Apple Maps Bug Likely Allowed Apps to Collect Location Data

Recently released iOS 16.3 has fixed an Apple Maps security bug that may have allowed some apps to collect user location data without permission, 9to5Mac reports.

Apple mapsg

Last week, Apple released iOS 16.3 and iPadOS 16.3 with a bunch of new features including:

  • Support for physical security keys as part of the two-factor authentication sign in
  • New Unity wallpaper honors Black history and culture in celebration of Black History Month
  • Support for HomePod (2nd generation)
  • Emergency SOS calls now require holding the side button with the up or down volume button and then releasing

While the release notes did not mention it, iOS 16.3 also fixes an Apple Maps bug that could have been exploited by countless apps.

According to journalist Rodrigo Ghedin, iFood Brazilian food delivery app was found to be accessing a user’s location in iOS 16.2 even when the user denied the app all location access.

A reader of Manual do Usuário (my Portuguese-written blog) noticed the glitch/bug while using iOS 16.2.

iFood, Brazilian largest food delivering app evaluated at USD 5.4 billion, was accessing his location when not open/in use, bypassing an iOS setting that restrict an app’s access to certain phone’s features. Even when the reader completely denied location access to it, iFood’s app continued to access his phone’s location.

As for how long has this vulnerability existed, it remains unknown at this time as Apple has not yet officially commented on the matter.