Using only Apple’s official diagnostic tools (Console.app) on a clean, non-jailbroken iPhone 14 Pro Max, the following issues were observed:
System daemons silently initiate Bluetooth Low Energy (BLE) scans without app activity or user interaction.
GPS location harvesting occurs with no prompts, indicators, or active apps.
Internal frameworks bypass Apple’s Transparency, Consent, and Control (TCC) protections using undocumented flags.
Bluetooth trust metadata (e.g., IRKs, pairing history) is exposed even when devices are disconnected.
Cryptographic failures are silently ignored during trust operations.
These behaviors suggest an integrated telemetry pipeline that operates beneath iOS’s user-facing privacy model.
The full report includes logs, technical breakdowns, and reproduction steps.
Looks like garbage "vulnerabilities" generated by ChatGPT from a random sample of log messages. None of it looks even remotely substantiated and I have no idea how this made it to the front page so quickly.
What is this report supposed to show? System level Daemons have low level access or iPhone, unlocked and having trusted the hardware I assume, can be made to reveal data? This reads like someone asked AI about debugging iPhone using their laptop, dug into some system daemons and wrote up a report acting like sky is falling when it's expected behavior. UID 0 can bypass file permissions, alert kernel developers!
Real question is, can other iOS applications trigger this data leaking behavior or can untrusted MacOS devices do this as well?
"Preflight=yes" bypassing user prompts is not expected or documented behavior... period.
The fact that internal system daemons can silently trigger access to TCC-protected domains (like Contacts, FaceID, Microphone, and Bluetooth) without app association or user consent breaks Apple’s own stated privacy model.
It's very possible they have good reason to do so. Phone app needs contact access to display CallerID and Microphone access to allow me to answer my call
This got flagged because you have not proven anything.
System Level Daemons and preinstall Apple developed applications are bypassing standard app level permissions. Are they doing anything nefarious with the data like sending it all to Apple or just using it to do the work people expect? You are running around acting like SystemD is doing nefarious stuff because it's bypass file permissions. Ok, it's a system daemon, not shocked, is it doing anything bad with that or just trying to make my system work out of the box as I expect.
Apple makes OS on the iPhone, they are in privileged spot.
Reminds me of Facebook "bug" that was turning the camera on and sending them pics or movies... people find out, they "fix" that right to the next version where the "bug" appears again...
It never was, but our echo chamber here had us convinced it was. Privacy is when you control your data, not give up your data to someone else in the hopes they will.
Fixed? LOL! It's like asking if Android VPN makes all connections go on the VPN, but no, just like Windows... you do have to expect zero privacy respect
At this point it doesnt really matter if its Apple, microsoft or google, etc..
These big tech co’s will harvest whatever is possible since user data equals hard cash and they will try and do it until they get found out, but even then it could take years until they actually get stopped or fined.
Its still the wild west out there since governments are so extremeley slow to react and they know that.
Also, Apples posturing as being the “privacy leader” doesnt mean anything anymore at this point.
Using only Apple’s official diagnostic tools (Console.app) on a clean, non-jailbroken iPhone 14 Pro Max, the following issues were observed:
System daemons silently initiate Bluetooth Low Energy (BLE) scans without app activity or user interaction.
GPS location harvesting occurs with no prompts, indicators, or active apps.
Internal frameworks bypass Apple’s Transparency, Consent, and Control (TCC) protections using undocumented flags.
Bluetooth trust metadata (e.g., IRKs, pairing history) is exposed even when devices are disconnected.
Cryptographic failures are silently ignored during trust operations.
These behaviors suggest an integrated telemetry pipeline that operates beneath iOS’s user-facing privacy model. The full report includes logs, technical breakdowns, and reproduction steps.
Isn't it support for the Find My network?
The logical deduction would be that it's not, given that the Find My network has been rolled out for some time and this is new behavior.
There is no evidence here that this is new behavior, or evidence of the claims at all aside from random log messages…
That doesn’t logically follow, because it could be for an upgrade, so the existence of this stuff previously has no relevance.
> GPS location harvesting
What does "harvesting" mean? Does the data stay on the device, or is it sent to Apple?
Looks like garbage "vulnerabilities" generated by ChatGPT from a random sample of log messages. None of it looks even remotely substantiated and I have no idea how this made it to the front page so quickly.
What is this report supposed to show? System level Daemons have low level access or iPhone, unlocked and having trusted the hardware I assume, can be made to reveal data? This reads like someone asked AI about debugging iPhone using their laptop, dug into some system daemons and wrote up a report acting like sky is falling when it's expected behavior. UID 0 can bypass file permissions, alert kernel developers!
Real question is, can other iOS applications trigger this data leaking behavior or can untrusted MacOS devices do this as well?
"Preflight=yes" bypassing user prompts is not expected or documented behavior... period.
The fact that internal system daemons can silently trigger access to TCC-protected domains (like Contacts, FaceID, Microphone, and Bluetooth) without app association or user consent breaks Apple’s own stated privacy model.
It's very possible they have good reason to do so. Phone app needs contact access to display CallerID and Microphone access to allow me to answer my call
This got flagged because you have not proven anything.
System Level Daemons and preinstall Apple developed applications are bypassing standard app level permissions. Are they doing anything nefarious with the data like sending it all to Apple or just using it to do the work people expect? You are running around acting like SystemD is doing nefarious stuff because it's bypass file permissions. Ok, it's a system daemon, not shocked, is it doing anything bad with that or just trying to make my system work out of the box as I expect.
Apple makes OS on the iPhone, they are in privileged spot.
Not the first company to do this, if it's intentional it just follows the industry resetting user preferences to the favourable "defaults"
Reminds me of Facebook "bug" that was turning the camera on and sending them pics or movies... people find out, they "fix" that right to the next version where the "bug" appears again...
Can you tell us more?
From what I've seen lately, you're the only person who thinks it is surprising that an iphone sometimes turns on the Bluetooth radio.
What is surprising is that it's accessing my camera, contact list and my mic...
Really thinking about switching to Graphene as "Privacy, thats not iPhone" is now a thing.
Someday hoping some billionaire decides to start a "third" operating system that is simple enough to be maintained by an OSS foundation.
It never was, but our echo chamber here had us convinced it was. Privacy is when you control your data, not give up your data to someone else in the hopes they will.
There's no clear evidence and no write-up. This comes across as crying wolf.
well.. apple needs to power their 'find my device' network somehow.. no?
This is unrelated.
We humans are the jailbroken ones.
Is this fixed in iOS 18.6?
Fixed? LOL! It's like asking if Android VPN makes all connections go on the VPN, but no, just like Windows... you do have to expect zero privacy respect
Cynicism is not insight.
At this point it doesnt really matter if its Apple, microsoft or google, etc..
These big tech co’s will harvest whatever is possible since user data equals hard cash and they will try and do it until they get found out, but even then it could take years until they actually get stopped or fined.
Its still the wild west out there since governments are so extremeley slow to react and they know that.
Also, Apples posturing as being the “privacy leader” doesnt mean anything anymore at this point.