Apple to Limit Accelerometer and Gyroscope Access in Safari on iOS 12.2 for Privacy Reasons

by

Last month, Apple released iOS 12.2 in beta with several new features, including the Apple News app in Canada, a redesigned TV remote in Control Center, support for adding HomeKit-enabled TVs in the Home app, and more.

The upcoming software update also introduces a new Motion & Orientation Access toggle under Settings > Safari > Privacy & Security. Toggled off by default, this new setting must be turned on in order for websites to display features that rely on motion data from the gyroscope and accelerometer in the iPhone, iPad, and iPod touch.

safari motion access 2
To test this, we loaded the What Web Can Do Today website on an ‌iPhone‌ running the first beta of iOS 12.2. With the Motion & Orientation Access setting toggled on, the page shows real-time accelerometer and gyroscope data from the ‌iPhone‌. With the setting toggled off, no motion data is shown.

Another example is Apple's motion-based iPhone experience site. This page normally allows you to tilt your actual ‌iPhone‌ to swivel the ‌iPhone‌ XS Max on the screen with tech specs. With Motion & Orientation Access toggled off, however, only a static image of the ‌iPhone‌ XS Max is shown without tech specs.

safari motion access 1
This privacy-focused change could be in response to a WIRED report last year that claimed thousands of websites have unmitigated access to motion, orientation, proximity, and light sensor data on mobile devices. Software engineer Felix Krause also filed a radar and notified Apple's security team about this matter in 2017.

As noted by Digiday, the setting could have implications for AR/VR advertising:

For example, Samsung's "Samsung Within" web-based interactive experience, developed by R/GA to promote the hardware brand's legacy and its Galaxy Note 9 phone, uses the accelerometer to let people explore the night sky.

"It's definitely going to break things," said Kai Tier, executive technology director at R/GA.

These AR/VR experiences may have to rely on fallback versions that people can navigate with swipe gestures instead, but this largely defeats the purpose of motion-based, interactive campaigns.

It's quite possible Apple could tweak how this feature works in time for the public release of iOS 12.2. Perhaps the setting will be toggled on by default in a subsequent beta, for example, or Safari could prompt users for permission to access motion data when necessary as it does with location data.

Tag: Safari
Related Forum: iOS 12

Top Rated Comments

fredrik9 Avatar
fredrik9
52 months ago
Not sure how much this would preserve privacy, but at the same time I can't imagine accelerometer data is very largely used in mobile web dev in the first place.

Sounds more just like security theatre being put on by Apple, but if anyone out there knows something I don't, by all means feel free to enlighten me.
According to the WIRED report: ”the information could fuel various types of attacks, like using ambient light data to make inferences about a user's browsing, or using motion sensor data as a sort of keylogger to deduce things like PIN numbers”

So this seems like it could be a potential threat to privacy and the security of your personal information. Albeit a very small one.
Score: 11 Votes (Like | Disagree)
fredrik9 Avatar
fredrik9
52 months ago
One can hope that a pop-up appears when a website requires gyroscope access. Without one, and the setting off by default, many consumers would be at loss since most wouldn’t know how to turn it on.
Score: 10 Votes (Like | Disagree)
jayducharme Avatar
jayducharme
52 months ago
This article seems to be misleading. It doesn't seem to me that Apple is limiting access; it seems to just be making that feature "opt in" rather than "opt out".
Score: 7 Votes (Like | Disagree)
vicviper789 Avatar
vicviper789
52 months ago
Not sure how much this would preserve privacy, but at the same time I can't imagine accelerometer data is very largely used in mobile web dev in the first place.

Sounds more just like security theatre being put on by Apple, but if anyone out there knows something I don't, by all means feel free to enlighten me.
It’s legitimate, there are algorithms to figure out your keystrokes based on gyro and accelerometer data. MIT demo’d it a few years ago IIRC.

Update: done is 2011

https://arstechnica.com/gadgets/2011/10/researchers-can-keylog-your-pc-using-your-iphones-accelerometer/
Score: 6 Votes (Like | Disagree)
citysnaps Avatar
citysnaps
52 months ago
Not sure how much this would preserve privacy, but at the same time I can't imagine accelerometer data is very largely used in mobile web dev in the first place.

Sounds more just like security theatre being put on by Apple, but if anyone out there knows something I don't, by all means feel free to enlighten me.
I think there's some potential for collected accelerometer/gyroscope data to be exploited with respect to creating motion/location profiles of a phone user. It depends on the accuracy and drift of the sensors, time references, signal processing techniques employed, required accuracy, etc.

I wouldn't be shocked if a very clever individual/company could create something interesting of value (ie, sellable processed user information) from collected raw sensor data.

I'm glad Apple is thinking ahead with respect to the possibilities and privacy implications.
Score: 6 Votes (Like | Disagree)
VictoryHighway Avatar
VictoryHighway
52 months ago
Interesting. The limitations to interactive ad or experiential campaigns would be frustrating for many companies that have things in the works. But this would provide another potential opportunity for Apple, which they really should look into: an internally-hosted and -approved ad platform. Apple should offer a way to have interactive ads that rely on iOS device information to the company for review and eventual hosting once approved. This way, they keep control of where that data goes (I think many trust Apple more than any other company to keep the data secure and only used for the purpose of displaying the experience), and Apple can take a reasonable fee for the privacy and availability of such a service that it hosts, adding another service-based revenue stream. It's a good way to capitalize on its user base without "selling" its customer information... Instead, they're just getting paid to be a watchdog over your private device metrics to let you experience more types of media online worry-free.
They had that. It was called iAd and it was a major flop.
Score: 5 Votes (Like | Disagree)
Read All Comments

Popular Stories

iOS 16

iOS 16.3 Now Available for Your iPhone With These 4 New Features

Friday February 3, 2023 1:13 pm PST by
Apple released iOS 16.3 in late January following nearly six weeks of beta testing. The software update is available for the iPhone 8 and newer, and while it is a relatively minor update, it still includes a handful of new features, changes, and bug fixes. Below, we've recapped new features in iOS 16.3, including support for physical security keys as a two-factor authentication option for...
Read Full Article
HomePod 2 White and Midnight Feature Purple Blue

Apple Explains Why HomePod Was Released Again, Wi-Fi 4 Limitation, and More

Thursday February 2, 2023 7:57 am PST by
Apple's VP of hardware engineering Matthew Costello and product marketing employee Alice Chan recently spoke with Men's Journal and TechCrunch about the new second-generation HomePod in wide-ranging interviews about the smart speaker. Apple discontinued the original full-size HomePod in March 2021 after multiple reports indicated that sales of the speaker were lackluster, but Chan told Men's ...
Read Full Article298 comments
Apple Silicon Teal Feature

The Next Big Apple Silicon Device May Not Be a Mac or iPad

Wednesday February 1, 2023 3:57 am PST by
Apple's next device with an Apple silicon chip may not be a Mac or an iPad, but rather an advanced external display, according to recent reports. The display, which is rumored to arrive this year, is expected to sit somewhere between the $1,599 Studio Display and the $4,999 Pro Display XDR – but more exact information about the device's positioning and price point is as yet unknown. While ...
Read Full Article
iOS 16

Apple Preparing iOS 16.3.1 Update for iPhone as Wait for iOS 16.4 Beta Continues

Thursday February 2, 2023 6:41 am PST by
Apple appears to be preparing an iOS 16.3.1 update for the iPhone, based on evidence of the software in our website's analytics logs this week. It's unclear when the update will be released, but it will likely be available at some point in February. The same logs have accurately foreshadowed the release of several previous updates, including iOS 16.0.3 and iOS 16.1.1 most recently, so they...
Read Full Article54 comments
General iOS 16 Feature Yellow

Five New iOS Features Coming to Your iPhone Later This Year

Tuesday January 31, 2023 11:58 am PST by
Apple has previously announced several upcoming iOS features that are expected to be added to the iPhone this year. Some of the features could be introduced with iOS 16.4, which should enter beta testing soon, while others will arrive later in the year. Below, we have recapped five new iOS features that are expected to launch in 2023, such as an Apple Pay Later financing option for purchases ...
Read Full Article44 comments
Apple Pay Later Quick Green Feature

Apple Pay Later Launching 'Soon'

Thursday February 2, 2023 2:10 pm PST by
The Apple Pay Later service that Apple has in the works is set to launch "soon," Apple CEO Tim Cook told CNBC ahead of today's earnings call for the first fiscal quarter of 2023. Cook said that Apple employees are beta testing the Apple Pay Later feature, which will help Apple boost services revenue. "It will be launching soon," Cook said. Apple Pay Later was first previewed at the...
Read Full Article84 comments
webkit vs chromium feature

Google Working on Browser for iOS That Would Break Apple's App Store Rules

Saturday February 4, 2023 1:30 am PST by
Google's Chromium developers are working on an experimental web browser for iOS that would break Apple's browser engine restrictions, The Register reports. The experimental browser, which is being actively pursued by developers, uses Google's Blink engine. Yet if Google attempted to release it on the App Store, it would not pass Apple's App Review process. Apple's App Store rules dictate...
Read Full Article170 comments