pro he is using to demonstrate this apparent dereliction of privacy by Apple. First up, note how the primary Location Services toggle is left in the “On” position, indicated by the green colour on the toggle control. Secondly, while Krebs has disabled location data access for system services such as Apple Pay Merchant Identification, Find My iPhone, Compass Calibration and Setting Time Zone, he still leaves the Location Services toggle in the “on” position. It wouldn’t take a lot of common sense to imagine that while access of location data to certain services has been turned off, the location data collection and access still remain enabled. That is, iOS had not been told to not turn off the tap to the location collection hardware in the iPhone.
“We do not see any actual security implications. It is expected behavior that the Location Services icon appears in the status bar when Location Services is enabled. The icon appears for system services that do not have a switch in Settings,” says an Apple engineer, as reported by KrebsOnSecurity.
I attempted to replicate the same on an Apple iPhone 11 Pro, but have not been able to get the same results which this security research seems to be hinting at. With the Location Services option toggled to “Off”, the iPhone 11 Pro did not ping for any location data and there was no notification bar icon as well to indicate the same—as there was when the Location Services option was set to “on”. Everything remained off, as it should when Settings -> Privacy -> Location Services -> Location Services toggle Off was the setting. As it should be, if you want to completely turn off location services on your iPhone.
Also, a look at the detailed System Services settings for the Location Services indicated the particular options that had pinged for location data in the recent past, such as Wi-Fi Networking. But for the options that I had anyway kept switched off, such as Location-Based Alerts and Location-Based Suggestions, there was no icon which indicated that these services had attempted to ask for location data, or had access to any location data.
Apple has already clarified that there is no such thing as Location History in iOS, or macOS or iPadOS, for that matter. “Personalized features, like locating your parked car, are created right on your device. Data used to improve navigation, such as routes and search terms, is not associated with your identity. Instead, that information is based on random identifiers that are constantly changing,” says Apple’s new privacy document.
Apple made another significant change in iOS 13 with regards to how apps get access to your location data. As a user, you now have the power to choose between Anytime, only when the app is in use or never options for every single app that you may have installed on your iPhone. If you do not want an app to access your location data when you aren’t using it, you can select the “only when app is in use” option. The moment you close the app, iOS blocks the stream of your location data to the app. If an app still persistently asks for your location in the background, iOS 13 after a period of time will notify you with the details of exactly when the app requested for the location data and whether you want to give it access or not.
This research seems to be a bit like you reach home one day after toiling at work, park your car, exit the said car, lock it but don't turn the engine off and then be puzzled the next morning why it has drained most of (if not all) the fuel.
It is not really a puzzle, is it, when the Location Services are left in the “on” setting?