EFF slams Apple’s implementation of Wi-Fi & Bluetooth toggles in iOS 11 Control Center

The Electronic Frontier Foundation today criticized the changed behavior of Apple’s Wi-Fi and Bluetooth toggles in Control Center, saying iOS 11 has made it harder for users to control these settings and calling them “misleading“ and “bad for user security.”

From the EFF’s blog post:

When a phone is designed to behave in a way other than what the user interface suggests, it results in both security and privacy problems. A user has no visual or textual clues to understand the device’s behavior, which can result in a loss of trust in operating system designers to faithfully communicate what’s going on.

Since users rely on the operating system as the bedrock for most security and privacy decisions, no matter what app or connected device they may be using, this trust is fundamental.

In iOS 11, toggling Wi-Fi and Bluetooth off in Control Center disconnects you from a Wi-Fi network and any Bluetooth accessories but keeps these radios running in the background.

“Turning off your Bluetooth and Wi-Fi radios when you’re not using them is good security practice (not to mention good for your battery usage),” the FCC stressed.

Subscribe to iDownloadBlog on YouTube

Apple argues that Control Center does not fully disable the Wi-Fi and Bluetooth radios so that your iPhone or iPad can continue to provide system features such as AirDrop, AirPlay, Apple Pencil, Apple Watch, Location Services, Handoff and Instant Hotspot.

As we’ve explained, completely shutting down these radios is still possible by enabling Airplane Mode or toggling their respective switches off inside the Settings app.

The FCC begs to differ, saying it’s really important that the toggles do what they’re supposed to do, especially considering Bluetooth’s known vulnerabilities. The post links to a white paper detailing several Bluetooth zero day vulnerabilities and security flaws.

For what it’s worth, Motherboard recently ran a story that also painted this change as a security risk. The FCC goes on to say that Apple’s interface fails to communicate these states to users, but I respectfully disagree with this—iOS 11 does make it easy to discern the difference between the on, disconnected and off states.

When you tap either toggle in Control Center, the icon goes from blue to grey and the user is presented with a helper text “Disconnected from [Wi-Fi] network name” that appears briefly at the top.

But if you fully disable Wi-Fi and Bluetooth for all networks and devices by enabling Airplane Mode or toggling Settings → Bluetooth and Settings → Wi-Fi off, you’ll see a diagonal line through the icons in Control Center.

Control Center iconography for Wi-Fi and Bluetooth on, disconnected and off states.

I find these visual indicators a good way of telling the difference between the three states although one could argue that Apple should’ve communicated the change better to avoid any user confusion.

What I’m having issues with is the way iOS 11 overrides the user’s choice at 5am local time each day, when the device restarts or the user drives or walks to a new location. It’s unclear why that is, but it doesn’t help that this behavior is not clearly explained to users.

Thoughts?