> While we find that OF's design achieves its privacy goals, we discover two distinct design and implementation flaws that can lead to a location correlation attack and unauthorized access to the location history of the past seven days, which could deanonymize users. Apple has partially addressed the issues following our responsible disclosure. Finally, we make our research artifacts publicly available.
Not something a regular dude off the street will be doing any time soon. =)
The specs are here: https://manuals.info.apple.com/MANUALS/1000/MA1902/en_US/app...
Page 139 onwards.
If you can find a security/privacy hole in the spec, I think Apple will compensate you pretty well.