Using only Apple’s official diagnostic tools (Console.app) on a clean, non-jailbroken iPhone 14 Pro Max, the following issues were observed:
System daemons silently initiate Bluetooth Low Energy (BLE) scans without app activity or user interaction.
GPS location harvesting occurs with no prompts, indicators, or active apps.
Internal frameworks bypass Apple’s Transparency, Consent, and Control (TCC) protections using undocumented flags.
Bluetooth trust metadata (e.g., IRKs, pairing history) is exposed even when devices are disconnected.
Cryptographic failures are silently ignored during trust operations.
These behaviors suggest an integrated telemetry pipeline that operates beneath iOS’s user-facing privacy model.
The full report includes logs, technical breakdowns, and reproduction steps.
internet2000 · 2h ago
Isn't it support for the Find My network?
ComputerGuru · 2h ago
The logical deduction would be that it's not, given that the Find My network has been rolled out for some time and this is new behavior.
iancarroll · 2h ago
There is no evidence here that this is new behavior, or evidence of the claims at all aside from random log messages…
kulahan · 2h ago
That doesn’t logically follow, because it could be for an upgrade, so the existence of this stuff previously has no relevance.
like_any_other · 1h ago
> GPS location harvesting
What does "harvesting" mean? Does the data stay on the device, or is it sent to Apple?
iancarroll · 2h ago
Looks like garbage "vulnerabilities" generated by ChatGPT from a random sample of log messages. None of it looks even remotely substantiated and I have no idea how this made it to the front page so quickly.
stackskipton · 2h ago
What is this report supposed to show? System level Daemons have low level access or iPhone, unlocked and having trusted the hardware I assume, can be made to reveal data? This reads like someone asked AI about debugging iPhone using their laptop, dug into some system daemons and wrote up a report acting like sky is falling when it's expected behavior. UID 0 can bypass file permissions, alert kernel developers!
Real question is, can other iOS applications trigger this data leaking behavior or can untrusted MacOS devices do this as well?
kyriakos · 2h ago
Not the first company to do this, if it's intentional it just follows the industry resetting user preferences to the favourable "defaults"
roscas · 2h ago
Reminds me of Facebook "bug" that was turning the camera on and sending them pics or movies... people find out, they "fix" that right to the next version where the "bug" appears again...
dotancohen · 2h ago
Can you tell us more?
exabrial · 2h ago
Really thinking about switching to Graphene as "Privacy, thats not iPhone" is now a thing.
Someday hoping some billionaire decides to start a "third" operating system that is simple enough to be maintained by an OSS foundation.
politelemon · 1h ago
It never was, but our echo chamber here had us convinced it was. Privacy is when you control your data, not give up your data to someone else in the hopes they will.
burnt-resistor · 1h ago
There's no clear evidence and no write-up. This comes across as crying wolf.
jeffbee · 2h ago
From what I've seen lately, you're the only person who thinks it is surprising that an iphone sometimes turns on the Bluetooth radio.
arcanemachiner · 2h ago
Is this fixed in iOS 18.6?
roscas · 2h ago
Fixed? LOL! It's like asking if Android VPN makes all connections go on the VPN, but no, just like Windows... you do have to expect zero privacy respect
brookst · 2h ago
Cynicism is not insight.
wslh · 1h ago
We humans are the jailbroken ones.
nickphx · 2h ago
well.. apple needs to power their 'find my device' network somehow.. no?
politelemon · 1h ago
This is unrelated.
tacker2000 · 2h ago
At this point it doesnt really matter if its Apple, microsoft or google, etc..
These big tech co’s will harvest whatever is possible since user data equals hard cash and they will try and do it until they get found out, but even then it could take years until they actually get stopped or fined.
Its still the wild west out there since governments are so extremeley slow to react and they know that.
Also, Apples posturing as being the “privacy leader” doesnt mean anything anymore at this point.
System daemons silently initiate Bluetooth Low Energy (BLE) scans without app activity or user interaction.
GPS location harvesting occurs with no prompts, indicators, or active apps.
Internal frameworks bypass Apple’s Transparency, Consent, and Control (TCC) protections using undocumented flags.
Bluetooth trust metadata (e.g., IRKs, pairing history) is exposed even when devices are disconnected.
Cryptographic failures are silently ignored during trust operations.
These behaviors suggest an integrated telemetry pipeline that operates beneath iOS’s user-facing privacy model. The full report includes logs, technical breakdowns, and reproduction steps.
What does "harvesting" mean? Does the data stay on the device, or is it sent to Apple?
Real question is, can other iOS applications trigger this data leaking behavior or can untrusted MacOS devices do this as well?
Someday hoping some billionaire decides to start a "third" operating system that is simple enough to be maintained by an OSS foundation.
These big tech co’s will harvest whatever is possible since user data equals hard cash and they will try and do it until they get found out, but even then it could take years until they actually get stopped or fined.
Its still the wild west out there since governments are so extremeley slow to react and they know that.
Also, Apples posturing as being the “privacy leader” doesnt mean anything anymore at this point.