Not sure I see much of a story here. Turning off location services globally works as expected, but turning off location services app-by-app lets the system itself still utilize location services (for unknown system things):
“We do not see any actual security implications,” an Apple engineer wrote in a response to KrebsOnSecurity. “It is expected behavior that the Location Services icon appears in the status bar when Location Services is enabled. The icon appears for system services that do not have a switch in Settings” [emphasis added].
I don't think it's a major issue, but I think it's a reasonable expectation that turning off all services one-by-one will result in no services using your location.
> turning off location services app-by-app lets the system itself still utilize location services
I think this is a mischaracterisation. The menu allows you to turn off access to system services individually as well, it's not just a menu for disabling app access case-by-case. That there are some system services which don't have a toggle, while others do, is unexpected.
Ahh I didn't catch that last bit. Individually disabling "system services" in location services doesn't disable ALL system services. Yeah that's confusing/should be changed.
The way I would expect this to work is that there's a system service that just generates location data and handles things like GPS radio driver communications and such, which provides an API for everything else to get location data from it.
Everything else would have a setting to enable them to access that API, including any other system services that use location data to do anything. So the icon saying Location Services are enabled would literally just be saying "yep, this phone is communicating to GPS satellites and calculating it's location". I don't know if that's actually how this works though.
> So the icon saying Location Services are enabled would literally just be saying "yep, this phone is communicating to GPS satellites and calculating it's location". I don't know if that's actually how this works though.
What would be the point of showing that indicator then? GPS is a passive system; there's no communication happening, just reception. The interesting case is whenever someone tries to access the location data.
> there's no communication happening, just reception.
Erm... In practice that's not quite true for many devices, depending on your definition of communication and the relevancy of side-channels (which may leak information).
So, first of all, Location Services is more than just GPS. It also uses cell and Wifi signals to estimate location (hence the pop-up that "enabling wifi improves location accuracy"). So using location services may affect the behavior of the cell and wifi radios.
Second, virtually all phones (and many other devices that expects to often have internet communications) use what's called "assisted GPS", which is where the satellite ephemerides and almanac are downloaded through a side channel and passed to the GPS chip (along with an estimate of the current time and location)
That greatly improves the time to first fix because the receiver knows exactly which satellites are above the horizon, and also doesn't have to wait for each satellite to broadcast its ephemeris data (ephemeris is only broadcast once per 30 second frame, and you aren't guaranteed to receive it correctly the first time).
Tangentially related to the above, there's a very interesting paper from Microsoft where they are able to recover the location of a very low duty-cycle receiver using only an estimate of the code phase relative to the internal clock (so the navigation message is never even decoded by the device).
They (of course) needed to record the ephemerides (at the "base station") during the periods where they wanted to know the receiver's position, and there are duty cycle minimums to avoid 'cycle slip' (because the receiver only knows the code phase to an ambiguity of n2pi).
Some location info is likely recorded -- logged or cached, if nothing else -- even when no app/service on device is using it. You as a user might want to be able prevent it from being generated at all. For example, if you were concerned about a government agent, such as US Customs, hoovering up those logs/caches.
It means you can't figure out what's using it, and it makes it impossible to configure location services in a whitelisting mode. A global off switch is better than nothing, but this is bad behavior.
There's a lot of weird, potentially bad stuff that could fit into this description, though. I believe Apple has had problems with "accidentally" logging location data from their phones before.
I think it would be good for us iPhone users to know what the system is doing with our location.
It's certainly not what I expect as a user - turning off all the switches individually, should be equivalent to turning off the master switch - unless there is explicit guidance somewhere.
“We do not see any actual security implications,” an Apple engineer wrote in a response to KrebsOnSecurity. “It is expected behavior that the Location Services icon appears in the status bar when Location Services is enabled. The icon appears for system services that do not have a switch in Settings” [emphasis added].