Linked by Thom Holwerda on Thu 21st Apr 2011 21:59 UTC, submitted by Martin
Apple There's a bit of a stink going on - even in major media - about something iOS 4's been doing. Apparently, iOS 4 has been storing a list of locations and timestamps to a hidden, but readable file in a standard database format. The locations are triangulated using cell towers, and generally aren't as accurate as for instance GPS. Still, the file is stored without any form of protection on both your iPhone as well as your desktop.
Order by: Score:
why wait?
by project_2501 on Thu 21st Apr 2011 22:16 UTC
project_2501
Member since:
2006-03-20

Why wait for apple to fix it when they want? You have to wonder.. it took effort to design and code this capability, one has to wonder why.

Get an open source OS and fix it quicker.

Reply Score: 4

RE: why wait?
by darknexus on Thu 21st Apr 2011 23:44 UTC in reply to "why wait?"
darknexus Member since:
2008-07-15

Why wait for apple to fix it when they want? You have to wonder.. it took effort to design and code this capability, one has to wonder why.

Get an open source OS and fix it quicker.


You would, of course, have a plausible suggestion as to how this would make a difference? The one open source phone os I can think of that is actually used is Android, and even if you knew how to change the code to prevent this in Android, you would have to:
1. Download the source, fix it, and rebuild it for your exact device. This entails installing all of the cross-compilation tools that are needed, as well as carefully considering whether your phone might be using proprietary drivers that you would lose. If so, you will have to live with whatever limitations that might be.
2. Flash the re-built Android on to your phone. The last time I heard, most phone manufacturers didn't exactly make this easy save for HTC. We'll see what happens with Sony/Ericsen.
3. Continue to roll your own updates from that point on.
From the end-user's perspective, this wouldn't help. They don't know what source code is, they don't know how to rebuild it let alone change it, and they won't want to roll their own updates. So, in practice, they can wait for Apple to fix it, wait for Google to fix it, or wait for their phone manufacturer to fix it. Either way, for most, it involves waiting and open source doesn't even enter into the picture. Before we start shouting open source at the top of our lungs, we need to consider whether it would make a difference to the people to whom we're preaching. Open source is not the cure-all, despite what some here seem to believe.

Edited 2011-04-21 23:49 UTC

Reply Score: 7

RE[2]: why wait?
by kragil on Fri 22nd Apr 2011 00:07 UTC in reply to "RE: why wait?"
kragil Member since:
2006-01-04

Or just have a community that looks at the code and fix such "problems" before you install it. Works for all the distros.

And anyways, IF the code would have been open it wouldn't have had this "feature" in the first place. Apple thought they could get away with it.

Reply Score: 5

RE[3]: why wait?
by galvanash on Fri 22nd Apr 2011 00:24 UTC in reply to "RE[2]: why wait?"
galvanash Member since:
2006-01-25

Is Android open in your opinion (serious question, opinions seem to vary on that)? It does exactly the same thing, only difference it is implemented sanely - it is limited to 50 fixes.

https://github.com/packetlss/android-locdump

It does not get wiped nor does it expire though (it will prune the data during updates, but not when nothing is happening), so you can use it to figure out he last 50 towers a phone contacted... Even if the phone has been off for an extended period of time.

My point is only that keeping track of stuff like this for the purposes of faster location fixing is not inherently evil - there is a valid reason to do it. It's just in Apple's case they either have a bug (it should be clearing out old data but it isn't) or they are doing it on purpose. Their eventual solution to the problem will make it clear which one it is.

Hanlon's Razor - "Never attribute to malice that which is adequately explained by stupidity"

Edited 2011-04-22 00:32 UTC

Reply Score: 6

RE[4]: why wait?
by kragil on Fri 22nd Apr 2011 00:42 UTC in reply to "RE[3]: why wait?"
kragil Member since:
2006-01-04

Android is not one singular thing. It can be open and fairly closed.

If you run a community build rom like Cyanogenmod on your phone you can be more sure that there are no hidden surprises like this.

Reply Score: 4

RE[5]: why wait?
by galvanash on Fri 22nd Apr 2011 00:55 UTC in reply to "RE[4]: why wait?"
galvanash Member since:
2006-01-25

Um... Cyanogenmod uses the same code to do location caching as Android proper... References to cache.cell and cache.wifi are all over the Cyanogenmod git repo. What was your point again?

Reply Score: 3

RE[6]: why wait?
by kragil on Fri 22nd Apr 2011 01:59 UTC in reply to "RE[5]: why wait?"
kragil Member since:
2006-01-04

I just wanted to point out that Android can be many things. I wasn't refering to the 50 locations. I don't think that saving such a limited numbers is any problem at all to be honest. At least you can be sure what Cyanogenmod is doing. That is a major bonus.

Reply Score: 3

RE[7]: why wait?
by galvanash on Fri 22nd Apr 2011 02:17 UTC in reply to "RE[6]: why wait?"
galvanash Member since:
2006-01-25

Oh. Sorry, fair enough.

Reply Score: 2

RE[4]: why wait?
by JAlexoid on Fri 22nd Apr 2011 13:24 UTC in reply to "RE[3]: why wait?"
JAlexoid Member since:
2009-05-19

Is Android open in your opinion (serious question, opinions seem to vary on that)? It does exactly the same thing, only difference it is implemented sanely - it is limited to 50 fixes.

https://github.com/packetlss/android-locdump

Not only sanely, but as secure as possible. You need a rooted device to get to the data. I hope that iOS has some protection against leaking that data.

Reply Score: 3

RE[5]: why wait?
by Not2Sure on Fri 22nd Apr 2011 20:21 UTC in reply to "RE[4]: why wait?"
Not2Sure Member since:
2009-12-07

Yes, because Android phones are generally not rooted the day of release and pretty much sold with that notion ("their openeness") as a feature, or whatever.

I can't really think of a genuine reason why this geolocation data is useful as a local cache. Ever. Can one of you fanboi apologists for Google/Apple please provide a use case where it makes sense to keep track of previous locations at an OS level?

I could see where some applications might make use of last known locations for ease-of-use features but I'm pretty sure App Store and Android marketplaces would reject out of hand any app that stored this information without first securing the user's permission.

Reply Score: 1

RE[6]: why wait?
by galvanash on Sat 23rd Apr 2011 04:43 UTC in reply to "RE[5]: why wait?"
galvanash Member since:
2006-01-25

Can one of you fanboi apologists for Google/Apple please provide a use case where it makes sense to keep track of previous locations at an OS level?


It can take a few seconds to get a gps fix... Until you do get a fix, you have no idea where you are, so any mapping app has to wait idly until the fix is done. Having coordinates of cell towers you recently communicated with let's you get an approximate fix instantly. This can dramatically improve the user experience, because you can instantly set an appropriate zoom level and center the map on the approximate location while waiting for a more accurate gps fix.

The point is gps is not instant - there is latency involved. There is also latency with the mapping API itself (downloading map tiles and such). This let's you hide both latencies.

Also, gps is not always available - especially when indoors. This offers a fallback. Not as accurate, but better than nothing.

You can't get tower location info on demand... You get it when it happens (when the cellular radio picks one up or switches between them). Therefore to actually use the information for this type of purpose you have to log it.

Btw, the geolocation Apis in both iOS and android do all of this stuff for you - it's built into them. Hence why the OS itself does the logging. Apps do not ever read these logs directly, the apis used to get position fixes do that for you (without telling you how the information was derived, it just returns coordinates and an accuracy indicator).


That explain it well enough?

Edited 2011-04-23 05:02 UTC

Reply Score: 3

RE[7]: why wait?
by Not2Sure on Sat 23rd Apr 2011 19:45 UTC in reply to "RE[6]: why wait?"
Not2Sure Member since:
2009-12-07

That explain it well enough?


Nope. That explains the need to require the last known location. Not the last 100, 1000 etc, and again that would be an application use case not an OS one.

You are obviously without a clue how AGPS works on the CDMA/GSM networks. Go troll somewhere else.

Ask for a fanboi response, get one I suppose.

Reply Score: 1

RE[5]: why wait?
by galvanash on Sat 23rd Apr 2011 04:56 UTC in reply to "RE[4]: why wait?"
galvanash Member since:
2006-01-25

Not only sanely, but as secure as possible. You need a rooted device to get to the data. I hope that iOS has some protection against leaking that data.


you need root to get to it on iOS as well... It's the whole backed-up-copy-on-the-computer that everyone is going gaga over. Android doesn't seem to have that particular issue.

Reply Score: 3

RE[6]: why wait?
by Not2Sure on Sat 23rd Apr 2011 19:51 UTC in reply to "RE[5]: why wait?"
Not2Sure Member since:
2009-12-07

Vanilla Android has the exact same issue. And just to be clear, iOS 3.x+ and Android since I dunno 1.6 are transmitting your location to their servers. Not just storing them on in the filesystem. iOS does it about once every 24 hours. Android is more frequent.

They are using their customer's location in order to put Skyhook out of business by mapping the MAC addresses of open wifi points around the world. Typical Google/Apple business practices at work. Enter some vertical market and destroy any value in it all to provide "better" ad networks in the future.

The justification remains burying a sentence or two in a EULA to justify user acceptance of the program.

Reply Score: 2

Comment by Radio
by Radio on Thu 21st Apr 2011 22:17 UTC
Radio
Member since:
2009-06-20

How are we sure Apple doesn't collect this data?

(Not trolling/tinfoilhat-ing, just asking an honest question)

Reply Score: 4

RE: Comment by Radio
by kragil on Fri 22nd Apr 2011 00:11 UTC in reply to "Comment by Radio"
kragil Member since:
2006-01-04

Thom hexdumped his Iphone and Itunes and dissassembled all the code. Read it all and found no trace of it.

Only way to be sure, so that is what he has done.

Reply Score: 6

Not Defending Apple...
by galvanash on Thu 21st Apr 2011 22:44 UTC
galvanash
Member since:
2006-01-25

The number one issue here imo is that Apple is choosing to include this file in their phone backups - something that is inherently transient data and is not required nor even particularly useful in the event of a restore. It's more or less a cache to make position locking faster (at least that seems to be the only logical use for it) - there is no reason to back it up. It also does not need to be a full history, how much to truncate may be arbitrary (depends on how much data you need to compute a fix), but you certainly don't need data going back to June of last year... For that I say shame on them.

On the other hand, this is blown WAY out of proportion in most of the media and most have published things as facts which are simply wrong, most of which Thom outlined, but here are a few more:

1. On the phone device itself, the file is only accessible by root. That means non-system processes cannot read it on a normal device (jailbroken or otherwise compromised devices not withstanding). In this regard it is in fact MORE secure than any such cache would be if an application were to do some form of transient caching of user location, and I don't think anyone would argue that such caching, if done in a reasonably manner, would be in any way "evil".

2. In backups, if the user chooses to encrypt their backups, the file is again not readable by other processes. However, I agree that this is not an excuse and does not mitigate the problem in any meaningful way. It simply shouldn't be there in the first place because it does not represent state data that is useful to retain between device reboots (and a restore is by definition a device reboot).

To put it simply, in my opinion if Apple did the following the issue would be completely diffused:

1. Only store the last few cell locations however much is required and no more. The data is not useful beyond that if they are using it for what is being claimed (speeding up location fixing).

2. Don't back it up at all - it is transient after all.

3. Wipe file and start from scratch on device restarts - not that this adds much from a security point of view, but it would make it obvious that their intention is that this data be treated as a transient cache.

What bugs me about Apple is they don't respond to these kinds of things in a timely manner... They do not need to fix it today, but a simple explanation of what the file is used for (an authoritative explanation, not guess work) and a simple "oops, our bad - we will fix that in the next release" would go a long way imo.

Silence just makes people question their motives, and prolonged silence makes people REALLY question their motives - silly mistake or not.

IF the motive is, as some people might deduce if they assume Apple has nefarious intent, that the phone is keeping such a log for possible use by police/government agencies/whoever in the event that the want to extract such information from "procured" devices...

Well I'll give them the benefit of the doubt for now and assuming they fix this promptly the issue should die. But the longer they wait the more the bees will buzz... If they end up "fixing" this by some means other than destroying the data they should be called out on it - at that point they deserve whatever bad press they get.

Edited 2011-04-21 22:53 UTC

Reply Score: 6

Informed Consent SB Required for Tracking
by benali72 on Thu 21st Apr 2011 23:51 UTC
benali72
Member since:
2008-05-03

The issue here is one of "informed consent," a basic legal principle in a free society.

Apple Inc. would have had no problem if they had merely made it clear to users they were doing this. Instead they offer an opaque "privacy policy" that masks what they're really up to.

I often see comments saying "if you have nothing to hide you have nothing to fear." But in this case it should be phrased as "if Apple had nothing to hide, they had nothing to fear" by making this tracking known to their customers.

Reply Score: 5

galvanash Member since:
2006-01-25

I agree on principle... But if you are talking about the solution to this particular problem being informed consent I don't think that quite cuts it.

Apple in effect has software running at all times on you phone which is logging every cell tower you ever communicate with. And the log is kept for at least 10 months, probably longer

Asking if it is ok to do so is nice and all, but my question would be if that is really what they want to do, wtf is it for?

I willing to accept that this is all simply a mistake and their intent is not to do such long term logging. But if that is their intent, they better have a damn good explanation for what they need it for. Simply asking permission before recording a permanent history of my whereabouts in such a manner does not quite do it for me...

Reply Score: 4

Except they do tell you...
by mrhasbean on Fri 22nd Apr 2011 00:34 UTC
mrhasbean
Member since:
2006-04-03

http://www.itnews.com.au/News/255262,apple-users-consented-to-spyin...

In fact they actually get permission to collect it, even though in this case they don't it would seem.

Just more headline grabbing...

Reply Score: 1

RE: Except they do tell you...
by Thom_Holwerda on Fri 22nd Apr 2011 00:43 UTC in reply to "Except they do tell you..."
Thom_Holwerda Member since:
2005-06-29

Cop-out, and you know it. Location data from GPS: ask permission on the device. Location data from cell towers: get permission buried deep in a text no one reads, a text of questionable legality in many European countries?

The discrepancy here is clear to anyone who isn't stuck deep up the RDF's ass. Expecting people to know the difference between the two techniques - or even that different techniques exist in the first place - is idiotic.

Edited 2011-04-22 00:49 UTC

Reply Score: 7

RE[2]: Except they do tell you...
by Morgan on Fri 22nd Apr 2011 02:29 UTC in reply to "RE: Except they do tell you..."
Morgan Member since:
2005-06-29

I'm with you on the issue of burying the request for permission in walls of boring and hardly read text: It's despicable.

As for the law enforcement impact of this (nudge nudge), well our guys here in the US still have to get a warrant to search the phone's contents if you don't give them permission to, at least at the level of internal log files and such (there is a gray area regarding what is seen on the screen during a stop-and-frisk). Granted, I'm just a peon so take my word for what it's worth, but this has been the S.O.P. at both agencies I've worked at: One warrant to physically seize the device, and another to search its contents. It's a CYA move so the evidence isn't successfully challenged.

All that said, I can readily see three types of cases where such location data would be worth pursuing, and one isn't even criminal. First is a murder case where the suspect's phone would give clues to the path he took leading up to, during and after the murder. Another would be a drug enforcement investigation, where an accused dealer's phone records could corroborate an undercover agent's movement and activity reports. And finally, in a divorce case where one spouse wants to prove the other was unfaithful. I'm sure there are many other creative ways law enforcement can use this info against suspects, and plaintiffs can use it against defendants in civil court.

I also read this morning in an article on this subject that a company in New York has already assisted police with mining this data from phones and backup files, and has been doing so for a little while.

I personally am not affected as I doubt I'll own an iDevice in the foreseeable future; I loathe both Verizon and AT&T, and have no need or desire for an iPad, 3G or no. However, I am mildly alarmed at the implications, and I wonder how long it will take Apple to fix this issue.

Reply Score: 2

times change...
by kamil_chatrnuch on Fri 22nd Apr 2011 09:23 UTC in reply to "RE[2]: Except they do tell you..."
kamil_chatrnuch Member since:
2005-07-07

"The California Supreme Court allowed police Monday to search arrestees' cell phones without a warrant, saying defendants lose their privacy rights for any items they're carrying when taken into custody.

Under U.S. Supreme Court precedents, "this loss of privacy allows police not only to seize anything of importance they find on the arrestee's body ... but also to open and examine what they find," the state court said in a 5-2 ruling."

source: http://bit.ly/dWqwni


"Alarmingly, in many cases, extracting data from a mobile device is possible even if the device password is not known. Such extraction techniques take advantage of widely known vulnerabilities that make it disturbingly simple to access data stored on a smartphone by merely plugging the device into a computer and running specialized forensics software. For instance, Android and iPhone devices are vulnerable to a range of exploits, some of which Ars documented in 2009."

source: http://bit.ly/eXxS6y (page2)

Reply Score: 4

RE: times change...
by Morgan on Fri 22nd Apr 2011 10:14 UTC in reply to "times change..."
Morgan Member since:
2005-06-29

Wow, what a blow to the 4th Amendment! Thank you for posting that. It seems the "gray area" I referenced earlier is becoming much broader in scope.

Reply Score: 4

RE[2]: times change...
by jptros on Fri 22nd Apr 2011 12:22 UTC in reply to "RE: times change..."
jptros Member since:
2005-08-26

The Michigan State Police have also been accused of using devices at roadside checkpoints to download people's cell phone data:

http://abcnews.go.com/Technology/michigan-police-cellphone-data-ext...

Reply Score: 3

dayalsoap Member since:
2010-05-19

"well our guys here in the US still have to get a warrant to search the phone's contents if you don't give them permission to"

No. The federal judge ruled that TSA and border control do not need warrants to search your phones or computers.

Reply Score: 2

RE[4]: Except they do tell you...
by Morgan on Sat 23rd Apr 2011 13:52 UTC in reply to "RE[3]: Except they do tell you..."
Morgan Member since:
2005-06-29

That's true at the border and in airports, but not your average stop by local law enforcement. Though, as others have pointed out, that may be changing for the worst as well.

Reply Score: 2

RE: Except they do tell you...
by BallmerKnowsBest on Fri 22nd Apr 2011 15:56 UTC in reply to "Except they do tell you..."
BallmerKnowsBest Member since:
2008-06-02

http://www.itnews.com.au/News/255262,apple-users-consented-to-spyin...

In fact they actually get permission to collect it, even though in this case they don't it would seem.


"Interesting" position for you take, given all of your past whining about how Android is insecure because there's no draconian app store approval process restricting what software can be installed on it.

From a comment you posted back in March:

And if you were all grow'd up with teenage kids of your own and you were the one paying the bills for the masses of excess data that those lovely malware apps could wrack up you might just change your tune. ( http://www.osnews.com/thread?464688 )


So let's re-cap. A mobile device that puts you at risk of extra data charges due to your children/s use? UNACCEPTABLE!!! But a device that tracks & records all of their movements by GPS and potentially makes that information available to third parties? Meh, that's okay, as long it's mentioned somewhere in the 8,000 words of legalese that you "I Agree'd" to without reading.

Damn! Where do I nominate you for Parent Of The Year?

Just more headline grabbing...


Yet we all know you'd be practically soiling yourself in delight if this story were about Android, you've already done so in the past (over significantly less-serious issues):

Just goes to show...
...how dangerous it is to allow unchecked applications onto a device that has constant and unrestricted access to global data networks. ( http://www.osnews.com/thread?468601 )


Could your fanboyism be *any* more transparent?

Reply Score: 3

Dutch saying
by noberasco on Fri 22nd Apr 2011 04:49 UTC
noberasco
Member since:
2011-04-22

"it only takes three links to turn a kiss on the cheek into a steamy night of passion": Dutch saying?

Reply Score: 1

RE: Dutch saying
by jal_ on Fri 22nd Apr 2011 07:35 UTC in reply to "Dutch saying"
jal_ Member since:
2006-11-02

"it only takes three links to turn a kiss on the cheek into a steamy night of passion": Dutch saying?


If it is, I don't know it. I think he's just referring to a game of Chinese whispers.

Reply Score: 2

RE: Dutch saying
by Thom_Holwerda on Fri 22nd Apr 2011 11:21 UTC in reply to "Dutch saying"
Thom_Holwerda Member since:
2005-06-29

"it only takes three links to turn a kiss on the cheek into a steamy night of passion": Dutch saying?


No, I just made it up.

Reply Score: 2

It's easy
by Dr-ROX on Fri 22nd Apr 2011 06:21 UTC
Dr-ROX
Member since:
2006-01-03

Now if the police of other security institution wants to check your alibi, they will simply ask for your iPhone.

Reply Score: 2

RE: It's easy
by Lennie on Fri 22nd Apr 2011 08:37 UTC in reply to "It's easy"
Lennie Member since:
2007-09-22

No they ask your network provider with a court order. And they get your location data based on the cell tower triangulation every 5 minutes for your phone.

Ofcourse if you life in California (I think it was California, the video says which state), they don't need a courtorder. They just take your smartphone and investigate it. They have a law for that.

But location based information is one thing, how about all the data the apps have on your and where do they store/transmit this information ?:

http://www.youtube.com/watch?v=diAMOkGr1JY

Reply Score: 2

Comment by Diablo
by Diablo on Fri 22nd Apr 2011 07:02 UTC
Diablo
Member since:
2005-07-06

Also, this was discovered months ago and Apple has been doing this in pre 4.0 versions of iOS: https://alexlevinson.wordpress.com/2011/04/21/3-major-issues-with-th...

Reply Score: 2

reason
by sevrage on Fri 22nd Apr 2011 09:00 UTC
sevrage
Member since:
2006-06-29

its not about where you been its about your habits (read making money)
this is done so apple can dissect you and start a targeted subliminal psychological campaign

Reply Score: 1

Proper analysis
by dinos on Fri 22nd Apr 2011 09:16 UTC
dinos
Member since:
2005-11-09
RE: Proper analysis
by Lennie on Fri 22nd Apr 2011 13:34 UTC in reply to "Proper analysis"
Lennie Member since:
2007-09-22

What about this excerpt from the wsjournal article about Google/Android ?:

'Google previously has said that the Wi-Fi data it collects is anonymous and that it deletes the start and end points of every trip that it uses in its traffic maps. However, the data, provided to the Journal exclusively by Mr. Kamkar, contained a unique identifier tied to an individual's phone.

Mr. Kamkar, 25 years old, has a controversial past. In 2005, when he was 19, he created a computer worm that caused MySpace to crash. He pled guilty to a felony charge of computer hacking in Los Angeles Superior Court, and agreed to not use a computer for three years. Since 2008, he has been doing independent computer security research and consulting. Last year, he developed the "evercookie"—a type of tracking file that is difficult to be removed from computers—as a way to highlight the privacy vulnerabilities in Web-browsing software.

The Journal hired an independent consultant, Ashkan Soltani, to review Mr. Kamkar's findings regarding the Android device and its use of location data. Mr. Soltani confirmed Mr. Kamkar's conclusions.

Transmission of location data raises questions about who has access to what could be sensitive information about location and movement of a phone user.'

http://online.wsj.com/article/SB10001424052748703983704576277101723...

Reply Score: 3

Theres 2 parts to this
by viator on Fri 22nd Apr 2011 12:33 UTC
viator
Member since:
2005-10-11

Everyones talking about location data but its also logging ACCESS POINTS the Mac Address of the access point, timestamp of detection, coordinates including height accuracy, speed
See table WiFiLocation
CREATE TABLE WifiLocation (MAC TEXT, Timestamp FLOAT, Latitude FLOAT, Longitude FLOAT, HorizontalAccuracy FLOAT, Altitude FLOAT, VerticalAccuracy FLOAT, Speed FLOAT, Course FLOAT, Confidence INTEGER, PRIMARY KEY (MAC));
But google gets nailed for doing almost the same thing???
makes no sense!!

Reply Score: 2

v This is a Golden Moment
by kaelodest on Fri 22nd Apr 2011 13:12 UTC
I can see the endorsement now...
by BallmerKnowsBest on Fri 22nd Apr 2011 16:05 UTC
BallmerKnowsBest
Member since:
2008-06-02

"Compile a detailed profile of all your target's movements? Yep, there's an app for that." -Dexter Morgan

Reply Score: 4

Transmission not local cache
by Not2Sure on Fri 22nd Apr 2011 20:16 UTC
Not2Sure
Member since:
2009-12-07

So Apple and Google have basically admitted they are transmitting the tracked locations off the phone to servers.

What information is it that OSNews is using to state that this is not true?

Reply Score: 1

Storm in a teacup
by cmost on Fri 22nd Apr 2011 21:16 UTC
cmost
Member since:
2006-07-16

Any Apple iPhone user or Android OS user who DIDN'T think Apple and Google respectively was collecting loads of data from their phones is delusional. As I've always said: "Security is merely an illusion." While GPS and Internet connectivity are common in myriad devices, the manufacturers are banking on the data they can collect. Get used to it. Anyone who expects privacy would be advised to ditch their smartphone and stay off the Net.

Reply Score: 3

Remember their 1984 ad? lol
by bazmail on Sun 24th Apr 2011 15:19 UTC
bazmail
Member since:
2005-07-25

...But it's Not Sent to Apple


Thats like saying "some guys just took your wife, but don't worry, they're not fucking her". Pheww thank god for that, now I wonder whats on TV....


Why is this functionality present in the phone? Undoubtedly Apples excuse will be that its a "bug". This will keep the tech-ignorant main stream media happy like when Google used that excuse when caught stealing peoples private wifi information.


But are the tech watching sites going to give apple a free ride on this? No doubt the shills are being mobilized and briefed by Apple PR to start the disinformation campaign. The usual excuse-making cheer-leading whores who sold out years ago: mossberg, ihnatko, pogue etc.

Reply Score: 1

RE: Remember their 1984 ad? lol
by Not2Sure on Sun 24th Apr 2011 17:19 UTC in reply to "Remember their 1984 ad? lol"
Not2Sure Member since:
2009-12-07

It is being sent to Apple. Every 24 hours a list is submitted off the phone to Apple servers since iOS 3.2. Android does it every few minutes since I think 1.6. Google servers appear to me to be receiving the 50 most recently connected cellsites and the MACs of the last few hundred broadcasted wifi SSID. Dunno about Apple, but the list in cosolidated.db seems to be retaining a year's worth.

They are using your hardware and your movements as the largest dynamic, for-profit illicit sensor network in history and both are using a 2 line sentence buried in a EULA to say they have user assent. The extent to which either Google or Apple are anonymising the data collected upstream is not known to me.

This is not a new effort for Google, they tried it earlier with their Google Street View fleet of vehicles. As they went out snapping images they also were intruding into any available wifi network and recording signal strength as they passed by in order to attempt "wifi triangulation". As interesting as it is unethical. They are trying to create landmarking indexes in order to sell or give it away as a service on their respective platforms for "located" directed advertising. Google earlier blamed an errant unnamed engineer and the investigation didn't even levy a single penalty (lol). Now I'm guessing they believe they are covered by some EULA so won't have to come up with a fall guy this time around.

Why is this being so misunderstood? Is it because a few fanboi "tech sites" that have no engineers on staff say it isn't?

Why do you think Apple has not said one word in response about this? I'm guessing because the lawyers know they are in bad, bad place and especially in Europe where privacy laws are actually enforced. Al Franken will hopefully put Jobs or Cook in front of a committee panel with subpoena power and ask him directly but I doubt anything more than the letter already sent will happen. I think in Europe the real issue will be whether or not Apple has transferred or sold the data collected to another corporate entity in violation of consumer rights.

Borderline absurd. What's it going to take? Packet captures that fanboi journalists can't understand anyway? Even days after it has been shown to be the case the headline for this dedicated os news site still says, "not being sent to Apple". Tech journalism is absurdly bad anymore. Seems pretty much limited to rewording press releases and covering paper launches of products with lip gloss "reviews".

It is not without humor that what appears to have most (probably male) iOS users concerned is not the loss of privacy without compensation to corporate interests but the fact that a divorce lawyer with a subpoena could get the information rather easily, let alone a tech-savy spouse/partner since the file resides on a probably shared, easily accessible filesystem.

Reply Score: 1

Neat feature
by Innominandum on Sun 24th Apr 2011 16:31 UTC
Innominandum
Member since:
2005-11-18

I think this is a neat 'hidden' feature. I loaded the WiFi data from my iPod Touch and it says I've been in Munich and Hong Kong. The WiFi data is so wildly inaccurate it could never be used for legal purposes.

Reply Score: 1

Comment by benali72
by benali72 on Mon 25th Apr 2011 18:37 UTC
benali72
Member since:
2008-05-03

Apparently you can not turn off tracking without a specific hack app for that -- see http://technolog.msnbc.msn.com/_news/2011/04/25/6524572-iphone-trac...

Apple Inc continues its silence on the topic. Not helping their reputation, in the view of many. Either they're maintaining silence due to the threat of lawsuits or they have no valid explanation.

Reply Score: 1

As I understand it...
by jared_wilkes on Tue 26th Apr 2011 00:13 UTC
jared_wilkes
Member since:
2011-04-25

1. Both iOS and Android store location data derived from cell triangulation, cell positioning and other data, and wifi network data. Android stores a much shorter history, Apple a much longer (maybe non-expiring) one.

2. Both iOS and Android receive consent in their EULAs to store this data. (Not making a value judgment on this; just observing it.)

3. They also receive consent to periodically upload that data if you consent to activate their location services. Google transmits it with device identification (not "personal") and fairly frequently (they also purport to do various "anonymizations" to the data; Apple transmits it without device or personal identification at 12 or 24 hour intervals (This is where "we do not track" comes into play).

4. This is done under the guise of improving performance (which it does); it effectively eliminates Skyworks and provides both platform providers very valuable databases.

5. It's also done for ad targeting (not necessary this data set, but transmission of location data, generally). The various consents (defaults, how/when it is required, if it is being respected properly) is greatly variable, but for the most part is off by default and requires opt-in on both platforms.

5. This has been happening progressively for nearly 2 years. Both Apple and Google provided this information to Congress. Developers have been clamoring for the APIs, got them, have been using them... Consumers have been consenting to app installs that ask for location access. Critics lambasted Apple for attempting to strong arm all third-party ad networks and the competition off of iOS, etc...

6. Apple is probably confused by the response: I think it's sloppy and needs changes, but I like Apple's take on location as much as anyone else's. I hope they do continue to provide a user accessible cache of the location data, actually make it more viewable while at the same time more secure, and of course make sure you can set how much history is stored and allow you to manually delete/reset the cache.

7. I'm far less concerned with Apple's maliciousness, or Congressmen unable to ask if data is stored locally than I am judiciaries permitting my personal information to easily be used against me (not that I'm a criminal).

Reply Score: 1

RE: As I understand it...
by jared_wilkes on Tue 26th Apr 2011 00:30 UTC in reply to "As I understand it..."
jared_wilkes Member since:
2011-04-25

I would also add:

Apple ultimately comes out of this stronger, better. They are already in a position where their data-collection techniques (off of the owners' devices) is more stringent than other platforms, ad networks, and app developers... and enforce even stricter enforcement of ad networks and developers on their platform.

Even on the device side, they probably want to argue that accessing the data violates the EULA (most certainly), violates the privacy of the user legally in a way that precedes weak technological protection, and possibly violates the DMCA which they could enforce on behalf of their users. (Again, no value judgment; just an observation.)

So they get forced to testify a few times, maybe some fines in some more surly countries, and make a few modifications to something that was done in haste without much thought. And then in a few months, they can point to someone doing far worse for sleazy purposes, rather than just sloppily or stupidly, and say they care about you.

A week of silence is nothing. Apple can be quiet until WWDC if they can at least announce changes then.

Edited 2011-04-26 00:33 UTC

Reply Score: 1