zlacker

Not mentioned in the headline: When the user is _not_ logged in, iOS collects "location" whereas Android does not.

I am actually a little surprised that iOS would gather this information. What use would it serve?

>>mankyd+(OP)
Find my iphone?

>>mankyd+(OP)
You really expect the headline to list out arbitrary specific examples?

>>mankyd+(OP)
Find My Phone? It is a choice to enroll in this, and it’s mighty convenient when you lose or get your phone stolen.

>>mankyd+(OP)
Might be for crowd sourcing open wifi location data.

>>onedog+O
That works when you're not logged in?

>>mankyd+(OP)
It's possible this is referring to this feature: https://krebsonsecurity.com/2019/12/apple-explains-mysteriou...

Generally speaking, Apple is drastically better about location services privacy. For instance, Apple Maps does not tie any location data nor direction requests to your Apple ID, and regularly rotates identifiers for devices used by the service: https://support.apple.com/en-us/HT212039

>>onedog+O
No, it's the location it uses to report to Apple Maps for the purposes of improving traffic.

>>jayd16+61
One of the services Apple generally provides is that a phone is locked to a given Apple ID, such that if you wipe it, it still knows it belongs to a given owner, and you need to unlock that for someone else to activate it. It wouldn't be unreasonable to suggest Apple would want Find My iPhone to work even after it's reset.

That being said, my theory is in another comment.

>>jayd16+61
Yes, when your phone is locked, but only if you've logged the phone into your iCloud account.

>>judge2+K1
Much, much more than traffic, though that is useful. The anonymized probe data is used to refine business driveways inferred from satellite imagery, for example. That’s why suddenly Maps can often route you to the correct parking lot instead of a nearby curb. Think about it: if you know a phone is navigating to Safeway, where the user stops navigation is potentially interesting in aggregate and divulges almost nothing except the average parking preference of an iOS user.

Source: Worked on that. One example of hundreds.

>>jayd16+61
Can you even imagine? Lost your phone? Did you make sure that you were logged in before you lost it? Did the thief reset the phone and log you out? Oh, guess you can't find your phone now. Sorry.

>>the_du+D
This is for logged-out. I believe find-my-iphone is only for users logged into their iCloud accounts.

>>ocdtre+I1
That link is returning "429 Too Many Requests." What feature is it you're referring to?

>>6gvONx+Aa
There's an Ultra Wideband radio in the iPhone 11 and newer that isn't legal to use in all countries. Apple uses a location request sometimes just to determine if the device can legally run that radio or not.

>>ocdtre+Db
Thanks!

>>onedog+O
Presumably it could wait until someone actually asks for the phone's location in that case. No need to report the location if no one's asked for it.

>>mankyd+(OP)
> When the user is _not_ logged in

Does this matter? How many people do you know that aren't logged in on their phones? It is literally one the first things Android asks you to do even before showing you the main screen.

>>mankyd+(OP)
It doesn’t seem like they actually “collect” this information with any identifier and only use it for limited strict purposes. This is unlike google who can pop up a map of everywhere you’ve been minute by minute over the last 5 years. I guess that’s only when you’re logged in to your google account, but that’s 99% of Android phones.

>>ocdtre+Db
It's nice of you to accept Apple's calling it "radio" but UWB is radar technology. Newer iPhones have radar built into them to make their location tracking more precise. Most people don't understand (or can't understand) the details, which is why the semantic load of calling UWB "radar" instead of "radio" is important for conveying its intended purpose.

>>ocdtre+Db
If that's the case, they wouldn't need to report the location back to themselves, would they? The phone would simply check its coordinates, and turn it on or off.

>>mankyd+6j
I don’t think anyone is saying that iOS does report back to Apple (and I don’t think there is any evidence that iOS does this).

The original concern was caused because iOS would still activate location services and display the icon during these checks, even if you had turned location services off completely in settings.

>>mankyd+(OP)
> When the user is _not_ logged in, iOS collects "location" whereas Android does not.

This may be only technically true. It's not Android, it's Google Play Services, which collects "anonymized", high-accuracy[1] location data constantly.

[1] Yeah, that's actually a contradiction-in-terms. There is no such thing as anonymized, high-accuracy location data.

>>neura+o5
Once you’re signed in you stay signed in and you can’t sign out without authenticating. Resetting the phone doesn’t bypass this.

>>avianl+vk
That is exactly what the article is talking about.

>>livre+Fd
I didn’t think iOS even lets you past the welcome screen without signing in.

>>fapjac+th
The RA in RADAR stands for RAdio. It’s like saying “light pointer” instead of “laser pointer”. For most people the distinction is irrelevant.

>>Purple+Nn
iOS setup encourages you to sign in or create an account if necessary. Skipping is also an option.

>>scep12+u5
You are correct, Find My … only works if you’re signed in with an Apple ID to iCloud.

>>livre+Fd
I also found this to be an almost useless case to examine. The number of people not-logged-in must be infinitesimal.

>>mankyd+7n
I’m not sure which article your looking at, but neither the OP article, or the Kerbs article suggests that Apple is collecting location data derived from location services on a phone and sending it back to the mothership.

The OP article suggests that IP data from the uploads could be used to estimate location, and their table has a “location” column. But that column seems to be referencing the fact that iOS reports when location services are turned on and off, rather than a specific location derived from the phones sensors.

This is of course ignoring opt-in telemetry which is used to improve maps etc. Which obviously involves sending your location back to Apple.

>>mankyd+(OP)
What does login state have to do here? The controls for device analytics are available and controllable separately from any login state.

>>avianl+zw
> but neither the OP article, or the Kerbs article suggests that Apple is collecting location data derived from location services on a phone and sending it back to the mothership

That is literally what the OP article is saying. Apple phones home your gps location even if you don't sign in. That's the claim of the OP article (really the claim of the paper the article is quoting)

From the paper: "iOS sends the MAC addresses of nearby devices, e.g. other handsets and the home gateway, to Apple together with their GPS location. Currently there are few, if any, realistic options for preventing this data sharing."

>>doctor+aq
You didn't understand what I said. I have an amateur extra license, and do a lot of volunteer work proselytizing for ham radio, working at field days, etc. For most people, there is a semantic payload with "radio" which conveys "communication" versus "radar" which conveys "tracking" (I imagine any semantic vector map would demonstrate this is true). The distinction is relevant, especially in the context of "your phone manufacturer is using this to improve its ability to track you in realtime". The UWB which newer iPhones use is not used for communication, because these frequencies are not suitable for that (yet?) in the environment. UWB is used for localization. Maybe there is some marketing material claiming that they're working on using it for "communication" but not anything like the conventional radio(s) the phone uses for communication.

>>mankyd+6j
This appears to be the case. From the linked article:

> The management of Ultrawide Band compliance and its use of location data is done entirely on the device and Apple is not collecting user location data.