Apple Maps, no app has bypassed the privacy controls

Apple Maps, no app has bypassed the privacy controls. Apple has resolved with iOS 16.3 and other updates of its operating systems a potential vulnerability related to privacy (the ability to know the user’s location) and after investigations into some allegations that had been circulating in the past few days, the company has come to the conclusion that no app took advantage of the flaw.

Apple files another patent to add a camera to the Apple Watch

On February 1, a rumor circulated that a vulnerability in Apple’s Maps app could allow other apps to bypass user-activated privacy settings.

A blogger reportedly spotted a company exploiting the vulnerability, quoting a reader of his that a local company was tracking its location with iOS 16.2.

The app to which the blogger was referring is called iFood, indicated as being able to track the user’s position, even against his will. No evidence of app tracking had been provided but the rumors were evidently enough for Apple to investigate.

On Friday 10 February, Apple communicated to various US newspapers and sites that it is risk-free and that no app circumvents the privacy controls set by the user.

“At Apple, we strongly believe that users should be able to choose when and with whom they share their data. Last week, we issued an advisory for a privacy vulnerability that could be exploited by apps running without the macOS sandboxing mechanism turned on. The code behind the fix was shared with iOS, iPadOS, tvOS, and watchOS, and then the fix and security content alert was propagated for these operating systems as well, although they were never at risk,” he said. Apple press release.

And again: “The insinuation that this vulnerability could have allowed apps to bypass user-selected privacy settings on the iPhone are false”.

Apple still refers to “a report that incorrectly indicates an iOS app that exploits this vulnerability or other vulnerabilities to bypass user settings to obtain location data. Our investigations conclude that the app does not bypass user controls through any mechanism.”

Leave a Reply