The discovery is not from today but dates back to two years ago, when a Chinese researcher discovered what appears to all intents and purposes to be a “lightness” still present in iOS, capable of significantly impacting the user privacy. In his brief technical analysis, the expert highlights that the iOS applications they can establish the position of users, with truly remarkable precision, without them being in any way aware or informed. The scholar reported the problem to Apple technicians some time ago and made the issue public at the end of November 2023. However, the “bomb” only exploded now.
How iOS apps can geolocate users without informing them
In another article we saw how it is possible to carry out IP geolocalization or how establish the location of users starting from the public IP address assigned to them.
Among the solutions for GPS positioning, there are also those based on the verification of hotspot WiFi present in the vicinity of users. By examining the data relating to SSID (identifying names) and the MAC addresses of neighboring wireless hotspots, it is possible to estimate with a reasonable approximation where is it any one user.
Since SSIDs do not change frequently and it is possible triangulate information shared by multiple WiFi access points, it was quite easy to compose global databases such as Precisely Location By Wi-fi Access Point and Google’s Geolocation API. Both allow you to estimate the position of users based on the WiFi hotspots that their devices “see”, perhaps by combining assessments on the signal strength detected in real time.
L’API HotspotHelper of Apple: why it is “delicate”
With the release of iOS 9 in 2015, Apple made the API available HotspotHelper to developers. It allows programmers to build apps that can interact with the hotspot management Wi-Fi and offer a more personalized user experience.
HotspotHelper offers features such as the ability to suggest WiFi networks, manage automatic connections and provide detailed information on available networks. Developers can use this API to improve the automation and customization of WiFi connections within their applications.
The sample code published by the Asian researcher demonstrates how the API in question allows developers to achieve information about WiFi networks, such as the SSID and MAC address. By collecting this data, it is actually possible track the user’s location without his consent and without his being aware of it in any way.
Automatic activation and use by known apps
The researcher explains that the API HotspotHelper it also activates every time the iOS device makes a scanning WiFi networks present nearby. This can also happen when the iPhone it is in your pocket or is blocked.
According to the expert’s findings, very popular applications (for example WeChat e Be happy) would already be using the API HotspotHelper raising privacy concerns.
At the conclusion of his analysis, despite having repeatedly urged Apple to take charge of the problem, the company led by Tim Cook would not have applied significant changes with the situation remaining substantially unchanged for years now.