https://wingu.se/2023/11/30/only-apple-can-do-allow-apps-tracking-users-location-without-consensus.html Yingyu's Blog [ ] About Apple allows applications to track user locations without authorization Nov 30, 2023 Zhong Wen Zai Ying Wen Wen Mo Apple asserts itself as a champion of user privacy; however, this claim will be proven untrue in this article. For almost a decade, Apple allowed apps had the capability to track users' locations without affording them the option to disable this feature or even raising awareness about it. And this is "ONLY APPLE CAN DO"! The HotspotHelper API in Action Since the introduction of iOS 9 in 2015, Apple has included an API call named "HotspotHelper," enabling developers to request a capability for their apps to assist the system in connecting to WiFi access points. Let's delve into how this API works with a simplified code snippet: import CoreLocation import NetworkExtension class LocationTrackingManager { func setupHotspotHelper() { // Request HotspotHelper capability NEHotspotHelper.register(options: nil, queue: DispatchQueue.main) { (command) in if let networkList = command.networkList { for network in networkList { // Access WiFi network information (SSID, MAC address) // see: https://developer.apple.com/documentation/networkextension/nehotspotnetwork let ssid = network.ssid let macAddress = network.bssid // Perform location tracking logic with ssid and macAddress self.trackLocation(withSSID: ssid, andMACAddress: macAddress) } } } } func trackLocation(withSSID ssid: String, andMACAddress macAddress: String) { // Your location tracking logic goes here // Use the ssid and macAddress to determine user location } } This snippet demonstrates how developers can utilize the HotspotHelper API to register for WiFi network information. The trackLocation method showcases the potential for extracting data that can be used for location tracking. The Privacy Dilemma The real cause for concern arises from the fact that, with access to such information, apps can effectively track a user's location. This is based on the premise that most WiFi access points remain stationary after deployment, providing a consistent reference for triangulating a user's whereabouts. Public API avalible such as Precisely Location By Wi-fi Access Point, Google's Geolocation API. While the intentions behind HotspotHelper may be rooted in facilitating seamless connectivity, the unintended consequence of potential location tracking without explicit user consent raises eyebrows in the ongoing privacy debate. This capability is activated whenever the user's device scans nearby WiFi access points, extending beyond explicit user engagement with the system settings to include instances where the device is locked in someone's pocket. The system will initiate the registered app with this API, enabling the app to retrieve nearby SSIDs and their MAC addresses and transmit this information to the server side. Consequently, if the app developer wishes, they possess the capability to nearly real-time track the user's location. Importantly, users remain unaware of this process occurring on their screens, and they lack the option to disable it. On the other hand, almost all the users doesn't know the App has this feature and they don't need/use this feature to help their lives. But again, they have no choice, their devices has to launch the App and submit near by WiFi info to the developers of the App. Global Impact: WeChat and Alipay Adding another layer to the discussion is the fact that major apps like WeChat and Alipay have already implemented this capability. These two apps are ubiquitous in mainland China, touching almost every aspect of people's lives. The widespread use of these applications in a densely populated region intensifies the implications of location tracking without user consent. A compelling debate could center around whether WeChat and/or Alipay function as responsible citizens in the app world, asserting that their data collection aims solely at enhancing user experience and facilitating seamless connections to nearby WiFi. Nevertheless, the opaque server-side logic embedded in their code raises questions. Could it be that once again, "ONLY APPLE CAN DO" in terms of ensuring transparency and accountability? Apple's "response" In reality, I discovered this issue approximately two years ago and created a video on Bilibili (a Chinese alternative to YouTube) discussing the matter. However, it has only very limited public awareness. I also brought this concern to Apple's attention and received an email response, but as of now, there has been no further update on the matter. Apple email response regarding HotspotHelper Conclusions I strongly advocate for Apple to offer users the option to disable this feature, akin to other privacy settings such as location and notifications. Apps should explicitly seek permission before accessing this feature, ensuring users have the ability to grant or deny access while using the app. As the conversation around digital privacy continues to evolve, Apple finds itself navigating the fine line between innovation and safeguarding user data. The question remains: can Apple maintain its commitment to privacy while addressing concerns raised by the HotspotHelper feature? Only time will tell how this controversial aspect fits into Apple's broader privacy narrative. Credit: This article was written with the assistance of ChatGPT for the purpose of refining my English writing. --------------------------------------------------------------------- Ping Guo Gong Si Zi Xu Wei Yong Hu Yin Si De Han Wei Zhe ,Ran Er Zhe Bing Fei Shi Shi . Zai Jin Shi Nian De Shi Jian Li ,Ping Guo Yun Xu Ying Yong Cheng Xu Ju Bei Gen Zong Yong Hu Wei Zhi De Neng Li ,Er Bu Ti Gong Guan Bi Ci Gong Neng Huo Yin Qi Yong Hu Dui Ci De Guan Zhu De Xuan Xiang . Er Qie Zhe Shi [Zhi You Ping Guo Ke Yi Zuo Dao De ] (Only Apple Can Do)! HotspotHelper API De Shi Li Dai Ma Zi 2015 Nian iOS 9 Tui Chu Yi Lai ,Ping Guo Yi Jing Bao Han Liao Yi Ge Ming Wei [HotspotHelper] De API Diao Yong ,Shi Kai Fa Ren Yuan Neng Gou Qing Qiu Qi Ying Yong Cheng Xu Xie Zhu Xi Tong Lian Jie Dao WiFi Jie Ru Dian De Neng Li . Rang Wo Men Shen Ru Liao Jie Zhe Ge API Shi Ru He Yu Yi Ge Jian Hua De Dai Ma Pian Duan Yi Qi Gong Zuo De : import CoreLocation import NetworkExtension class LocationTrackingManager { func setupHotspotHelper() { // Qing Qiu HotspotHelper Neng Li NEHotspotHelper.register(options: nil, queue: DispatchQueue.main) { (command) in if let networkList = command.networkList { for network in networkList { // Fang Wen WiFi Wang Luo Xin Xi (SSID, MAC Di Zhi ) // Can Jian :https://developer.apple.com/documentation/networkextension/nehotspotnetwork let ssid = network.ssid let macAddress = network.bssid // Shi Yong ssid He macAddress Zhi Xing Wei Zhi Gen Zong Luo Ji self.trackLocation(withSSID: ssid, andMACAddress: macAddress) } } } } func trackLocation(withSSID ssid: String, andMACAddress macAddress: String) { // Ni De Wei Zhi Gen Zong Luo Ji Zai Zhe Li // Shi Yong ssid He macAddress Que Ding Yong Hu Wei Zhi } } Zhe Ge Pian Duan Yan Shi Liao Kai Fa Ren Yuan Ru He Li Yong HotspotHelper API Zhu Ce WiFi Wang Luo Xin Xi . trackLocation Fang Fa Zhan Shi Liao Ti Qu Ke Yong Yu Wei Zhi Gen Zong De Shu Ju De Qian Li . Yin Si Kun Jing Zhen Zheng Yin Qi Guan Zhu De Yuan Yin Zai Yu ,You Liao Zhe Yang De Xin Xi Fang Wen Quan Xian ,Ying Yong Cheng Xu Ke Yi You Xiao Di Gen Zong Yong Hu De Wei Zhi . Zhe Shi Ji Yu Zhe Yang Yi Ge Qian Ti ,Ji Da Duo Shu WiFi Jie Ru Dian Zai Bu Shu Hou Bao Chi Bu Dong ,Wei San Jiao Ding Wei Yong Hu Wei Zhi Ti Gong Liao Yi Ge Yi Zhi De Can Kao . Gong Kai De API Bao Gua Precisely De Wi-fi Jie Ru Dian De Zhun Que Wei Zhi , Google De Geolocation API. Jin Guan HotspotHelper De Chu Zhong Ke Neng Shi Cu Jin Wu Feng Lian Jie ,Dan Qian Zai De Wei Jing Yong Hu Ming Shi Tong Yi De Wei Zhi Gen Zong De Yi Wai Hou Guo Ying Zai Chi Xu De Yin Si Bian Lun Zhong Yin Qi Guan Zhu . Zhe Yi Gong Neng Zai Yong Hu She Bei Sao Miao Fu Jin WiFi Jie Ru Dian Shi Ji Huo ,Chao Chu Liao Yong Hu Ming Que Yu Xi Tong She Zhi Hu Dong De Qing Kuang ,Huan Bao Gua She Bei Bei Suo Zai Kou Dai Li De Qing Kuang . Xi Tong Jiang Shi Yong Ci API Qi Dong Zhu Ce De Ying Yong Cheng Xu ,Shi Ying Yong Cheng Xu Jian Suo Fu Jin De SSID He Ta Men De MAC Di Zhi ,Bing Jiang Ci Xin Xi Chuan Shu Dao Fu Wu Qi Duan . Yin Ci ,Ru Guo Ying Yong Cheng Xu Kai Fa Ren Yuan Xi Wang ,Ta Men Jiu Ke Yi Ji Hu Shi Shi Gen Zong Yong Hu De Wei Zhi . Zhong Yao De Shi ,Yong Hu Dui Qi Ping Mu Shang Fa Sheng De Ci Guo Cheng Hao Bu Zhi Qing ,Bing Qie Ta Men Wu Fa Jin Yong Ta . Ling Yi Fang Mian ,Ji Hu Suo You Yong Hu Du Bu Zhi Dao Ying Yong Cheng Xu Ju You Ci Gong Neng ,Ta Men Bu Xu Yao /Shi Yong Ci Gong Neng Lai Bang Zhu Ta Men De Sheng Huo . Dan Zai Ci ,Ta Men Bie Wu Xuan Ze ,Ta Men De She Bei Bi Xu Qi Dong Ying Yong Cheng Xu Bing Jiang Fu Jin De WiFi Xin Xi Ti Jiao Gei Ying Yong Cheng Xu De Kai Fa Ren Yuan . Shi Jie Fan Wei De Ying Xiang :Wei Xin He Zhi Fu Bao Tao Lun De Ling Yi Ge Ceng Mian Shi Wei Xin He Zhi Fu Bao Deng Zhu Yao Ying Yong Yi Jing Shi Shi Liao Zhe Yi Gong Neng . Zhe Liang Ge Ying Yong Zai Zhong Guo Da Lu Wu Chu Bu Zai ,Ji Hu Hong Ji Ren Men Sheng Huo De Fang Fang Mian Mian . Zhe Xie Ying Yong Zai Ren Kou Mi Ji Di Qu De Yan Fan Shi Yong Jia Ju Liao Wei Jing Yong Hu Tong Yi De Wei Zhi Gen Zong De Ying Xiang . Yi Ge Ke Neng You Li De Kang Bian Ke Neng Hui Shuo ,Wei Xin He /Huo Zhi Fu Bao Shi Zai Ying Yong Cheng Xu Shi Jie Zhong You Ze Ren Gan De Gong Min ,Ta Men De Shu Ju Shou Ji Mu De Jin Zai Yu Zeng Qiang Yong Hu Ti Yan He Cu Jin Yu Fu Jin WiFi De Wu Feng Lian Jie . Ran Er ,Wo Men Wu Fa Shen Cha Ta Men Fu Wu Qi Duan De Dai Ma ,Wo Men Wu Cong De Zhi Cong Wo Men She Bei Fa Song Chu Qu De Shu Ju Ta Men Hui Zen Yao Chu Li . Nan Dao Zai Ci Ke Yi Shuo ,[Zhi You Ping Guo Ke Yi Zuo Dao De ] ( Only Apple Can Do)Que Bao Ta Men De Tou Ming Du He Fu Ze Ren Ma ? Ping Guo De [Hui Ying ] Shi Ji Shang ,Wo Da Yue Liang Nian Qian Fa Xian Liao Zhe Ge Wen Ti ,Bing Zai Bi Li Bi Li Shang Chuang Jian Liao Yi Ge Shi Pin Lai Tao Lun Zhe Ge Wen Ti . Ran Er ,Ta De Gong Zhong Ren Zhi Fei Chang You Xian . Wo Huan Ba Zhe Ge Wen Ti Dai Gei Liao Ping Guo De Zhu Yi ,Bing Shou Dao Liao Yi Feng Dian Zi You Jian Hui Fu ,Dan Jie Zhi Mu Qian ,Dui Ci Shi Bing Mei You Jin Yi Bu De Geng Xin . Ping Guo Guan Yu HotspotHelper De Dian Zi You Jian Hui Ying Xiao Jie Wo Qiang Lie Zhu Zhang Ping Guo Xiang Yong Hu Ti Gong Jin Yong Ci Gong Neng De Xuan Xiang ,Lei Si Yu Qi Ta Yin Si She Zhi ,Ru Wei Zhi He Tong Zhi . Ying Yong Cheng Xu Zai Fang Wen Ci Gong Neng Zhi Qian Ying Ming Que Qing Qiu Quan Xian ,Que Bao Yong Hu Zai Shi Yong Ying Yong Cheng Xu Shi Ju You Shou Yu Huo Ju Jue Fang Wen De Neng Li . Sui Zhao Shu Zi Yin Si Tao Lun De Bu Duan Fa Zhan ,Ping Guo Hui Fa Xian Zi Ji Zai Chuang Xin He Bao Hu Yong Hu Shu Ju Zhi Jian De Zhai Feng Zhong Hang Xing . Wen Ti Reng Ran Shi :Ping Guo Shi Fou Xi Wang Zai Jie Jue HotspotHelper Gong Neng Yin Qi De Dan You De ,Bao Chi Dui Yin Si De Cheng Nuo ?Zhi You Shi Jian Neng Gao Su Wo Men Zhe Chong Zhi Yong Hu Yin Si Bu Gu De Xing Wei , Hui Ru He Rong Ru Dao Ping Guo Hong Da De Yin Si Xu Shi Zhong . Zhi Xie :Ben Wen Shi Zai ChatGPT De Xie Zhu Xia Xie Cheng ,Mu De Shi Wan Shan Wo De Ying Yu Xie Zuo . Please enable JavaScript to view the comments powered by Disqus. Yingyu's Blog * Yingyu's Blog * github@winguse.com * winguse * winguse * winguse This is Yingyu's blog hosted on Github.