Apple says its ultra wideband technology is why newer iPhones appear to share location data, even when the setting is disabled

This week, security reporter Brian Krebs asked why the newest iPhone 11 Pro appeared to be sending out a user’s location even when the user disabled Location Services in their phone’s settings, in conflict with Apple’s privacy policy and the express wishes of the user.

Apple told Krebs it was “expected behavior” and that there were no security implications, but failed to assuage fears of a location-leaking bug.

Krebs came to a logical conclusion. “It seems they are saying their phones have some system services that query your location regardless of whether one has disabled this setting individually for all apps and iOS system services,” he wrote.

He wasn’t wrong. The technology giant now has an explanation — two days after Krebs’ article went up and more than half a day after the company declined to comment on the matter.

Newer iPhones — including the iPhone 11 Pro which Krebs used — come with ultra wideband technology, which Apple says gives its newer handsets “spatial awareness” to understand where other ultra wideband devices are located. Apple only advertises one such use for this technology — users wirelessly sharing files over AirDrop — but it’s believed it may become part of the company’s highly anticipated upcoming “tag”-locating feature, which has yet to be announced.

“Ultra wideband technology is an industry standard technology and is subject to international regulatory requirements that require it to be turned off in certain locations,” an Apple spokesperson told TechCrunch. “iOS uses Location Services to help determine if an iPhone is in these prohibited locations in order to disable ultra wideband and comply with regulations.”

“The management of ultra wideband compliance and its use of location data is done entirely on the device and Apple is not collecting user location data,” the spokesperson said.

That seems to back up what experts have discerned so far. Will Strafach, chief executive at Guardian Firewall and iOS security expert, said in a tweet that his analysis showed there was “no evidence” that any location data is sent to a remote server.

Apple said it will provide a new dedicated toggle option for the feature in an upcoming iOS update.

But Strafach, like many others, questioned why Apple hadn’t explained the situation better to begin with.

Apple could have said something days ago, immediately squashing rumors with a simple explanation. But it didn’t. That absence of explanation only welcomed speculation. Credit to Krebs for reporting the matter. But Apple’s delayed response made this a far bigger issue than it ever had to be.