Last week, Apple released iOS 16.3 with new features and bug fixes. While it’s always recommended that users update their devices, this new version fixes an Apple Maps bug that was sharing people’s location to apps without consent.
The discovery was made by Brazilian journalist Rodrigo Ghedin. According to him, iFood, one of the biggest Brazilian startups that offer an Uber Eats-like service, was “peeking at iOS users’ location when it should’ve not.”
iFood, Brazilian largest food delivering app evaluated at USD 5.4 billion, was accessing his location when not open/in use, bypassing an iOS setting that restrict an app’s access to certain phone’s features. Even when the reader completely denied location access to it, iFood’s app continued to access his phone’s location.
Now, with iOS 16.3 Release Notes, it was possible to understand what happened. According to Apple. there was an issue with Apple Maps: “an app may be able to bypass Privacy preferences.” Although Apple said a logic issue was addressed with improved state management, it’s unclear how many apps were able to use this breach, how much data they could gather, and with what iOS version developers could take advantage of this breach.
If you’re still running an old version of iOS 16 that is not iOS 16.3, you may discover that an app that you’re not sharing your location with might be accessing your data. Just look at iOS’s Privacy tab on the Control Center after you open an app.
That said, the best you can do is update to iOS 16.3, which fixes this issue. In addition, this update brings physical Security Keys support and addresses some bugs related to iPhone 14 Pro models.
BGR contacted Apple and will update the story once we hear from a company spokesperson.