Source: Forbes
Apple’s iOS 13 has only just launched, but a nasty location privacy bug has been discovered.
SOPA Images/LightRocket via Getty Images
Apple’s iOS 13 launched last week with a host of new security and privacy features. However, as can be typical with a new operating system (OS) releases, Apple is still ironing out some bugs. Also, the OS contains a security flaw that allows users to bypass the lock screen and gain access to contact information.
Yesterday, I wrote about how iOS 13 lets iPhone users control how apps such as Google and Facebook track your location. But you might not be able to use this on all apps just yet: The updated OS has a nasty location privacy bug, according to a Fast Company article.
Specifically, it seems iOS 13 isn’t respecting the location privacy settings for certain apps. Fast Company posted a video, showing how the OS would not accept a “Never” access location command, instead of changing it back to “Ask Next Time.”
The bug, which affects apps including Facebook, appears to be iOS 13 specific, rather than app-specific. It does not impact all apps in iOS 13.
How serious is the Apple iOS 13 location privacy bug?
It’s not ideal, but the bug is being fixed pretty quickly. It has already been reported to Apple, which should be fixing the issue along with other problems tomorrow (September 24), when it releases iOS 13.1.
“People that deliberately don’t give Facebook access to their location, which might be a very wise decision, will not be amused,” says ethical hacker John Opdenakker. But he points out that “bugs like this can happen” and “it’s good to see that Apple will release iOS 13.1 which will contain a fix for this bug on Tuesday.”
“While this bug isn’t great at the point of launching a brand new version of the OS, it won’t be the only bug,” points out security researcher Mike Thompson. He says Apple acknowledging and issuing a patch in a short timescale should be seen as a positive. “They recognize it is serious enough to fix fast and is doing so. There are far worse bugs out there in mobile devices, many of which are no doubt being exploited and the manufacturers and customers don’t yet know about.”
Security researcher Sean Wright agrees: “Unfortunately, new software is always likely to have issues. It’s important to call out that in this case, it appears to have been unintentional and it’s being addressed quickly.”
Apple iOS 13 location privacy bug: What to do
So what should you do? Firstly, it’s a bug, and there is no need to panic. “It will be fixed, perhaps in a matter of hours,” says Wright. “Also, you are being prompted every time you launch the app, which is an annoyance, but it is important to note that it is not defaulting to sharing your location.”
If you haven’t upgraded to iOS 13 yet, it’s probably better to wait until tomorrow when this and several other fixes will be applied. If you’ve already installed the updated OS, make sure you update to iOS 13.1 as soon as it’s released.
Thanks very nice blog!