The Brazilian journalist Rodrigo Ghedin reported earlier this month that Apple Maps has a privacy bug that allows the app to collect location data from users without their knowledge or permission.
There is no indication that any app has exploited the vulnerability so far, however Apple has fixed the issue in the latest iOS 16.3 update, and Apple released a statement on Friday to AppleInsider and other tech media saying there is no evidence that any app has exploited it so far.
It has been confirmed that iOS has never been at risk and that the iFood delivery app, which was mentioned in the report, did not circumvent any privacy settings that users had set for themselves.
READ MORE: A Concept From OnePlus at MWC 2023 – What to Expect?
“Apple has always believed that the right to know when to share data and with whom to share it should be in the hands of the user. We issued a privacy vulnerability advisory last week that only non-sandboxed apps on macOS could exploit. We then shared the code base to iOS and iPadOS, tvOS and watchOS, so the fixes and recommendations cover those operating systems as well, except they were never at risk. The claim that this vulnerability could allow apps to bypass user controls on the iPhone is false. One report also incorrectly implied that an iOS app was exploiting this or another vulnerability to bypass user control over location data. Our follow-up investigation concluded that the app was not circumventing user controls through any mechanism.”
Rodrigo Ghedin, a Brazilian journalist, reports that the local delivery app iFood is taking advantage of the iOS 16.2 bug to track users’ locations, even when they disable the app’s access to their location in the app preferences.
