...y'know what I find particularly nuts about this whole thing? That we only know about it because of that location icon in the status bar. Apple could have chosen to hide that icon for certain types of requests, and this story wouldn't exist.
I really hope that after this update is released, someone with checkm8 goes and checks what has actually changed. Not because I distrust Apple per se, but because we shouldn't be making discoveries based on a cosmetic icon.
Also, thank god for checkm8.
Edit: donkeyd, below, reminded me that this behavior is only on the iPhone 11, which isn't vulnerable to checkm8. Sigh...
> ...y'know what I find particularly nuts about this whole thing? That we only know about it because of that location icon in the status bar
It seems to me like discovering this from that status bar icon is a _good_ thing. It gives me more faith that the system isn't hiding particular types of calls from the user; that it's tying the system call to the icon being present.
Oh, the fact that researchers did find this absolutely speaks well of Apple! Although, there's a sort of confirmation bias here—if there's some other situation where requests go out and the icon never appears, we wouldn't know about it.
Yes and no. One of the results of iPhone 4's "antennagate" is that Apple changed the way the phone signal is displayed. They changed the algorithm, and made the signal bars more prominent in low signal situations [1]
I'm not suggesting they will change its behavior, but it wouldn't be unprecedented if they did.
EDIT: Changed the video start time to specific reference.
That was the first time I actually watched that conference.
Steve Jobs presents a convincing case. It's now clear to me that the media hyped up a non-issue, or at least one that was ubiquitous across the state of the art at the time. And Apple's response is perfectly reasonable.
What exactly is your problem with his explanation of the changes?
I have no problem or strong opinion regarding iPhone 4's antenna debacle, I'm only referencing what has happened in the past about issues hyped by the media, and how Apple has handled them.
iPhone 4/4s remain my favorite iPhone generations to date.
Isn't that because previously it was just a measure of signal strength and wasn't a good measure of data quality / latency / bandwidth? A proper signal meter takes both strength and noise into account.
Just out of curiosity, how would you recommend that they do this without affecting the experience for the majority of people using their devices that, frankly, don't care?
How else should we be discovering this as opposed to the icon? I feel like a prompt or something to allow this for something that happens so frequently is just going to get UAC'd.
The majority of people aren’t going to ask all their apps and services to stop tracking them. This is for the minority of users who might be being tracked by an abusive ex, or an employee at a big company who wants temporary privacy to do a job interview at another company without it getting flagged by HR. If the data is being collected, we have seen in the press that the odds are high that it is being monetized/sold.
This is talking about wideband location scanning, not location services for an app. Apple's location services already do allow you to turn them off on a per-app basis.
Who cares if your Apple device constrains location information when, stochastically speaking, other devices within your proximity won't.
This has been meta for a long time: WiFi, Bluetooth, cell towers, TPMS, just to name a few common mappings. UWB is yet another PHY contributing to the datapool.
With Apple devices, at least, the location of said devices is never reported to anyone other than the device owner. Apple uses anonymous Mac addresses that are mapped on device to do their triangulation and they don't identify to other devices. Even if another devices were keeping a list of every device that attempted to connect to it, it would never get the same value twice nor would it get an accurate address so it would be functionally useless to anyone trying to collect it using that info.
I would like there to be a process similar to disabling System Integrity Protection on macOS, which requires booting into recovery mode. From there you can gain kernel access and inspect whatever processes you want.
It won't happen, and I consider it a major problem with iOS.
I also feel like iOS should have such a mode, but I also imagine that if it existed there would be a million pages saying, "Hey kids, want to install this cracked game? It's easy, first get your dad's iPhone and turn off system integrity protection…" It already happens with enterprise certs.
Well for that specific case, you'd need your Dad's passcode to install the enterprise cert. But "Facebook Research" is a thing that happened.
I think there's more that could be done to make the process unappealing. What if the setting erased all data on the phone, a la unlocking the bootloader on Android? What if there was a one-week time delay before the setting took effect? What if you had to visit an Apple Store?
(I don't like that last option, because it makes research inaccessible to e.g. people in countries without Apple Stores. But it would be better than what we have now.)
> I would like there to be a process similar to disabling System Integrity Protection on macOS, which requires booting into recovery mode. From there you can gain kernel access and inspect whatever processes you want.
The biggest concern I'd have with this would be that it would almost certainly be abused to install undetectable surveillance software on devices, e.g. by a partner in an abusive relationship, or by overbearing parents on a child's device.
When you unlock the bootloader of an Android phone, Android (A) deletes all existing data on the device and (B) adds a big, red warning message to the startup screen. They're simple mitigations, but I have trouble imagining how someone in e.g. an abusive relationship wouldn't notice these changes.
Is it perfect? No, but everything in life is a tradeoff. And not being able to study our own devices is a big problem too.
That can be dealt with though. Could be like Safe Mode in Windows was/ used to be, where your wallpaper gets replaced by text saying you're in unprotected mode.
That could easily be disabled, though. The whole point of this mode is to allow users to tamper with the device, after all; it would be difficult to stop users from tampering with code which checked whether the device was in that mode.
The way this is done currently is in hardware. Manufacture of these devices is extremely restricted. It is unlikely that Apple will ever give these devices to non-Apple employees.
Not at all, iPhones are physical devices that obey the laws of physics(Apple would claim that they are magical but in reality, they are electronic devices).
This means you can analyze these devices and deduct the way they are working.
Having access to the system or the source code can make things easier but not having those doesn't mean you can't look for shenanigans.
It does make it much harder though and you can hide shenanigans in encrypted communications during seemingly benign situations where use of location data is expected.
Sure, the more access you have the easier it gets, but even if you have full source code access and full hardware access it doesn't guarantee anything. There was a very serious security bug in OpenSSL that went unnoticed for a year(Heartbleed). If the attacker is sophisticated enough, they can introduce complex bugs that are very hard to reason from the source code and maintain plausible deniability.
How would you verify the fix without a Jailbreak? All I can think of is continuing to rely on that stupid icon. I think I trust Apple to not just hide the icon and call it a day, but I find it quite disconcerting to think that if they did, we’d probably never know.
Reading location via GPS is passive with no outbound data transmission. As Apple explained, in line with the Apple engineer's prior response, there is a reason why this is not a privacy leak. It does not transmit the geo data off of the device at all. If they were transmitting it, people would see the data packets and want to know what it is.
I'm surprised there aren't hackers out there that have created a cell phone tower in a box to obtain all outbound traffic from a device and reverse engineered all the comms chatter to be 100% sure what's going on with phones.
Given that these devices exist and are in use by law enforcement to catch criminals, we know this is feasible.
and yet, this is OS 11 with no signs of camera and microphone access icon (we never know if a certain social media co is using our live camera in the background). Just saying that there is a lot of optics related to phone 'privacy'
I really hope that after this update is released, someone with checkm8 goes and checks what has actually changed. Not because I distrust Apple per se, but because we shouldn't be making discoveries based on a cosmetic icon.
Also, thank god for checkm8.
Edit: donkeyd, below, reminded me that this behavior is only on the iPhone 11, which isn't vulnerable to checkm8. Sigh...