Apple to Limit Accelerometer and Gyroscope Access in Safari on iOS 12.2 for Privacy Reasons

Discussion in 'MacRumors.com News Discussion' started by MacRumors, Feb 4, 2019.

  1. MacRumors macrumors bot

    MacRumors

    Joined:
    Apr 12, 2001
    #1
    [​IMG]


    Last month, Apple released iOS 12.2 in beta with several new features, including the Apple News app in Canada, a redesigned TV remote in Control Center, support for adding HomeKit-enabled TVs in the Home app, and more.

    The upcoming software update also introduces a new Motion & Orientation Access toggle under Settings > Safari > Privacy & Security. Toggled off by default, this new setting must be turned on in order for websites to display features that rely on motion data from the gyroscope and accelerometer in the iPhone, iPad, and iPod touch.

    [​IMG]

    To test this, we loaded the What Web Can Do Today website on an iPhone running the first beta of iOS 12.2. With the Motion & Orientation Access setting toggled on, the page shows real-time accelerometer and gyroscope data from the iPhone. With the setting toggled off, no motion data is shown.

    Another example is Apple's motion-based iPhone experience site. This page normally allows you to tilt your actual iPhone to swivel the iPhone XS Max on the screen with tech specs. With Motion & Orientation Access toggled off, however, only a static image of the iPhone XS Max is shown without tech specs.

    [​IMG]

    This privacy-focused change could be in response to a WIRED report last year that claimed thousands of websites have unmitigated access to motion, orientation, proximity, and light sensor data on mobile devices. Software engineer Felix Krause also filed a radar and notified Apple's security team about this matter in 2017.

    As noted by Digiday, the setting could have implications for AR/VR advertising:
    These AR/VR experiences may have to rely on fallback versions that people can navigate with swipe gestures instead, but this largely defeats the purpose of motion-based, interactive campaigns.

    It's quite possible Apple could tweak how this feature works in time for the public release of iOS 12.2. Perhaps the setting will be toggled on by default in a subsequent beta, for example, or Safari could prompt users for permission to access motion data when necessary as it does with location data.

    Article Link: Apple to Limit Accelerometer and Gyroscope Access in Safari on iOS 12.2 for Privacy Reasons
     
  2. jayducharme macrumors 68040

    jayducharme

    Joined:
    Jun 22, 2006
    Location:
    The thick of it
    #2
    This article seems to be misleading. It doesn't seem to me that Apple is limiting access; it seems to just be making that feature "opt in" rather than "opt out".
     
  3. brinary001 macrumors 6502a

    brinary001

    Joined:
    Sep 4, 2012
    Location:
    Midwest, USA
    #3
    Not sure how much this would preserve privacy, but at the same time I can't imagine accelerometer data is very largely used in mobile web dev in the first place.

    Sounds more just like security theatre being put on by Apple, but if anyone out there knows something I don't, by all means feel free to enlighten me.
     
  4. fredrik9 macrumors regular

    fredrik9

    Joined:
    Sep 30, 2018
    Location:
    Sweden
    #4
    One can hope that a pop-up appears when a website requires gyroscope access. Without one, and the setting off by default, many consumers would be at loss since most wouldn’t know how to turn it on.
     
  5. aottke macrumors newbie

    aottke

    Joined:
    May 18, 2010
    #5
    Interesting. The limitations to interactive ad or experiential campaigns would be frustrating for many companies that have things in the works. But this would provide another potential opportunity for Apple, which they really should look into: an internally-hosted and -approved ad platform. Apple should offer a way to have interactive ads that rely on iOS device information to the company for review and eventual hosting once approved. This way, they keep control of where that data goes (I think many trust Apple more than any other company to keep the data secure and only used for the purpose of displaying the experience), and Apple can take a reasonable fee for the privacy and availability of such a service that it hosts, adding another service-based revenue stream. It's a good way to capitalize on its user base without "selling" its customer information... Instead, they're just getting paid to be a watchdog over your private device metrics to let you experience more types of media online worry-free.
     
  6. I7guy macrumors Core

    I7guy

    Joined:
    Nov 30, 2013
    Location:
    Gotta be in it to win it
    #6
    Saw that setting and was wondering what it’s intended used was.
     
  7. fredrik9 macrumors regular

    fredrik9

    Joined:
    Sep 30, 2018
    Location:
    Sweden
    #7
    According to the WIRED report: ”the information could fuel various types of attacks, like using ambient light data to make inferences about a user's browsing, or using motion sensor data as a sort of keylogger to deduce things like PIN numbers”

    So this seems like it could be a potential threat to privacy and the security of your personal information. Albeit a very small one.
     
  8. brinary001 macrumors 6502a

    brinary001

    Joined:
    Sep 4, 2012
    Location:
    Midwest, USA
    #8
    Huh. I never would've guessed! But I mean I doubt Apple would go to this effort if it weren't important
    ¯\_(ツ)/¯
     
  9. velocityg4 macrumors 601

    velocityg4

    Joined:
    Dec 19, 2004
    Location:
    Georgia
    #9
    Glad this is something that is off by default. Since most people wouldn't even be aware of it and leave it on. Not due to preference. Just because they don't know any better.

    I know it sounds like nothing. Accessing motion and orientation data. If someone can use it. Someone will figure out a way to abuse it.
     
  10. Baymowe335 macrumors 601

    Joined:
    Oct 6, 2017
  11. citysnaps, Feb 4, 2019
    Last edited: Feb 4, 2019

    citysnaps macrumors 601

    Joined:
    Oct 10, 2011
    Location:
    San Francisco
    #11
    I think there's some potential for collected accelerometer/gyroscope data to be exploited with respect to creating motion/location profiles of a phone user. It depends on the accuracy and drift of the sensors, time references, signal processing techniques employed, required accuracy, etc.

    I wouldn't be shocked if a very clever individual/company could create something interesting of value (ie, sellable processed user information) from collected raw sensor data.

    I'm glad Apple is thinking ahead with respect to the possibilities and privacy implications.
     
  12. calzon65 macrumors 6502a

    calzon65

    Joined:
    Jul 16, 2008
    #12
    They don't want to record angry customers banging their phones.
     
  13. VictoryHighway macrumors member

    VictoryHighway

    Joined:
    Jun 22, 2008
    Location:
    Hopedale, MA
    #13
    They had that. It was called iAd and it was a major flop.
     
  14. vicviper789 macrumors regular

    Joined:
    Jun 5, 2013
    #14

    It’s legitimate, there are algorithms to figure out your keystrokes based on gyro and accelerometer data. MIT demo’d it a few years ago IIRC.

    Update: done is 2011

    https://arstechnica.com/gadgets/201...log-your-pc-using-your-iphones-accelerometer/
     
  15. lunarworks macrumors 68000

    Joined:
    Jun 17, 2003
    Location:
    Toronto, Canada
    #15
    There's unethical and sneaky platform developers working tirelessly on anything that can collect data on you. They're basically ruining everything for everyone.
     
  16. ArtOfWarfare macrumors G3

    ArtOfWarfare

    Joined:
    Nov 26, 2007
    #16
    Wait - you can access ambient light data on a website? I was doing some ludicrously complicated calculations from GPS data to determine if the sun was up or not at your location to determine whether to be in "day mode" or "night mode"...
     
  17. deannnnn macrumors 68020

    deannnnn

    Joined:
    Jun 4, 2007
    Location:
    New York City & South Florida
    #17
    Is knowing which direction my phone is facing really an invasion of my privacy?
     
  18. vicviper789 macrumors regular

    Joined:
    Jun 5, 2013
    #18
  19. Mr. Donahue macrumors 6502

    Mr. Donahue

    Joined:
    Sep 17, 2014
    #19
    I wish apples own apps would turn when you need them to. It’s like the gyroscope since iPhone 6 has been horrible.
     
  20. lovehateapple macrumors newbie

    lovehateapple

    Joined:
    Oct 15, 2015
    Location:
    USA
    #20

    While I'm inclined to agree with you, the recent revelations of how facebook was circumventing apple's privacy policies with its "research" app, makes me thankful apple has made this an opt in feature rather than opt out. There's no telling how google or facebook could exploit the accelerometer and gyroscope to parse user data for their own nefarious purposes. It's been proven that all these companies need is a toehold into people's devices and they will find a way to extract whatever info they can from them. That being said, if turning the accelerometer and gyroscope on allows me to access a better experience on some websites it might be a trade-off I'm willing to make. I like the idea of having user prompts each time I visit a website that wants to access motion data from my phone.
     
  21. citysnaps, Feb 4, 2019
    Last edited: Feb 4, 2019

    citysnaps macrumors 601

    Joined:
    Oct 10, 2011
    Location:
    San Francisco
    #21
    What if thousands of those points were collected along with acceleration data over time, as you are driving/walking around somewhere, perhaps referenced from some known location?

    Implied in the above are some technical assumptions about the sensors (such as accuracy and drift, etc), but you get the idea.
     
  22. manu chao macrumors 603

    Joined:
    Jul 30, 2003
    #22
    Which has the de facto effect of limiting access significantly. "Limiting access" does not mean "cutting off access completely".
    --- Post Merged, Feb 4, 2019 ---
    Fully agree, this could work like today's way for websites to access location data.
     
  23. simonmet, Feb 4, 2019
    Last edited: Feb 4, 2019

    simonmet macrumors 68020

    simonmet

    Joined:
    Sep 9, 2012
    Location:
    Sydney
    #23
    Notified in 2017, actioned in 2019! C’mon Apple, if you want to claim a focus and priority on privacy you have to do better than this!

    It was revealed recently that Apple waited over a week until the eavesdropping flaw became public knowledge before disabling group FaceTime ... a few days later! Sorry, but a privacy-first approach would’ve been to cut it off immediately, then work on the fix as quickly as possible.

    Apple seems happy to use privacy as a big aspect of their marketing, but they can still be doing a lot better. They probably care more about users perception of privacy, because it’s this perception that affects brand value and customer loyalty.

    It’s currently not possible to opt-out, so they are offering the ability to limit access, and the article implies you’ll have to grant access in the same way you do for all the other privacy settings. I don’t think it’s misleading.
     
  24. Khedron macrumors 65816

    Joined:
    Sep 27, 2013
    #24
    So it took 8 years for Apple to fix it.

    Those 8 days of people having access to cameras and audio through FaceTime doesn't seem so bad.
     
  25. falainber macrumors 65816

    falainber

    Joined:
    Mar 16, 2016
    Location:
    Wild West
    #25
    Finally! I was getting really concerned about Google being able to learn the angle I am holding my phone at.
     

Share This Page

32 February 4, 2019