Apple Passive-Aggressive PR Sparks Privacy Fear (Yet Again)

Why is Apple so bad at answering simple questions? Yet again, its PR team issued a generic non-statement in response to a legitimate privacy concern.

When asked by a respected security journalist why an iPhone 11 with the system-services location slider set to Off was still polling for the phone’s location, Apple said it was working as expected. “We do not see any actual security implications,” was the tone-deaf codicil.

When will they learn? In today’s SB Blogwatch, we’re holding it wrong.

Your humble blogwatcher curated these bloggy bits for your entertainment. Not to mention: You’re not the girl for me.


AAPL PR FAIL

Let’s all climb aboard the Brian Krebs cycle—“Mysterious iPhone 11 Location Requests”:

 [I] ran a story this week that puzzled over Apple‘s response to inquiries about a potential privacy leak in its new iPhone 11. … I published Tuesday’s story mainly because Apple’s initial and somewhat dismissive response — that this was expected behavior and not a bug — was at odds with its own privacy policy.

What prompted my initial inquiry to Apple … was that the location services icon on the iPhone 11 would reappear every few minutes even though all of the device’s individual location services had been disabled. … Apple does itself and its users no favors when it takes weeks to respond … to legitimate privacy concerns, and then does so in a way that only generates more questions.

In a [new] statement … Apple said the location beaconing … was related to Ultra Wideband technology. [It] appears because the device periodically checks to see whether it is being used in a handful of countries for which Apple hasn’t yet received approval to deploy Ultra Wideband.

“iOS uses Location Services to help determine if iPhone is in … prohibited locations in order to disable Ultra Wideband and comply with regulations. The management of Ultrawide Band compliance and its use of location data is done entirely on the device and Apple is not collecting user location data.”

Ultra whatnow? Adam Ismail explains—“It has everything to do with AirDrop, 5G and the future”:

 ”Ultra wideband” refers to a class of radio waves that allow for high-bandwidth data transmissions over short distances. … Apple employs ultra wideband so that its hardware can detect other Apple devices equipped with ultra-wideband support, presumably for rapid peer-to-peer data exchange.

Cupertino is thinking up ways to let users AirDrop files simply by pointing phones at one another. However, because ultra-wideband technology deals in electromagnetic radiation, it’s highly regulated worldwide — for health reasons and to avoid interference

So if you’ve ever seen that pesky location-services arrow icon pop up when you’re dead certain you’ve turned off just about everything that could be using it, you can sleep softly now — your location wasn’t being mined against your will. Well, at least this time.

But why didn’t Apple just say so the first time? Zach Whittaker wonders why it “declined to comment”:

 Apple could have said something days ago, immediately squashing rumors with a simple explanation. But it didn’t.

That absence of explanation only welcomed speculation. … Apple’s delayed response made this a far bigger issue than it ever had to be.

And Will Strafach—@chronic—agrees:

 Why [did] Apple not answer for this directly?

it would be totally acceptable … to respond: “This was due to the XXXX daemon pulling information from CoreLocation, which does not have a switch to disable in the Settings app. We will add this in a future update.”

This is [an] unforced error on Apple’s part. When you put privacy front and center, it makes sense to have answers … when asked about something related to privacy.

Not having this info on hand in the first place was a silly mistake.

However, jrochkind1’s glass is half full:

 A piece of system software which is checking for location, which there is no toggle for in System Services—which nobody even knew existed at all—still makes the the Location Services icon flash!

The Location Services icon really does flash when anything uses Location Services, apparently. This is no trivial thing to be thankful for, and hardly something I’m confident will be universally true forever.

Yet Prakash Sangam—@MyTechMusings—muses thuswise:

 Do you get a feeling that many of the privacy features on your devices are toy buttons to make consumers happy, not doing a thing for real security?

And JustAnotherOldGuy sounds slightly sarcastic:

 No corporation would ever lie about what they’re doing, and especially not Apple.

Still confused? dkokelley got your back, with this summary:

 Individually disabling “system services” in location services doesn’t disable all system services. Yeah that … should be changed.

Meanwhile, superdave80 finds it almost Proustian:

 Sometimes Apple is really full of ****.

And Finally:

Postmodern Mom

Previously in And Finally


You have been reading SB Blogwatch by Richi Jennings. Richi curates the best bloggy bits, finest forums, and weirdest websites… so you don’t have to. Hate mail may be directed to @RiCHi or sbbw@richi.uk. Ask your doctor before reading. Your mileage may vary. E&OE.

Image source: iphonedigital (cc:by-sa)

Richi Jennings

Featured eBook
7 Must-Read eBooks for Security Professionals

7 Must-Read eBooks for Security Professionals

From AppSec to SecOps, Security Boulevard eBooks deliver in-depth insights into hot topics that matter to the Cybersecurity and DevSecOps professionals. Our staff of writers are the best in the business, with decades of practical and award-winning experience and credentials. We are excited to share our 2019 favorites. Take a look and download some of ... Read More
Security Boulevard

Richi Jennings

Richi is a foolish independent industry analyst, editor, writer, and fan of the Oxford comma. He’s previously written or edited for Computerworld, Petri, Microsoft, HP, Cyren, Webroot, Micro Focus, Osterman Research, Ferris Research, NetApp on Forbes and CIO.com. His work has won awards from the American Society of Business Publication Editors, ABM/Jesse H. Neal, and B2B Magazine.

richi has 179 posts and counting.See all posts by richi