Slashdot Mirror

← Back to Stories (view on slashdot.org)

iOS 11's Misleading 'Off-ish' Setting For Bluetooth and Wi-Fi is Bad for User Security (eff.org)

Posted by msmash on from the things-apple-does dept.

Last month, we covered a story about how turning off Wi-Fi and Bluetooth in iOS 11's Control Center doesn't really turn off Wi-Fi and Bluetooth. EFF has called the situation bad for user security. From the report: Instead, what actually happens in iOS 11 when you toggle your quick settings to "off" is that the phone will disconnect from Wi-Fi networks and some devices, but remain on for Apple services. Location Services is still enabled, Apple devices (like Apple Watch and Pencil) stay connected, and services such as Handoff and Instant Hotspot stay on. Apple's UI fails to even attempt to communicate these exceptions to its users. It gets even worse. When you toggle these settings in the Control Center to what is best described as "off-ish," they don't stay that way. The Wi-Fi will turn back full-on if you drive or walk to a new location. And both Wi-Fi and Bluetooth will turn back on at 5:00 AM. This is not clearly explained to users, nor left to them to choose, which makes security-aware users vulnerable as well. The only way to turn off the Wi-Fi and Bluetooth radios is to enable Airplane Mode or navigate into Settings and go to the Wi-Fi and Bluetooth sections. When a phone is designed to behave in a way other than what the UI suggests, it results in both security and privacy problems. A user has no visual or textual clues to understand the device's behavior, which can result in a loss of trust in operating system designers to faithfully communicate what's going on.

10 of 162 comments (clear)

  1. "UI fails to even attempt to communicate..." by tk77 · · Score: 4, Informative

    Saying the UI doesn't communicate the differences is not entirely true. There is a visual difference in the control center between the radio being "on",m "disconnected" and "off".

    In the normal "compact" control center mode if the device is "disconnected", the icon is displayed with a gray background (blue background is "on"). If the device is "off" the icon has a cross through it. In the expanded view (tap and hold on a button will bring up the expanded view), it will actually say "on", "disconnected" and "off" based on the mode.

    I'm not saying this makes everything better, as the user would still have to know what the visual cue's mean. But to say that the UI fails to communicate this is not true.

    1. Re:"UI fails to even attempt to communicate..." by JohnFen · · Score: 3, Insightful

      I'm not saying this makes everything better, as the user would still have to know what the visual cue's mean. But to say that the UI fails to communicate this is not true.

      "Communication" is different from "signalling". "Communication" requires understanding on the part of the recipient, or it's not communication.

      If it isn't clear to the user what the color-coding means, then the UI is failing to communicate to the user.

  2. Re:We Know Better Than You by Anonymous Coward · · Score: 5, Funny

    It's unfortunate for Apple, because it means that only the duller customers will continue to trust Apple's judgment.

    And thus the perception of anyone using Apple products is "Oh, an Apple user. Here, take my handicapped parking spot, you poor thing."

  3. This isn't so hard people ... by seth_hartbecke · · Score: 4, Insightful

    The anti-apple hate here is just ... something else. Two stories on this, really?

    So, on iOS there is this control panel you can access when you swipe up from the bottom of the screen. In there is a WiFi logo, that is normally blue if you are connected to WiFi. If I tap it, it disconnects from the currently connected WiFi network. It's really nice for when I decide "hey, I don't want to access this NSFW thing while on the work WiFi" or "the hotspot in my Car (which has a different carrier then my cell phone)" is in a cellular dead spot and I need to disconnect from it. But when I come in range of another known network, the phone will associate with it again (like, when I get home and I'd like my phone using my home WiFi, I don't have to remember to turn it back on).

    When you do this you even get a blurb of text on the screen "Disconnecting from {wifi name}." NOT "I've powered the WiFi radios down."

    You still CAN actually power the WiFi radios down. You just have to go to Setting -> WiFi -> and flip the off switch. Now they are off, period.

    So yea, the button in the control panel really means: disconnect from this wifi network because I don't like it right now.

    Bluetooth does the same thing. Tapping that in the control center basically drops all connected devices. But two hours later when you turn your bluetooth headset on, it'll pair up just fine.

    Queue freakout.

    --
    END
    1. Re:This isn't so hard people ... by Aaden42 · · Score: 3, Informative

      For those people, there's the switch in Settings that won't turn itself back on. It's in the same place it's always been and does the some thing it's always done. This new switch that looks different in a new place does something different.

      You've always pushed a bright red switch on the right side of the panel to do a thing. One day there's a brand new orange switch on the left side, but the same bright red switch is still in the same place. Perhaps there's a chance the orange switch might do something different than the red one?

      For every time I've come home after a day in flaky WiFi land and forgot to turn WiFi back on until I've sucked down a bunch of LTE data, this is an improvement.

  4. Looks to be a copied "feature" from android by will_die · · Score: 3, Informative

    My samsung android has a similar feature I can turn off wifi but if I move to a new location it is turned back on. Like what happen just implemented you have to go into a deep menu and change that setting so off means off.

  5. Re:Does turning off the device work? by Aaden42 · · Score: 3, Informative

    You'll be waiting a long time for that. Myth Busted, and even the FAA has relaxed the requirement.

  6. Re:Does turning off the device work? by TheFakeTimCook · · Score: 4, Informative

    Since the battery can't be removed, I'm beginning to wonder if there is any way to turn off wifi AT ALL.

    Yes. Going to "Settings", WiFi , and flipping the "switch" will Turn it off (same with BT); and putting the phone in "Airplane Mode" does, too.

    The only place that it does a "Warm shut-off" is in the Control Panel. And Apple has an (IMHO quite reasonable) explanation as to why that is the case:

    http://www.idownloadblog.com/2...

  7. Re:You'll never know if your phone is off by TheFakeTimCook · · Score: 3, Informative

    Mic is always hot on an iPhone ever since they added "hey Siri" support and all audio recorded is almost certainly sent to Apple to help them train their voice AI. We know that with the iPhone X, the camera will also always be active and scanning for faces.

    Ever wondered why the battery life in new iPhones is so abysmal? Because it's always spying.

    You're dead wrong on the "Hey, Siri" thing. That is decoded ON-CHIP. That's why it required a new model iPhone (with a new SoC) when it was first announced.

  8. Re:You'll never know if your phone is off by TheFakeTimCook · · Score: 3, Informative

    Mic is always hot on an iPhone ever since they added "hey Siri" support and all audio recorded is almost certainly sent to Apple to help them train their voice AI. We know that with the iPhone X, the camera will also always be active and scanning for faces.

    Ever wondered why the battery life in new iPhones is so abysmal? Because it's always spying.

    Same thing for the FaceID. ALL done ON CHIP, in the Secure Enclave IC. NOTHING sent to Apple.

    NOTHING. Not even during "Enrollment". And no FaceID Data available outside of the Secure Enclave chip. They provide a low-res "face tracker" mesh to the outside for Apps to use; but nothing that approaches the resolution of the FaceID data.