Apple Tramples on User Security by Introducing Misleading “Off-ish” Settings

Author Photo
Oct 6
28Shares
Submit

Apple introduced a confusing “feature” with its latest iOS 11 where toggling Bluetooth and Wi-Fi off in the Control Center doesn’t actually disable them completely. You need to go to Settings to completely turn them off. The move has been criticized by users, but now a digital rights group has called on the company for creating potential security problems for its users.

Here’s how the new wireless settings in the Control Center work according to the Cupertino tech giant:

ios-11-1-mainRelatediOS 11.1 Beta 4 Released – Download Now

In iOS 11 and later, when you toggle the Wi-Fi or Bluetooth buttons in Control Center, your device will immediately disconnect from Wi-Fi and Bluetooth accessories. Both Wi-Fi and Bluetooth will continue to be available, so you can use these important features:

AirDrop, AirPlay, Apple Pencil, Apple Watch, Continuity features, like Handoff and Instant Hotspot, Instant Hotspot, Location Services

iOS 11 not only makes it difficult for a user to switch these connections off, but also turns them back on at 5am local time.

“iOS 11’s Misleading “Off-ish” Setting for Bluetooth and Wi-Fi is Bad for User Security”

The Electronics Frontier Foundation (EFF) has said (via Tom’s HW) that the move is misleading and bad for user security. Turning off Wi-Fi and Bluetooth when not in use is considered good security practice, not to forget we see this as a tip in almost every guide on getting the most out of your phone’s battery.

This design behavior is not only a security threat and a potential battery issue, but also a problem even for security-conscious users who instinctively rely on swiping up the Control Center to toggle them off without realizing that they haven’t actually turned Wi-Fi or Bluetooth off.

ios-11-screen-mirroring-3RelatedScreen Mirroring in iOS 11 – How to Use it on iPhone or iPad

“When a phone is designed to behave in a way other than what the UI suggests, it results in both security and privacy problems. A user has no visual or textual clues to understand the device’s behavior, which can result in a loss of trust in operating system designers to faithfully communicate what’s going on. Since users rely on the operating system as the bedrock for most security and privacy decisions, no matter what app or connected device they may be using, this trust is fundamental.” – EFF

The EFF has called this an attempt on Apple’s part to keep users “connected to Apple devices and services” that has been done at the risk of compromising user security. In its support document, Apple has actually recommended users keep Wi-Fi and Bluetooth turned on for the best experience on an iOS device, disregarding several security threats that such a recommendation brings with it.

The move isn’t justified because the company could have added a new toggle in the Settings that would have let users have this new “off-ish” control for their Apple devices and services, instead of replacing a feature that has been used for years to easily toggle on and off Bluetooth and WiFi connections throughout different mobile operating systems.

Apple, while winning over its users for fighting a battle with the FBI last year for protecting user privacy, has come up in several such incidents this year where it has completely disregarded user security and choice, including bowing to the Chinese government for removing some VPN apps from its local App Store, for which it’s facing questions from the UN. Last night, a security researcher also revealed how Apple gave Uber access to a sensitive API through which the ride-hailing company was potentially able to record screens of its iPhone users.

Amid growing security threats and an online ecosystem where we don’t read privacy agreements before agreeing to them or learn about new security features, removing the long-established behaviors that users have gotten used to poses a serious security concern.

“Such a loophole in connectivity can potentially leave users open to new attacks,” the EFF wrote. “It’s simply a question of communicating better to users, and giving them control and clarity when they want their settings off – not ‘off-ish’.”

Submit