Security researcher Brian Krebs found in an investigation that the recently launched iPhone 11 Pro was sharing the user's location data despite the feature being disabled in the phone's settings. Apple admitted that this was "expected behaviour" and there was nothing to worry about in terms of security.
Krebs published a blog with his findings of the possible security bug and contacted Apple about the same. The company responded to him by saying that it did not "see any security implications" and that it was "expected behaviour." It was because of a short-range (ultra-wide band) technology that allowed iPhone 11 users to share files locally with nearby phones using AirDrop. However, Apple said that a future version of iOS will include an option for users to disable it.
What's actually going on?
In another statement to KrebsOnSecurity, Apple went into detail explaining that the issue was related to the ultra-wide band (UWB) technology that was used on the newer iPhone 11 and 11 Pro models. It enables spatial awareness for the device so that it can understand its relative position to other devices using the same technology. To ensure this feature worked seamlessly, iOS uses Location Services to pinpoint the location of the other iOS devices supporting the feature to enable data transfer via AirDrop. Location Services can be individually disabled for the installed apps or it can be completely disabled for the device. If you choose the latter, then the location wasn't being shared. However, users will obviously opt for the former option. Apple said that the UWB compliance is done on the device entirely and none of the data is collected or sent to anyone.
During his investigation, Krebs found that the location services icon would keep reappearing every few minutes. This happened even after he had disabled the location services of every installed app individually. In its statement, Apple said that the icon will appear whenever a system service tries to use UWB, which doesn't have a switch in the settings.
Apple said that it will add a toggle in the System Services menu so that users can choose whether they want to disable UWB activity. This feature will be pushed over an iOS update but there's no confirmation when it will arrive. However, disabling this feature won't let you take advantage of the U1 chip's features for AirDrop.
What is UWB technology?
The inclusion of UWB in the new lineup of iPhones was made possible with the U1 chip. It's a UWB radio and processor that can work like short-range radar or high-speed data links like Wi-Fi and Bluetooth but that's where the similarity ends. UWB operates across the available wireless spectrum (> 500 MHz), but at much lower power, meaning that only devices within a certain radius can hear the signal.
Rather than flood the frequency band with data, a UWB system transmits data in precisely timed pulses. A receiver tuning into the signal will not only receive data, but also the precise range and direction of the source (taking advantage of the Doppler effect). This is key to what makes UWB special.
The same U1 chip on the iPhone 11s makes AirDrop better. AirDrop is Apple's short-range wireless file transfer mechanism that has basically replaced USB if you work within the Apple ecosystem. Where AirDrop was a bit more indiscriminate " anyone with AirDrop turned on could send or receive data to and from anyone else " U1-powered AirDrop will allow you to point the phone at the device you want to AirDrop to or from, reducing some of the ambiguity that can go into wireless data sharing.