The iPhone 11 Pro apparently has a habit of behaving in a way its users have expressly forbidden. Apple’s flagship handset intermittently tries to collect users’ location information, despite user settings on applications and system services that indicate the data shouldn’t be requested, according to a report published Tuesday by KrebsOnSecurity.
The policy explains how to disable location-based services, but security reporter Brian Krebs found that some system services for the iPhone 11 Pro — and possibly other iPhone 11 models – can’t be disabled by users without turning off locations services. Krebs said his discovery suggests that a privacy vulnerability exists in either the new iPhone Pro or iOS 13.x or both.
Apple has taken high-profile actions championing user privacy. In 2016, for instance, it refused to alter its software so that the FBI could access an iPhone 5C tied to the San Bernardino terrorist incident, arguing that the change would create a back door to all other iPhones. Last year, it unveiled features for its Safari browser that could disable tracking tools Facebook and Twitter use to keep tabs on people’s browsing habits.
Krebs said he sent a video to Apple in November that showed the handset still seeking location information when apps and system services were set to “never” request location information but main Location Data service was still active.
“We do not see any actual security implications,” an Apple engineer wrote in a response to KrebsOnSecurity. “It is expected behavior that the Location Services icon appears in the status bar when Location Services is enabled. The icon appears for system services that do not have a switch in Settings.”
Apple didn’t immediately respond to a request for comment.