Using the iOS API, any app can track the location without the user noticing.
Winguse, a former Microsoft engineer, has published on his blog the problem that by using the ``HotspotHelper API'' installed in iOS, any app can track the location in real time without the user's permission.
Apple allows applications to track user locations without authorization | Yingyu's Blog
Since iOS 9 released in 2015, iOS has been equipped with an API called 'HotspotHelper'. According to winguse, if you use HotspotHelper, you can get information about nearby Wi-Fi by writing code like the one below.
[code]import CoreLocation
import NetworkExtension
class LocationTrackingManager {
func setupHotspotHelper() {
// Request HotspotHelper capability
NEHotspotHelper.register(options: nil, queue: DispatchQueue.main) { (command) in
if let networkList = command.networkList {
for network in networkList {
// Access Wi-Fi network information (SSID/MAC address)
// Reference: https://developer.apple.com/documentation/networkextension/nehotspotnetwork
let ssid = network.ssid
let macAddress = network.bssid
// Perform location tracking logic with ssid and macAddress
self.trackLocation(withSSID: ssid, andMACAddress: macAddress)
}
}
}
}
func trackLocation(withSSID ssid: String, andMACAddress macAddress: String) {
// Understand user location using SSID and MAC address
}
}[/code]
Since most Wi-Fi access points do not change their location after installation, it is possible to determine the user's location by performing triangulation based on information such as 'which Wi-Fi access points are nearby.' , APIs for identifying location from Wi-Fi access point information are provided by Precisely , Google , etc.
When you use a combination of the HotspotHelper API and a third-party API to track a user's location, you can track the user without displaying the fact that their location is being used, or refuse to be tracked by the original location API . It is possible to track the location of users. Furthermore, there was no setting to disable the HotspotHelper API at the time of article creation, leading to the problem of not being able to refuse tracking.
winguse noticed this issue in 2021 and sent an email to Apple, but received a reply saying, ``Apple will investigate this issue and take appropriate action.'' Since then, no information has been received. That's what he said.
winguse says, ``Similar to other privacy settings such as location and notifications, users should have the option to disable the HotspotHelper API.'' At the same time, when apps access the HotspotHelper API, users should They argued that permission should be required.
Related Posts:
