Many iPhone users who upgraded their iPhones to the recently-released iOS 17 will be alarmed to hear that they may have actually downgraded their security and privacy.
That's because Apple took the opportunity to make a change to users' privacy settings - without asking for permission, and without even notifying users it was doing so.
Two security researchers who go by the name Mysk revealed that upgrading to iOS 17 can silently re-enable two privacy options that security experts have in the past recommended users switch off.
The options, "Significant Locations" and "iPhone Analytics", are buried deep within the settings of iOS. By default, they are enabled - but if you were sufficiently privacy-minded to have disabled them in the past, you would expect Apple to have respected your decision and not re-enabled them when applying the update to the iOS operating system.
So, what's the actual issue with these options?
Apple describes "Significant Locations" as a way to "allow your iPhone and iCloud-connected devices to learn places significant to you in order to provide useful location-related information in Maps, Calendar, Photos and more."
According to Mysk, the "Significant Locations" data remains local to your iPhone, and is not accessed by Apple. Nonetheless, you wouldn't want anyone else who managed to gain access to your device to be able to gather information too easily about locations you visit frequently, as it could put you at risk.
Data collected by "iPhone Analytics", however, is shared with Apple. Apple says that it "may include details about hardware and operating system specifications, performance statistics, and data about how you use your devices and applications. This information is used to help Apple improve and develop its products and services."
Apple continues, "if you have consented to provide Apple with this information, and you have Location Services turned on, the location of your devices may also be sent to help Apple analyze performance issues (for example, the strength or weakness of a mobile or Wi-Fi signal in a particular location). This analytics location data may include locations such as the location where a call ends or the location of a failed in-store transaction."
The company says that "none of the collected information identifies you personally," but I would still be worried that through examination of patterns of visited locations an individual might be identified.
Maybe this is only a concern for individuals with a high-risk of being targeted, but what disturbs me most is the principle of the thing. If I have chosen to disable certain privacy settings, I don't expect Apple to turn them on again - particularly not without informing me it is doing so.
You can check how your iPhone is configured by visiting Settings > Privacy & Security > Location Services > System Services.
If you have disabled the "Significant Locations" and "iPhone Analytics" settings, you should see something like this.
Stay safe, and remember to always check your privacy options are configured how you want them to be after updating your smartphone's operating system.
tags
Graham Cluley is an award-winning security blogger, researcher and public speaker. He has been working in the computer security industry since the early 1990s.
View all postsNovember 14, 2024
September 06, 2024