13.5 – Location privacy broken

[Pointillism]

So, despite not really knowing what I'm doing, I decided to open up the Console app to see what kind of errors and warnings show up in the system log when System Settings is open. One thing I noticed that - when you go to "Privacy & Security: Location Services" - a whole bunch of locationd faults start showing up, all of which say the following:

{"msg":"clientRecord was not a dictionary or did not respond to expected selectors, skipping", "client":<private>}

This error only shows up when viewing the Location Services section of System Settings so I suppose it might be related to this issue but someone who's much more knowledgeable than me will probably know better.

Also, I noticed this cfprefsd error shows up occasionally as well - though not nearly as often as the locationd one.

Couldn't open parent path due to [2: No such file or directory]

Could it be that System Settings just can't access whatever files it needs in order to show & modify the list of apps that have requested location access?

 

[Pinkyyy 💜🍎]

On both my Pro and Air, apps no longer show up under Location Services under Privacy and Security.

Can't edit location permissions now or see what apps have location access.

Anyone else seeing this?

Same issue here on my M2 MBP. No apps are listed below Location Services.
It still does show me if an app is using location services in the control center, but I can't control which apps are using my location right now due to this bug.

I already had some bugs in the previous version and I was hoping they'd be fixed in 13.5 but turns out there are now even more bugs at this point, I'm just waiting for Sonoma since Ventura in general hasn't been very stable for me.

 

[chrfr]

If more people would do this, maybe Apple will finally notice that users are tired of their buggy beta versions released into production.

Back on topic, I can reproduce the issue on Monterey by disabling CoreLocationAgent.
But restarting CoreLocationAgent, disabling and re-enabling it in Ventura has no result. It appears to be running, but the system behaves as it is not.

Location services do work in 13.5 for apps which already had access and can be enabled for apps which pop up a standard dialog, like Apple Maps. Location services can't be removed from apps which already have access, and can't be enabled for apps like Google Chrome which rely on the System Settings Location settings to enable location.

 

[Pinkyyy 💜🍎]

just re installed latest monterey on my 7.1 cant live with the buggy ventura any more. My Mac mini also on moterey also from a few weeks ago. I like monterey much better. system pref's for sure. Maybe in a years time ventura will be ok who knows.

To be honest, I wish I never upgraded to Ventura. Monterey was a lot more stable. I was not facing any bugs until I upgraded to Ventura. And the System Preferences interface looked much nicer than System Settings, which is more iOS-like and pretty confusing.

 

[svenmany]

And the System Preferences interface looked much nicer than System Settings, which is more iOS-like and pretty confusing.

and buggy

 

[chrfr]

So, despite not really knowing what I'm doing, I decided to open up the Console app to see what kind of errors and warnings show up in the system log when System Settings is open. One thing I noticed that - when you go to "Privacy & Security: Location Services" - a whole bunch of locationd faults start showing up, all of which say the following:

{"msg":"clientRecord was not a dictionary or did not respond to expected selectors, skipping", "client":<private>}

I see this message in the log on my 13.5 computers as well but not one that's on 13.4. I'm updating the 13.4 computer to 13.4.1 and will recheck after it updates.

 

[frenchcamp49er]

From what I've been reading this problem does not exist in the macOS beta 14, some have downloaded the beat and the permissions returned, so I'm hoping a fix is one the way. Side note on the Apple Support forums the Mods believe this is a feature and are deleting comments.

 

[AlixSPQR]

Side note on the Apple Support forums the Mods believe this is a feature and are deleting comments.

That's more sad than hilarious. What a crappy place.

 

[frenchcamp49er]

That's more sad than hilarious. What a crappy place.

Unfortunately it is, others a saying bug but a mod or 2 are claiming its a new feature.

 

[Matty_TypeR]

Loving my fresh install of monterey, everything works! and if that is a new feature they can keep it.

 

[Queen6]

If the issue iis widespread then Apple will likely release a 13.5.1 patch, if not we will probably have to sit it out until 13.6. Only other alternative is to downgrade back to Monterey.

Q-6

 

[luckman212]

I decided to open up the Console app to see what kind of errors and warnings show up in the system log when System Settings is open. One thing I noticed that - when you go to "Privacy & Security: Location Services" - a whole bunch of locationd faults start showing up, all of which say the following:

{"msg":"clientRecord was not a dictionary or did not respond to expected selectors, skipping", "client":<private>}

Good sleuthing @Pointillism !

I did the same and used the Terminal (log stream) command to also look at the events leading up to those clientRecord errors. I also enabled Private Data Logging using a custom .mobileconfig Profile, so I could see what was "underneath" the <private> messages in the log. It was all just a bunch of paths, basically to all of the apps on my system. Some kind of enumeration that gets done, I suppose the OS is looking for PPPC profiles and/or code signatures embedded in the apps to verify they exist in the TCC database.

2 errors stood out to me when I was looking at the logs:

2023-07-26 11:19:04.659616-0400 0x1038ed   Error       0x218808             170    0    opendirectoryd: (PlistFile) [com.apple.opendirectoryd:auth] Failed SecureToken authentication for A865CEC2-417A-4DB9-9522-A3B522CF95D3 other domain: invalid credentials
2023-07-26 11:19:04.808537-0400 0x1038ed   Error       0x218808             170    0    opendirectoryd: (PlistFile) [com.apple.opendirectoryd:auth] Authentication failed for luke (A865CEC2-417A-4DB9-9522-A3B522CF95D3): ODErrorCredentialsInvalid

Looks like an some failures to decode or authenticate against a SecureToken directly preceded it. Could be related. If anyone else wants to confirm these errors on their system, here's the command to run in Terminal

log stream --predicate 'subsystem == "com.apple.opendirectoryd"'

 

[chrfr]

Good sleuthing @Pointillism !

I did the same and used the Terminal (log stream) command to also look at the events leading up to those clientRecord errors. I also enabled Private Data Logging using a custom .mobileconfig Profile, so I could see what was "underneath" the <private> messages in the log. It was all just a bunch of paths, basically to all of the apps on my system. Some kind of enumeration that gets done, I suppose the OS is looking for PPPC profiles and/or code signatures embedded in the apps to verify they exist in the TCC database.

2 errors stood out to me when I was looking at the logs:

2023-07-26 11:19:04.659616-0400 0x1038ed   Error       0x218808             170    0    opendirectoryd: (PlistFile) [com.apple.opendirectoryd:auth] Failed SecureToken authentication for A865CEC2-417A-4DB9-9522-A3B522CF95D3 other domain: invalid credentials
2023-07-26 11:19:04.808537-0400 0x1038ed   Error       0x218808             170    0    opendirectoryd: (PlistFile) [com.apple.opendirectoryd:auth] Authentication failed for luke (A865CEC2-417A-4DB9-9522-A3B522CF95D3): ODErrorCredentialsInvalid

Looks like an some failures to decode or authenticate against a SecureToken directly preceded it. Could be related. If anyone else wants to confirm these errors on their system, here's the command to run in Terminal

log stream --predicate 'subsystem == "com.apple.opendirectoryd"'

opendirectoryd is extremely unlikely to be related to this.

 

[bogdanw]

Location services do work in 13.5 for apps which already had access and can be enabled for apps which pop up a standard dialog, like Apple Maps. Location services can't be removed from apps which already have access, and can't be enabled for apps like Google Chrome which rely on the System Settings Location settings to enable location.

tccutil reset Liverpool works and removes third party apps. System services and Safari will be re-added automatically,
With SIP disabled, Chrome can be added with sqlite3 #25 or tccplus https://github.com/jslegendre/tccplus

 

[Pinkyyy 💜🍎]

From what I've been reading this problem does not exist in the macOS beta 14, some have downloaded the beat and the permissions returned, so I'm hoping a fix is one the way. Side note on the Apple Support forums the Mods believe this is a feature and are deleting comments.

This is so messed up. How come they think it’s a feature ? This is clearly a Ventura bug as it doesn’t seem to be an issue neither on Monterey 12.6.8 nor even the macOS 14 beta. The issue exists only on Ventura 13.5 . It’s sad to hear that Apple hasn’t recognized this not-so-small bug. They need to recognize it so we can at least expect them to fix it in the later releases.

 

[chrfr]

This is so messed up. How come they think it’s a feature ? This is clearly a Ventura bug as it doesn’t seem to be an issue neither on Monterey 12.6.8 nor even the macOS 14 beta. The issue exists only on Ventura 13.5 . It’s sad to hear that Apple hasn’t recognized this not-so-small bug. They need to recognize it so we can at least expect them to fix it in the later releases.

Who's to say that Apple hasn't recognized the bug? The discussion forums are not an official channel where Apple responds to bugs. Apple has received several bug reports and also Applecare reports through the enterprise channel, so they're definitely aware of the problem.

 

[frenchcamp49er]

This is so messed up. How come they think it’s a feature ? This is clearly a Ventura bug as it doesn’t seem to be an issue neither on Monterey 12.6.8 nor even the macOS 14 beta. The issue exists only on Ventura 13.5 . It’s sad to hear that Apple hasn’t recognized this not-so-small bug. They need to recognize it so we can at least expect them to fix it in the later releases.

They are only Mods, non Apple employees, but ya how can any reasonable person argue the point.

Location Privacy is broken after installi… - Apple Community

discussions.apple.com

 

[Pointillism]

They are only Mods, non Apple employees, but ya how can any reasonable person argue the point.

Location Privacy is broken after installi… - Apple Community

discussions.apple.com

Wait, is that one poster who's convinced that it's a feature even a moderator or is it just someone who's amassed a whole bunch of Apple Support forum points?

 

[frenchcamp49er]

Wait, is that one poster who's convinced that it's a feature even a moderator or is it just someone who's amassed a whole bunch of Apple Support forum points?

They have like 80,000 points, ya I’m not sure if he’s an actual moderator, I’ll have to reread the thread, I thought they were though

 

[cubbie5150]

I am also having this issue on my 2021 Macbook Pro 14-inch after updating to macOS 13.5. Not a single app is listed under Privacy and Security: Location Services.
View attachment 2237458

Same here on my 2021 16" M1Pro

 

[Howard2k]

Turned off automatic security updates. What a gong show. Waiting for 13.5.1.

 

[canadianreader]

this is a bug. not a part of some grand plan.

Apple tried it with BigSur and started tracking apps and stuff through the ocsp.apple.com and it backfired sure they'll try it again in more subtle ways. Not saying this bug is intentional but at least we know they tried it in the past.

Apple Hides Traffic of Some of Its Own Apps in Big Sur - TidBITS

TripMode developer David Dudok de Wit has discovered that Apple prevents application-level firewalls from monitoring or even measuring traffic from over 50 Apple apps and processes. It’s yet another way that Apple blocks developers from providing features that users want.

tidbits.com

 

[Pointillism]

Good sleuthing @Pointillism !

I did the same and used the Terminal (log stream) command to also look at the events leading up to those clientRecord errors. I also enabled Private Data Logging using a custom .mobileconfig Profile, so I could see what was "underneath" the <private> messages in the log. It was all just a bunch of paths, basically to all of the apps on my system. Some kind of enumeration that gets done, I suppose the OS is looking for PPPC profiles and/or code signatures embedded in the apps to verify they exist in the TCC database.

2 errors stood out to me when I was looking at the logs:

2023-07-26 11:19:04.659616-0400 0x1038ed   Error       0x218808             170    0    opendirectoryd: (PlistFile) [com.apple.opendirectoryd:auth] Failed SecureToken authentication for A865CEC2-417A-4DB9-9522-A3B522CF95D3 other domain: invalid credentials
2023-07-26 11:19:04.808537-0400 0x1038ed   Error       0x218808             170    0    opendirectoryd: (PlistFile) [com.apple.opendirectoryd:auth] Authentication failed for luke (A865CEC2-417A-4DB9-9522-A3B522CF95D3): ODErrorCredentialsInvalid

Looks like an some failures to decode or authenticate against a SecureToken directly preceded it. Could be related. If anyone else wants to confirm these errors on their system, here's the command to run in Terminal

log stream --predicate 'subsystem == "com.apple.opendirectoryd"'

Interesting. It looks like there were two location-related security fixes included with 13.5 and, while the Find My issue was fixed in both Monterey & Ventura, the following only applied to Ventura:

AppleMobileFileIntegrity

Available for: macOS Ventura

Impact: An app may be able to determine a user’s current location

Description: A downgrade issue affecting Intel-based Mac computers was addressed with additional code-signing restrictions.

CVE-2023-36862: Mickey Jin (@patch1t)

I wonder if this current issue is partially due to whatever Apple did to fix the above problem.

 

[canadianreader]

just re installed latest monterey on my 7.1 cant live with the buggy ventura any more. My Mac mini also on moterey also from a few weeks ago. I like monterey much better. system pref's for sure. Maybe in a years time ventura will be ok who knows.

I upgraded to Ventura so far so good but still don't like the new vertical System Preferences. It's more suited to iPads and iPhones but not the mac.

 

[katbel]

I would like to downgrade to Monterey too, but not sure if I'm going to end up with more issues because the Mac Studio came with Ventura 😑