iOS 18.5 silently triggers Bluetooth and GPS data collection – no user consent
7 days ago
- #Bluetooth
- #Privacy
- #iOS
- iOS 18.5 has high-severity privacy violations involving Bluetooth and location services.
- Unauthorized actions are performed by native Apple system processes without user awareness or consent.
- Evidence was gathered using Apple's Console.app on a stock iPhone 14 Pro Max.
- VF-001: audioaccessoryd exposes Bluetooth trust metadata, enabling passive identity tracking.
- VF-002: SPCBPeripheralManager triggers silent BLE scans, making the device discoverable without notice.
- VF-003: locationd harvests GPS data covertly, enabling silent location tracking.
- VF-004: tccd bypasses TCC privacy permissions using a flag, disabling consent enforcement.
- VF-005: bluetoothd continues trust logic after crypto failures, weakening BLE trust enforcement.