Bluetooth vulnerability can expose device data to hackers

Apple's new iOS 13 update adds a new privacy measure that requires apps to request your permission to use your device's Bluetooth. After installing the latest version of iOS, trust me when I say you will be surprised by the number of apps that request Bluetooth permission the next time you open them. Some may seem very strange (like Dunkins Donuts in my case), but others probably won't make you think twice about giving your thumbs up.


The reason Apple has implemented this is because Bluetooth has enabled companies to secretly track your location via Bluetooth by using beacons in stores, malls, and even in popular city streets when they are within reach of a place you pass .

This is completely independent of the location privacy settings of your iPhone, which makes it seem to lag behind. A beacon can easily detect the Bluetooth chip of your device and register it at a store or other app on your phone. So getting stricter about Bluetooth is a good move from Apple to prevent unwanted tracking from its customers.

In the same way, the company also becomes more transparent about the location, so that you can see on a map how often and where apps have recorded your position. This prompt is much easier to understand and is likely to scare people off the list of apps that can follow where they are. As it should!

But there is more room for confusion around the Bluetooth prompt.

At the most basic level, I think some iPhone owners may wonder and perhaps even assume that they need to grant Bluetooth permission for music and other media apps to continue working with their Bluetooth earbuds, headphones, or speakers. It's a reasonable question when you see that an app "would like to use Bluetooth." .)

You see a Bluetooth request from stores and even fast food chains that may use beacons for in-store promotions or to help you find what you're looking for in the right aisle. Other common cases are associated apps for your fitness tracker, Bluetooth headphones or apps from camera companies. (The most recent cameras & # 39; s support synchronizing photos & # 39; s via Bluetooth.)


Apps that support Google's Chromecast streaming platform often also require Bluetooth access. While Chromecast streams content over Wi-Fi, the platform has a "guest mode" that makes it easy for visitors to play videos & audio on your TV without having to know your home network password. But to find Chromecasts nearby for guest mode, these apps use Bluetooth. So the permission prompt. Google now lets developers integrate Chromecast without guest mode to completely avoid the Bluetooth request if they want.

But the key for all app developers is to be immediately why they are requesting Bluetooth access. Apple's generic message is far too vague and leaves a lot of uncertainty about exactly what you give permission for. Here Sling TV manages to be clear:

Fitbit also nails it:

In the meantime, ESPN just stays with the standard notification and that was enough to trigger Nilay alarms. (Again, in this case it was because of the app's Chromecast support.)

As more and more apps are updated, hopefully their formulation around Bluetooth leaves no room for confusion. For now, if you see a Bluetooth request that seems unusual, you might just want to choose "don't allow." If a feature in that app doesn't stop working soon after, you know why and you can go to the settings and enable Bluetooth access.