Apple Maps has a privacy bug that allows the app to collect location data without user permission. Apple has fixed this bug in the latest iOS 16.3 update.
According to Brazilian journalist Rodrigo Ghedin, the local delivery app iFood can still use the bug to track users’ locations in iOS 16.2, even if they turn off the app’s access to their locations.
iFood is the largest takeaway app in Brazil, with a company valuation of $5.4 billion. After the app turned off access to its location, the iFood app was still able to get users’ location information.
Arstechnica security writer Dan Goodin asks a number of questions: How long has this vulnerability existed? What other apps have exploited it? How much location data has been collected using it?
There may be many other apps that have not yet been exposed that use this bug to track users’ location information, so we recommend that iPhone users into iOS 16.3 as soon as possible to prevent apps from using this bug to track you.
