Commentary: Plans for iOS15 put victims of stalking and abuse at risk

06/15/2021
G DATA Blog

Apple has announced some innovations for iOS 15 that are a cause for concern among victims of abuse and organizations that support survivors. Among other things, it will be possible to locate devices that are switched off. This is a disaster for people who are being spied on by their own partner.

I use the "Find my" function in Apple's devices at least once a week when I have misplaced my smartphone again. That's a practical thing - I can have the device beep or locate it if I'm not sure whether I haven't forgotten it at my parents' house (again).
On paper, the innovations planned for iOS 15 make perfect sense. Among other things, there a plant to enable device owners to locate devices that are turned off. If a device is stolen, thieves often try to sell it on, for example at flea markets or on Internet platforms like eBay. To make it more difficult to resell stolen devices such as iPhones have an activation lock. Perpetrators can neither use nor resell the stolen device - it's about as useful as a brick. Thieves usually turn off a stolen device immediately after the theft to prevent tracking. This option is now eliminated because devices can be located even when they are turned off. And even if a thief resets the device to factory settings, I could still locate it as long as it is not deleted from my Apple account.

 

The Other, Darker Side of the Coin

However, there is one area where these changes have dire consequences and can have serious side effects. For example, in cases where women have moved to a shelter due to domestic violence. If the partner can locate the device that has been turned off, they can also find out its whereabouts. This is - to put it mildly - unsettling, because there are good reasons why the addresses of women's shelters and similar facilities for people in need are not public. Locating a device that has been switched off would render such protective measures obsolete.

Alexander Burris

If this technology really works as advertised, then it will soon no longer be sufficient for women's shelters to have the devices switched off at the entrance. Giving up the device completely and leaving it behind would then become the only way out. This situation is anything but ideal.

Alexander Burris

Apple also expands the AirTag technology, which has already met with criticism for similar reasons: Warnings can be set up when someone is no longer near a device. In the worst case, a jealous partner could deposit an AirTag in a suitable place to receive a warning when they leave the house. This effectively turns the technology into an electronic ankle bracelet for those affected.

To their credit, at least Apple listened to the criticism of experts shortly after the launch of the AirTags and retrofitted a function that warns users when an unknown AirTag is in the vicinity. This would at least cover some cases where a jealous partner hides an AirTag in a (jacket) pocket or in the car.

Privacy by Design vs. Comfort and Ease of Use

Now, I want to make one thing clear, so nobody gets the wrong idea: I am not saying that Apple knowingly and consciously pushes the misuse of technology. After all, the idea behind some of the functions has merit. However, I think that the developers simply haven't given this the degree of thought that would have been appropriate. Whenever a company - whether it's Apple or any other technology provider - breaks new ground in their product portfolio, there always has to be the question of how a new product can be misused.
If a device generates data whose use could pose an immediate danger to other people, a rethink is required. On this topic, there are currently also initial efforts to draft guidelines for development, for example via the IEEE (Institute of Electrical and Electronics Engineers). IBM has also drafted design principles that shed light on technological development specifically with a view to domestic abuse. Especially when it comes to devices, which for many people are communication platforms, proof of identity, and means of self-representation. For most smartphone owners, the device is one of the most private things one can have. The internationally operating Coalition against Stalkerware has also dedicated itself to the topic of technology-driven abuse and provides extensive information material and practical assistance for those affected and for aid organizations.

from Tim Berghoff
Security Evangelist