Archive for September 21, 2019

iOS 13 Will Let You Know If An App Uses Bluetooth In A Weird Way…. Here’s Why You Need To Care

Posted in Commentary with tags on September 21, 2019 by itnerd

Since I upgraded to iOS 13 I started noticing that some apps were displaying prompts like this (click the image to see it in full):

The reason why I say in the Tweet “for reasons unknown” is that this there’s no reason why the Petro Canada (a chain of gas stations in Canada) needs to have Bluetooth access. It’s not streaming audio or video, nor is it connecting to a device, so why does it need it?

That’s why Apple added this feature in iOS 13. In previous versions of iOS, you may have been asked about Bluetooth permissions up front. I emphasize may because it is entirely possible that you were not asked. More on that momentarily. An example of an app that asks fo this sort of permission is Spotify which uses Bluetooth to recognize when you’re connected to a car stereo, so it can switch to Car View. Similarly, Google Maps uses Bluetooth so that it can pin the location you disconnected from your car stereo to mark where you parked. But there’s bad reasons for apps asking for Bluetooth access. Nefarious developers use Bluetooth to track a user’s location. They can do this when you aren’t using their app. And they can do it without asking for your consent. Which is of course very, very bad. Thus if you see one of these prompts on your device that is running iOS 13, you have to think about why the app in question is asking for this permission.

But because I am that kind of guy. I took it a step further. I started looking at the apps on my iPhone and every time I came across the above prompt, I tweeted the company behind the app after taking a screenshot. Here’s my list of Tweets thus far:

Now as I type this, TELUS is the only company that responded to me. I got this 15 minutes after this Tweet went up:

I give kudos to TELUS for responding and being so transparent. But I do have a question for them. If your app doesn’t require Bluetooth access, why not simply remove the code and avoid the question being asked?

As for the other apps that I listed above, none have responded to me. I will update this post if they do respond.

So here’s my advice on this topic. If you see a prompt like this, ask yourself why that app needs Bluetooth access and whether you trust the app developer or not. If you are not sure, my suggestion is to deny access for everything to begin with and use the app as normal. It might surprise you in terms of what you can still do without granting the app Bluetooth access. For example, Spotify can send music to wireless headphones without this permission. It can even seamlessly switch playback to your other devices without this permission. But if you find that by denying access that some app doesn’t work as expected, you can grant it access like this:

And here’s a top tip for developers. You really need to explain what your app does, and why it needs the permissions that it does. Because in this era of people caring about their privacy, someone like me is going to call you on it. And if you don’t respond, your app may get uninstalled. And in my case, I’m going to let my readers know about it. Which is bad for you. Take it from me. People care about this stuff these days so you can’t expect to get away with doing something that could be interpreted as being shady anymore.

UPDATE: I found a total of nine apps on my iPhone XS running iOS 13 that do this. Of those, three have valid reasons for Bluetooth access. Here’s the latest one that I found:

Their response was this:

So I have done so. I’ll update you if they respond.

UPDATE #2: Green P Parking which is the municipal parking authority in Toronto responded to me in a weird way:

Huh? I’m not talking about notifications. I am asking about why this app needs Bluetooth access when it has no reason for it. Which is what I pointed out in my reply:

And this is what they responded with.

So I did that and got voice mail at 10AM this morning. That’s a #Fail because their technical support line is supposed to be open from 8AM to 9PM EST Monday to Friday. I left a voice mail, but to be frank I don’t expect to get a response as clearly Green P Parking isn’t concerned with the customer experience.

UPDATE #3: You can add the CNN app to this list of apps that want Bluetooth access for no logical reason:

UPDATE #4: Green P Parking responded to me…. Via Twitter. Keep in mind that I left a voice mail for them yesterday at around 10AM. Here’s what they sent me:

This is a confusing response. But read a certain way, it seems to say that they are using Bluetooth as a means to figure out where you are. Which to me is kind of shady as iOS has a means of doing that by using the location services API (application programming interface) inside iOS called Core Location. By using Core Location, Green P Parking would avoid this whole discussion because everything they would be doing would be above board. Now to be fair to them, it is possible that they might be implementing iBeacons which rely on Bluetooth and works with Core Location to get your location. And they would be handy in places like underground garages where it wold be problematic to get a GPS lock on your location. But they haven’t said that in their response. Thus I’m going to suggest that it would be in their interest to provide a more fulsome response as people have been emailing me and Tweeting me about this, which means that this is top of mind for many who have read this post.

UPDATE #5: TuneIn responded to my email to their support team. Here’s what they said:

Thanks for contacting us.

This is part of iOS 13’s privacy improvements. iOS just changed the way users are notified that the app could use Bluetooth.

You have to agree to utilize anything with Bluetooth. As a streaming app, you can listen to TuneIn with a Bluetooth device and that’s why iOS 13 is showing this pop up for many apps.

Please, let us know if you need any other help.

Thanks for your time!

The first sentence I already knew. The second paragraph I question because other streaming apps that I have experimented with in the last couple of days with the exception of Spotify don’t generate a prompt like this. Thus I have to wonder why TuneIn does. And just for giggles, I tested streaming audio to a Bluetooth speaker with the permission for Bluetooth disabled and it works just fine in that state. So while I tend to be a bit jaded by nature, I am not a believer in their response.

UPDATE #6: So…. Green P Parking has another response. Here it is:

So finally, Green P Parking confirms that Bluetooth isn’t needed. So I will ask this….. Why is the functionality in the app? Or put another way, why add functionality that isn’t being used? And then why tap dance around this? If Green P Parking had simply came out and said the above when I first came across this, I would have treated them like TELUS who owned up to this immediately. But they didn’t. Thus here I am talking about it.

Take home message to app developers. Don’t be like Green P Parking. Be like TELUS.