EFF criticizes iOS 11's 'misleading' Bluetooth and Wi-Fi toggles for being a privacy and security risk
The strange, unintuitive way Bluetooth and Wi-Fi toggles work in iOS 11 has drawn ire from many quarters. The latest voice is that of digital rights group the Electronic Frontier Foundation (EFF) which says that the "off-ish" setting now offered is misleading.
As we have covered in a previous story, Apple has changed the behaviour of the two toggles so that when they are flicked to the off position, the Bluetooth and wireless radios are not actually switched off. EFF says that this is "bad for user security" and calls for greater clarity from Apple.
- Warning: Toggles in the iOS 11 Control Center don't let you turn off Bluetooth or Wi-Fi
- BlueBorne Bluetooth vulnerability 'exposes almost every connected device'
- EFF resigns from W3C in protest against Encrypted Media Extensions DRM standard
As EFF points out, recent Bluetooth vulnerabilities mean that it is good practice to disable both Wi-Fi and Bluetooth when not in use. The group goes on to reiterate the problem introduced in iOS11 so that flicking the toggles to the off position actually just disconnects from networks and devices.
What actually happens in iOS 11 when you toggle your quick settings to "off" is that the phone will disconnect from Wi-Fi networks and some devices, but remain on for Apple services. Location Services is still enabled, Apple devices (like Apple Watch and Pencil) stay connected, and services such as Handoff and Instant Hotspot stay on. Apple’s UI fails to even attempt to communicate these exceptions to its users.
It gets even worse. When you toggle these settings in the Control Center to what is best described as "off-ish," they don't stay that way. The Wi-Fi will turn back full-on if you drive or walk to a new location. And both Wi-Fi and Bluetooth will turn back on at 5:00 AM. This is not clearly explained to users, nor left to them to choose, which makes security-aware users vulnerable as well.
EFF says that the unintuitive way the toggles work represents a security and privacy problem. It says that Apple is placing users at risk by trying to keep them connected to Apple devices and services. It is a loophole, EFF suggests, that Apple could very easily fix.
At a bare minimum, Apple should make the Control Center toggles last until the user flips them back on, rather than overriding the user’s choice early the next morning. It's simply a question of communicating better to users, and giving them control and clarity when they want their settings off -- not "off-ish."