
Apple Explains Mysterious iPhone 11 Location Requests - feross
https://krebsonsecurity.com/2019/12/apple-explains-mysterious-iphone-11-location-requests/
======
jrochkind1
The surprisingly positive aspect of this is that a piece of system software
which is checking for location, which there is no toggle for in System
Services, which nobody even new existed at all...

...still makes the the Location Services icon flash! The Location Services
icon _really does_ flash when _anything_ uses Location Services, apparently.

This is no trivial thing to be thankful for, and hardly something I'm
confident will be universally true forever.

~~~
netsharc
Yeah, there's been cases where "This light means the webcam is active" and
"This hardware switch toggles the WiFi on and off" were overridable.

Well, then again, I don't want an Alexa or Google Home, but I don't mind
having an always-on Android phone with a microphone and 2 cameras...

~~~
autoexec
> I don't mind having an always-on Android phone with a microphone and 2
> cameras...

I'm not happy that I don't have the option of a hardware switch to disable the
cameras and mics on a phone, but I can do everything a smart speaker does
without bugging my home in the process.

If a company like samsung, LG, or Motorola offered a phone that really took
user privacy seriously I think they'd find a lot of people would be
interested, but until then I just have to assume my phone is spying on me at
all times and I limit how I use it and what data I enter into it as a result.

~~~
RandomBacon
> I'm not happy that I don't have the option of a hardware switch to disable
> the cameras and mics on a phone

Librem 5 is the phone you're looking for. Or a Pine Phone.

~~~
autoexec
I've looked into Librem phones from time to time over the years and every time
I check the phones are unavailable, usually back-ordered. I'm sure they've
managed to ship something at some point but I haven't seen anyone IRL who has
one. Pine seems to be about the same (maybe available next year although even
then you'll likely be using an OS that's in beta). Not encouraging.

As much as I'd love to support these kinds of products they just don't seem
ready.

~~~
nextos
If you prefer a bit of OS polish while Librem improves, why not using AOSP on
a Pixel or Xperia device?

~~~
autoexec
It'll be some time before I replace my current device, but once I do I'll be
looking for something that supports LineageOS or Replicant although that'd
still leave the hardware suspect.

------
BluSyn
This brings up an issue I wish iOS and Android would solve. Location data is
always very specific, as accurate as GPS or Cellular triangulation can offer
(down to the centimeter in some cases). However the vast majority of use-cases
don't need this level of precision. Maybe Maps for accurate directions require
this, but rarely anything else. In this case the OS simply needs to know what
country you are in, not what street corner you are on.

Why can't apps request less precise location data, and maybe let the user
choose this? Another common example is Twitter, Facebook, Instagram, and even
dating apps, don't need to know your location with precision, they usually
just want the city or zip code with relative accuracy. My Weather app doesn't
need to know what rock I'm standing next to for accurate forecasting.

~~~
jiqiren
iOS apps definitely do have this granular option. It's been around since iOS 2
SDK.

[https://developer.apple.com/documentation/corelocation/clloc...](https://developer.apple.com/documentation/corelocation/cllocationmanager/1423836-desiredaccuracy)

~~~
crazygringo
Very interesting. But when an app requests location permissions, it's still
the same message right?

There's no way of knowing whether the app will be using your exact location,
or just the city you're in?

~~~
dkonofalski
Correct. Room for improvement would be giving users the option to see this and
select/approve it.

~~~
bonestamp2
I'd also want the option to choose any location as the location my phone sends
to that app. I'd give each app a different city near me (when precision isn't
that important) just to add more noise to my precise location.

~~~
culturestate
As someone who jealously guards their personal data, I agree with you.

As a product manager/designer, I think that would end in disaster for any
consumer-facing company that implemented it. The number of people who would
enter random places, forget they did so, and then complain that their phone is
broken or the app doesn't work would be _staggering._

~~~
fulafel
Android has supported this for ages, just not customized per app. they put it
under dev options, i guesd to mitigate the demented user problem.

------
Wowfunhappy
...y'know what I find particularly nuts about this whole thing? That we only
know about it because of that location icon in the status bar. Apple could
have chosen to hide that icon for certain types of requests, and this story
wouldn't exist.

I really hope that after this update is released, someone with checkm8 goes
and checks what has _actually_ changed. Not because I distrust Apple per se,
but because we shouldn't be making discoveries based on a cosmetic icon.

Also, thank god for checkm8.

Edit: donkeyd, below, reminded me that this behavior is only on the iPhone 11,
which isn't vulnerable to checkm8. Sigh...

~~~
aspett
> ...y'know what I find particularly nuts about this whole thing? That we only
> know about it because of that location icon in the status bar

It seems to me like discovering this from that status bar icon is a _good_
thing. It gives me more faith that the system isn't hiding particular types of
calls from the user; that it's tying the system call to the icon being
present.

~~~
ProfessorLayton
Yes and no. One of the results of iPhone 4's "antennagate" is that Apple
changed the way the phone signal is displayed. They changed the algorithm, and
made the signal bars more prominent in low signal situations [1]

I'm not suggesting they will change its behavior, but it wouldn't be
unprecedented if they did.

EDIT: Changed the video start time to specific reference.

[1] [https://youtu.be/b9eXYOA8TCk?t=672](https://youtu.be/b9eXYOA8TCk?t=672)

~~~
hombre_fatal
That was the first time I actually watched that conference.

Steve Jobs presents a convincing case. It's now clear to me that the media
hyped up a non-issue, or at least one that was ubiquitous across the state of
the art at the time. And Apple's response is perfectly reasonable.

What exactly is your problem with his explanation of the changes?

~~~
ProfessorLayton
I have no problem or strong opinion regarding iPhone 4's antenna debacle, I'm
only referencing what has happened in the past about issues hyped by the
media, and how Apple has handled them.

iPhone 4/4s remain my favorite iPhone generations to date.

------
ogre_codes
As I mentioned on the previous story about this, my phone checking where it is
doesn't bother me. My phone sharing my location without me knowing does bother
me.

I'm far more bothered by the fact that my Roomba requests location data than I
am this. Seriously Roomba, WTF.

~~~
m463
Sometimes checking is sharing.

I think there are ways to design APIs to be more private, but noone seems to
do it.

For instance, one way to figure out your time zone is to send your location to
a server, which will return the time zone.

Another more private way might be to load a list of location vs timezones for
a region of the US, then calculate your timezone locally.

~~~
morganherlocker
I implemented something like this a couple years ago and the geometry files
used for timezone lookup were surprisingly large (~200 MB at decent
precision)! I ended up simplifying the geometries drastically to minimize data
requirements and compute burden of the lookups, but if you need higher
precision, server reverse geocoding may be your only option in constrained
environments.

~~~
m463
On the other hand, with my example the timezone data can be stored and used
locally until you leave the region.

------
chews
This is because Apple is silently building a survailance network for lost
devices, the UWB chip in the iPhone 11 is also in the Airpods Pro and will be
on all future Apple things. Say I leave my Airpods pro in the conference room
of an office I was at earlier for a job interview... with Apple's UWB magic,
any iPhone 11 can be used to find my airpods, not just mine... This is for
locational discovery of all future apple devices, this mesh network allows
someone to use your device as the exit to apples location servers.

~~~
NoPicklez
How do we not know that they would only allow discovery of devices linked to
your Apple account?

~~~
olliej
If you read the white paper it makes it clear that location information isn't
limited by policy (permissions, etc), but rather by actual cryptographic
techniques that need your devices to access. It is designed so that you can
always have find my X working without simultaneously requiring your
(unencrypted) location being sent to apple.

~~~
callalex
The only way we will know that those claims are remotely true is if they
release spice code. Until then, how can we know?

~~~
olliej
I mean if you're unwilling to accept a published document from them, then you
can't accept any claims by any company. Including Google + Android.

At least, unlike android, iOS indicated that the location system was being
used.

~~~
anoncareer0212
Android shows this. Not sure why Android is relevant in this thread, seems
like a pivot

------
rudolph9
I never get why cell phones don’t have the indicator light that tells you the
camera is on. Ideally this light would be physically linked to the power going
to the camera and the light would be impossible to disable without physically
altering the device. I’d like the same for the microphone. I think location
based stuff is a little more instantaneous in turn harder to accomplish but
generally speaking more indicators that cannot be disabled with software
tightly coupled with sensors potentially violating our privacy.

~~~
tenebrisalietum
> I never get why cell phones don’t have the indicator light that tells you
> the camera is on.

Reduces BOM, manufacturing cost, board space needed, and battery drain to
exclude it.

LEDs on phones were all the rage (at least one Blackberry model had an LED
accessible by apps IIRC) until Apple took the market by storm and then
everyone started copying their aesthetic.

> Ideally this light would be physically linked to the power going to the
> camera and the light would be impossible to disable without physically
> altering the device.

There's no way for you to verify unless you built the camera yourself or can
remove the camera.

~~~
tjoff
Many phones have LEDs but do not have software support for it. Sometimes it
goes a long time before someone recognizes that a LED hides in the speaker
grill and then boom, someone writes an app to enable it. The manufacturer was
contempt with adding a LED to a device and not caring if it ever was used.
Cost was not part of it.

Even google, on it's nexus 5, had a LED. A prominent RGB LED that could do
everything you ever wanted. Well, unless you relied on google for the software
which if possible made it worse than if it hadn't existed.

Then you open up the phone to replace the dying battery. And behold, multiple
SMA type connectors for external antennas(?) One wonders if a single person on
earth found a use for them. Cost optimization don't seem to be that important.

Now for the camera LED I don't think phone manufacturers want to even admit
that it is something anyone should be worried about. So their strategy is
likely to pretend that there doesn't even exist any issues to worry about.
Probably works out pretty well for them.

------
augstein
It is astonishing to me, that one of the best known IT security researchers
has to rely on a flashing icon to determine if location services were used or
not.

Apple could easily disable said icon in certain cases. This begs the question:
Isn‘t there a more reliable way to determine if an iPhone uses location
services and maybe even say for sure for what they are used?

~~~
willstrafach
Absolutely. You can reverse engineer components of iOS to find this out, and
analyze outgoing network traffic as a quick way to see what data is going out
to remote servers.

The icon, in this case, was a helpful indicator allowing others to easily
reproduce this test in minutes.

------
atemerev
"The management of Ultrawide Band compliance and its use of location data is
done entirely on the device and Apple is not collecting user location data."

Call me paranoid, but this statement is telling us that:

"The management of UWB compliance and the management of its use of location
data is done on the device" \-- which okays that the data can be used outside
the device, only the management needs to be done on the inside,

"Apple is not collecting user location data." \-- which could mean that some
other parties (not Apple) _could_ collect user location data.

------
GeekyBear
The thing that I find amusing is that we are talking about an implementation
of Google's own White Spaces initiative that is working as intended.

To use the same frequency band allocated to uses like television and radio
broadcasting without interference, you need a way to know which frequencies
are already in use by the local stations at your location.

>So-called "white space" frequencies have considerable benefits when compared
to traditional Wi-Fi signals, and now Google has created an API to make the
process of utilizing them easier. Companies using the Spectrum Database API
will be able to search for frequencies unoccupied by TV or radio signals in
specific areas of the United States, and register equipment that uses those
frequencies to broadcast wireless internet.

Google has championed unlicensed TV white space (TVWS) over the last few
years. The FCC approved the use of Google's TVWS database in June, after tests
began in March.

[https://www.theverge.com/2013/11/15/5106218/google-
database-...](https://www.theverge.com/2013/11/15/5106218/google-database-api-
brings-white-space-broadband-closer)

Apple appears to be doing nothing more than querying a local copy of the
database to look up which frequencies must be avoided at the current location.

All the Android phones that adopt ultra wideband technology will have to do
the same thing.

~~~
jrockway
UWB is not White Spaces.

White Spaces was a plan to make frequencies once allocated to analog TV
broadcasters unlicensed (similar to the existing ISM bands). This would give
things like WiFi access points more spectrum to use, without fundamentally
changing how the protocols worked. (Same signal, different RF frontend for the
new frequencies.)

UWB is a very low-power spread-spectrum technique. It decreases power and
increases the bandwidth used to achieve a usable channel capacity. The idea is
that the power is so low that it won't interfere with licensed users, even
though it's using licensed frequencies. The downside is that it's a lot more
complicated and requires new hardware and electronics techniques to implement.
(I assume the reason it's disabled in some regions is because they haven't
convinced the relevant authorities that it doesn't actually interfere with
licensed users while using their spectrum.)

------
dang
The previous related thread:
[https://news.ycombinator.com/item?id=21699576](https://news.ycombinator.com/item?id=21699576)

------
newbalance
This is simply a case of a new system service of which there are many:
Location, Photos, Calendar, etc. and now, Ultra Wideband (UWB), being rolled
out without being tied into the existing permission model.

[https://developer.apple.com/design/human-interface-
guideline...](https://developer.apple.com/design/human-interface-
guidelines/ios/app-architecture/requesting-permission/)

------
heliophobicdude
If Apple introduces tile like competitor, would it lower the threshold for
creepy and stalky folks to track others? Would it be as easy and slipping in a
Apple Tile and its location be crowdsourced back to Apple and therefore to the
stalker?

~~~
chews
Yep, it’s a beta called B389

~~~
willstrafach
Technically, that is the hardware product codenames (Closely tracking with
AirPods it seems, B188 and B288)

------
yalogin
This is actually awesome. If Apple wanted they could have made the indicator
not show up at all when that feature uses location. This means they are
staying true to the promise.

------
walterbell
Location-check icon still appears on iPhone 11 when Airdrop is disabled via
Apple Configurator policy and location permission denied for all Apple system
services.

Is UWB used for features other than Airdrop? Location reporting of nearby
tags/devices?

One avenue of investigation would be to capture all iPhone 11 traffic via VPN
(e.g. Charles Proxy) and correlate network traffic with appearance of the
location indicator.

~~~
willstrafach
This test would not yield a useful result in this particular case, as the data
is processed locally on-device and is not sent to a remote server.

------
betoharres
in other words: "yes we can have your location at any time, and we are not
collecting the data, I promise!"

~~~
kalleboo
Turning off Location Services completely still turns this off. There is just
no specific switch to turn only this off (so if you turn off all the other
specific switches, this stays on).

------
lzsiga
I seem to have missed something:

Apple claims Location Services cannot be disabled because it is needed for
Ultrawide Band (UWB) compliance.

And what about UWB? It cannot be disabled either? Do you have a say if someone
wants to send you a file 'simply by pointing at your iPhone'?

~~~
jrockway
Airdrop is not a new feature. You can whitelist people that can use it on you.

------
simon_acca
It seems that the answer raises even more of an eyebrow than the original
question... why is UWB active in devices if no end-user application can yet
benefit from it?

~~~
comex
AirDrop already benefits from it.

~~~
whoopdedo
Does iOS still make location requests when AirDrop is turned off?

~~~
walterbell
Yes,
[https://news.ycombinator.com/item?id=21719040](https://news.ycombinator.com/item?id=21719040)

------
CamperBob2
_“Ultra Wideband technology is an industry standard technology and is subject
to international regulatory requirements that require it to be turned off in
certain locations,” the statement continues. “iOS uses Location Services to
help determine if iPhone is in these prohibited locations in order to disable
Ultra Wideband and comply with regulations. The management of Ultrawide Band
compliance and its use of location data is done entirely on the device and
Apple is not collecting user location data.”_

Ridiculous. The phone always knows very well what country and what regulatory
region it's operating in. Otherwise, how could it know what cellular bands to
use?

~~~
kalleboo
> _Otherwise, how could it know what cellular bands to use?_

By passively listening for what bands are being broadcast on? I mean, dumb
phones without any kind of location support whatsoever could do that, without
determining what regulatory region they are in.

~~~
CamperBob2
_By passively listening for what bands are being broadcast on?_

Exactly, that's my whole point. Obviously I didn't make it clearly enough.

Are you in the 0.0001% of the planet's populated area where the local cell
network doesn't tell you roughly where you are? Fine, _then_ turn on location
services. That's almost never going to be the case.

------
blazespin
The only way to ensure location privacy is to interfere with GPS. When you
wish to use the location feature, turn off the GPS interference. As such
technique is pretty esoteric, it's unlikely Apple will develop counter
techniques until it becomes more popular.

As has been mentioned before, relying on some icon on your screen is rather
naive unless Apple has provided some legal assurance that we can.

It would be a good question to pose to Apple - can the icon be overridden to
not be shown or shown so quickly that it is effectively invisible?

