OSNews: http://www.osnews.com/story/24657/iOS_Collects_Location_Data_But_it_s_Not_Sent_to_Apple Exploring the Future of Computing en-us Copyright 2001-2013, David Adams adam+nospam@osnews.com Wed, 19 Jun 2013 06:49:00 GMT http://www.osnews.com/images/osnews.gif OSNews.com http://www.osnews.com why wait? http://www.osnews.com/thread?470787 http://www.osnews.com/thread?470787 Why wait for apple to fix it when they want? You have to wonder.. it took effort to design and code this capability, one has to wonder why.

Get an open source OS and fix it quicker. Thu, 21 Apr 2011 22:16:00 GMT donotreply@osnews.com (project_2501) Comments Comment by Radio http://www.osnews.com/thread?470788 http://www.osnews.com/thread?470788 How are we sure Apple doesn't collect this data?

(Not trolling/tinfoilhat-ing, just asking an honest question) Thu, 21 Apr 2011 22:17:00 GMT donotreply@osnews.com (Radio) Comments Not Defending Apple... http://www.osnews.com/thread?470790 http://www.osnews.com/thread?470790 The number one issue here imo is that Apple is choosing to include this file in their phone backups - something that is inherently transient data and is not required nor even particularly useful in the event of a restore. It's more or less a cache to make position locking faster (at least that seems to be the only logical use for it) - there is no reason to back it up. It also does not need to be a full history, how much to truncate may be arbitrary (depends on how much data you need to compute a fix), but you certainly don't need data going back to June of last year... For that I say shame on them.

On the other hand, this is blown WAY out of proportion in most of the media and most have published things as facts which are simply wrong, most of which Thom outlined, but here are a few more:

1. On the phone device itself, the file is only accessible by root. That means non-system processes cannot read it on a normal device (jailbroken or otherwise compromised devices not withstanding). In this regard it is in fact MORE secure than any such cache would be if an application were to do some form of transient caching of user location, and I don't think anyone would argue that such caching, if done in a reasonably manner, would be in any way "evil".

2. In backups, if the user chooses to encrypt their backups, the file is again not readable by other processes. However, I agree that this is not an excuse and does not mitigate the problem in any meaningful way. It simply shouldn't be there in the first place because it does not represent state data that is useful to retain between device reboots (and a restore is by definition a device reboot).

To put it simply, in my opinion if Apple did the following the issue would be completely diffused:

1. Only store the last few cell locations however much is required and no more. The data is not useful beyond that if they are using it for what is being claimed (speeding up location fixing).

2. Don't back it up at all - it is transient after all.

3. Wipe file and start from scratch on device restarts - not that this adds much from a security point of view, but it would make it obvious that their intention is that this data be treated as a transient cache.

What bugs me about Apple is they don't respond to these kinds of things in a timely manner... They do not need to fix it today, but a simple explanation of what the file is used for (an authoritative explanation, not guess work) and a simple "oops, our bad - we will fix that in the next release" would go a long way imo.

Silence just makes people question their motives, and prolonged silence makes people REALLY question their motives - silly mistake or not.

IF the motive is, as some people might deduce if they assume Apple has nefarious intent, that the phone is keeping such a log for possible use by police/government agencies/whoever in the event that the want to extract such information from "procured" devices...

Well I'll give them the benefit of the doubt for now and assuming they fix this promptly the issue should die. But the longer they wait the more the bees will buzz... If they end up "fixing" this by some means other than destroying the data they should be called out on it - at that point they deserve whatever bad press they get.Edited 2011-04-21 22:53 UTC Thu, 21 Apr 2011 22:44:00 GMT donotreply@osnews.com (galvanash) Comments RE: why wait? http://www.osnews.com/thread?470793 http://www.osnews.com/thread?470793
Why wait for apple to fix it when they want? You have to wonder.. it took effort to design and code this capability, one has to wonder why.

Get an open source OS and fix it quicker.


You would, of course, have a plausible suggestion as to how this would make a difference? The one open source phone os I can think of that is actually used is Android, and even if you knew how to change the code to prevent this in Android, you would have to:
1. Download the source, fix it, and rebuild it for your exact device. This entails installing all of the cross-compilation tools that are needed, as well as carefully considering whether your phone might be using proprietary drivers that you would lose. If so, you will have to live with whatever limitations that might be.
2. Flash the re-built Android on to your phone. The last time I heard, most phone manufacturers didn't exactly make this easy save for HTC. We'll see what happens with Sony/Ericsen.
3. Continue to roll your own updates from that point on.
From the end-user's perspective, this wouldn't help. They don't know what source code is, they don't know how to rebuild it let alone change it, and they won't want to roll their own updates. So, in practice, they can wait for Apple to fix it, wait for Google to fix it, or wait for their phone manufacturer to fix it. Either way, for most, it involves waiting and open source doesn't even enter into the picture. Before we start shouting open source at the top of our lungs, we need to consider whether it would make a difference to the people to whom we're preaching. Open source is not the cure-all, despite what some here seem to believe.Edited 2011-04-21 23:49 UTC Thu, 21 Apr 2011 23:44:00 GMT donotreply@osnews.com (darknexus) Comments Informed Consent SB Required for Tracking http://www.osnews.com/thread?470794 http://www.osnews.com/thread?470794 The issue here is one of "informed consent," a basic legal principle in a free society.

Apple Inc. would have had no problem if they had merely made it clear to users they were doing this. Instead they offer an opaque "privacy policy" that masks what they're really up to.

I often see comments saying "if you have nothing to hide you have nothing to fear." But in this case it should be phrased as "if Apple had nothing to hide, they had nothing to fear" by making this tracking known to their customers. Thu, 21 Apr 2011 23:51:00 GMT donotreply@osnews.com (benali72) Comments RE[2]: why wait? http://www.osnews.com/thread?470798 http://www.osnews.com/thread?470798 Or just have a community that looks at the code and fix such "problems" before you install it. Works for all the distros.

And anyways, IF the code would have been open it wouldn't have had this "feature" in the first place. Apple thought they could get away with it. Fri, 22 Apr 2011 00:07:00 GMT donotreply@osnews.com (kragil) Comments RE: Informed Consent SB Required for Tracking http://www.osnews.com/thread?470799 http://www.osnews.com/thread?470799 I agree on principle... But if you are talking about the solution to this particular problem being informed consent I don't think that quite cuts it.

Apple in effect has software running at all times on you phone which is logging every cell tower you ever communicate with. And the log is kept for at least 10 months, probably longer

Asking if it is ok to do so is nice and all, but my question would be if that is really what they want to do, wtf is it for?

I willing to accept that this is all simply a mistake and their intent is not to do such long term logging. But if that is their intent, they better have a damn good explanation for what they need it for. Simply asking permission before recording a permanent history of my whereabouts in such a manner does not quite do it for me... Fri, 22 Apr 2011 00:08:00 GMT donotreply@osnews.com (galvanash) Comments RE: Comment by Radio http://www.osnews.com/thread?470800 http://www.osnews.com/thread?470800 Thom hexdumped his Iphone and Itunes and dissassembled all the code. Read it all and found no trace of it.

Only way to be sure, so that is what he has done. Fri, 22 Apr 2011 00:11:00 GMT donotreply@osnews.com (kragil) Comments RE[3]: why wait? http://www.osnews.com/thread?470801 http://www.osnews.com/thread?470801 Is Android open in your opinion (serious question, opinions seem to vary on that)? It does exactly the same thing, only difference it is implemented sanely - it is limited to 50 fixes.

https://github.com/packetlss/android-locdump

It does not get wiped nor does it expire though (it will prune the data during updates, but not when nothing is happening), so you can use it to figure out he last 50 towers a phone contacted... Even if the phone has been off for an extended period of time.

My point is only that keeping track of stuff like this for the purposes of faster location fixing is not inherently evil - there is a valid reason to do it. It's just in Apple's case they either have a bug (it should be clearing out old data but it isn't) or they are doing it on purpose. Their eventual solution to the problem will make it clear which one it is.

Hanlon's Razor - "Never attribute to malice that which is adequately explained by stupidity"Edited 2011-04-22 00:32 UTC Fri, 22 Apr 2011 00:24:00 GMT donotreply@osnews.com (galvanash) Comments Except they do tell you... http://www.osnews.com/thread?470802 http://www.osnews.com/thread?470802 http://www.itnews.com.au/News/255262,apple-users-consented-to-spyin...

In fact they actually get permission to collect it, even though in this case they don't it would seem.

Just more headline grabbing... Fri, 22 Apr 2011 00:34:00 GMT donotreply@osnews.com (mrhasbean) Comments RE[4]: why wait? http://www.osnews.com/thread?470804 http://www.osnews.com/thread?470804 Android is not one singular thing. It can be open and fairly closed.

If you run a community build rom like Cyanogenmod on your phone you can be more sure that there are no hidden surprises like this. Fri, 22 Apr 2011 00:42:00 GMT donotreply@osnews.com (kragil) Comments RE: Except they do tell you... http://www.osnews.com/thread?470805 http://www.osnews.com/thread?470805 Cop-out, and you know it. Location data from GPS: ask permission on the device. Location data from cell towers: get permission buried deep in a text no one reads, a text of questionable legality in many European countries?

The discrepancy here is clear to anyone who isn't stuck deep up the RDF's ass. Expecting people to know the difference between the two techniques - or even that different techniques exist in the first place - is idiotic.Edited 2011-04-22 00:49 UTC Fri, 22 Apr 2011 00:43:00 GMT donotreply@osnews.com (Thom_Holwerda) Comments RE[5]: why wait? http://www.osnews.com/thread?470806 http://www.osnews.com/thread?470806 Um... Cyanogenmod uses the same code to do location caching as Android proper... References to cache.cell and cache.wifi are all over the Cyanogenmod git repo. What was your point again? Fri, 22 Apr 2011 00:55:00 GMT donotreply@osnews.com (galvanash) Comments RE[6]: why wait? http://www.osnews.com/thread?470808 http://www.osnews.com/thread?470808 I just wanted to point out that Android can be many things. I wasn't refering to the 50 locations. I don't think that saving such a limited numbers is any problem at all to be honest. At least you can be sure what Cyanogenmod is doing. That is a major bonus. Fri, 22 Apr 2011 01:59:00 GMT donotreply@osnews.com (kragil) Comments RE[7]: why wait? http://www.osnews.com/thread?470809 http://www.osnews.com/thread?470809 Oh. Sorry, fair enough. Fri, 22 Apr 2011 02:17:00 GMT donotreply@osnews.com (galvanash) Comments RE[2]: Except they do tell you... http://www.osnews.com/thread?470811 http://www.osnews.com/thread?470811 I'm with you on the issue of burying the request for permission in walls of boring and hardly read text: It's despicable.

As for the law enforcement impact of this (nudge nudge), well our guys here in the US still have to get a warrant to search the phone's contents if you don't give them permission to, at least at the level of internal log files and such (there is a gray area regarding what is seen on the screen during a stop-and-frisk). Granted, I'm just a peon so take my word for what it's worth, but this has been the S.O.P. at both agencies I've worked at: One warrant to physically seize the device, and another to search its contents. It's a CYA move so the evidence isn't successfully challenged.

All that said, I can readily see three types of cases where such location data would be worth pursuing, and one isn't even criminal. First is a murder case where the suspect's phone would give clues to the path he took leading up to, during and after the murder. Another would be a drug enforcement investigation, where an accused dealer's phone records could corroborate an undercover agent's movement and activity reports. And finally, in a divorce case where one spouse wants to prove the other was unfaithful. I'm sure there are many other creative ways law enforcement can use this info against suspects, and plaintiffs can use it against defendants in civil court.

I also read this morning in an article on this subject that a company in New York has already assisted police with mining this data from phones and backup files, and has been doing so for a little while.

I personally am not affected as I doubt I'll own an iDevice in the foreseeable future; I loathe both Verizon and AT&T, and have no need or desire for an iPad, 3G or no. However, I am mildly alarmed at the implications, and I wonder how long it will take Apple to fix this issue. Fri, 22 Apr 2011 02:29:00 GMT donotreply@osnews.com (Morgan) Comments Dutch saying http://www.osnews.com/thread?470817 http://www.osnews.com/thread?470817 "it only takes three links to turn a kiss on the cheek into a steamy night of passion": Dutch saying? Fri, 22 Apr 2011 04:49:00 GMT donotreply@osnews.com (noberasco) Comments It's easy http://www.osnews.com/thread?470818 http://www.osnews.com/thread?470818 Now if the police of other security institution wants to check your alibi, they will simply ask for your iPhone. Fri, 22 Apr 2011 06:21:00 GMT donotreply@osnews.com (Dr-ROX) Comments Comment by Diablo http://www.osnews.com/thread?470822 http://www.osnews.com/thread?470822 Also, this was discovered months ago and Apple has been doing this in pre 4.0 versions of iOS: https://alexlevinson.wordpress.com/2011/04/21/3-major-issues-with-th... Fri, 22 Apr 2011 07:02:00 GMT donotreply@osnews.com (Diablo) Comments RE: Dutch saying http://www.osnews.com/thread?470823 http://www.osnews.com/thread?470823
"it only takes three links to turn a kiss on the cheek into a steamy night of passion": Dutch saying?


If it is, I don't know it. I think he's just referring to a game of Chinese whispers. Fri, 22 Apr 2011 07:35:00 GMT donotreply@osnews.com (jal_) Comments This article suggest something different http://www.osnews.com/thread?470825 http://www.osnews.com/thread?470825 http://online.wsj.com/article/SB10001424052748703983704576277101723... Fri, 22 Apr 2011 08:33:00 GMT donotreply@osnews.com (Lennie) Comments RE: It's easy http://www.osnews.com/thread?470826 http://www.osnews.com/thread?470826 No they ask your network provider with a court order. And they get your location data based on the cell tower triangulation every 5 minutes for your phone.

Ofcourse if you life in California (I think it was California, the video says which state), they don't need a courtorder. They just take your smartphone and investigate it. They have a law for that.

But location based information is one thing, how about all the data the apps have on your and where do they store/transmit this information ?:

http://www.youtube.com/watch?v=diAMOkGr1JY Fri, 22 Apr 2011 08:37:00 GMT donotreply@osnews.com (Lennie) Comments reason http://www.osnews.com/thread?470827 http://www.osnews.com/thread?470827 its not about where you been its about your habits (read making money)
this is done so apple can dissect you and start a targeted subliminal psychological campaign Fri, 22 Apr 2011 09:00:00 GMT donotreply@osnews.com (sevrage) Comments Proper analysis http://www.osnews.com/thread?470828 http://www.osnews.com/thread?470828 For a proper analysis, without media sensationalism, please read:
http://www.reddit.com/r/geek/comments/gumri/your_iphone_is_keeping_...
and
http://news.ycombinator.com/item?id=2466445 Fri, 22 Apr 2011 09:16:00 GMT donotreply@osnews.com (dinos) Comments times change... http://www.osnews.com/thread?470829 http://www.osnews.com/thread?470829 "The California Supreme Court allowed police Monday to search arrestees' cell phones without a warrant, saying defendants lose their privacy rights for any items they're carrying when taken into custody.

Under U.S. Supreme Court precedents, "this loss of privacy allows police not only to seize anything of importance they find on the arrestee's body ... but also to open and examine what they find," the state court said in a 5-2 ruling."

source: http://bit.ly/dWqwni


"Alarmingly, in many cases, extracting data from a mobile device is possible even if the device password is not known. Such extraction techniques take advantage of widely known vulnerabilities that make it disturbingly simple to access data stored on a smartphone by merely plugging the device into a computer and running specialized forensics software. For instance, Android and iPhone devices are vulnerable to a range of exploits, some of which Ars documented in 2009."

source: http://bit.ly/eXxS6y (page2) Fri, 22 Apr 2011 09:23:00 GMT donotreply@osnews.com (kamil_chatrnuch) Comments RE: times change... http://www.osnews.com/thread?470832 http://www.osnews.com/thread?470832 Wow, what a blow to the 4th Amendment! Thank you for posting that. It seems the "gray area" I referenced earlier is becoming much broader in scope. Fri, 22 Apr 2011 10:14:00 GMT donotreply@osnews.com (Morgan) Comments RE: Dutch saying http://www.osnews.com/thread?470833 http://www.osnews.com/thread?470833
"it only takes three links to turn a kiss on the cheek into a steamy night of passion": Dutch saying?


No, I just made it up. Fri, 22 Apr 2011 11:21:00 GMT donotreply@osnews.com (Thom_Holwerda) Comments RE[2]: times change... http://www.osnews.com/thread?470835 http://www.osnews.com/thread?470835 The Michigan State Police have also been accused of using devices at roadside checkpoints to download people's cell phone data:

http://abcnews.go.com/Technology/michigan-police-cellphone-data-ext... Fri, 22 Apr 2011 12:22:00 GMT donotreply@osnews.com (jptros) Comments Theres 2 parts to this http://www.osnews.com/thread?470836 http://www.osnews.com/thread?470836 Everyones talking about location data but its also logging ACCESS POINTS the Mac Address of the access point, timestamp of detection, coordinates including height accuracy, speed
See table WiFiLocation
CREATE TABLE WifiLocation (MAC TEXT, Timestamp FLOAT, Latitude FLOAT, Longitude FLOAT, HorizontalAccuracy FLOAT, Altitude FLOAT, VerticalAccuracy FLOAT, Speed FLOAT, Course FLOAT, Confidence INTEGER, PRIMARY KEY (MAC));
But google gets nailed for doing almost the same thing???
makes no sense!! Fri, 22 Apr 2011 12:33:00 GMT donotreply@osnews.com (viator) Comments This is a Golden Moment http://www.osnews.com/thread?470837 http://www.osnews.com/thread?470837 OMG Apple logs. This is three parts stupid because a.> it iOS is a unix variant and Location Services, well is a service and a service logs. b.> Apple isn't the government and you we the consumer have the option to read the EULA (I pdf'd mine out you should too) There doensn't need to be an opt-out because Apple isn't going to do any thing like arrest you. They are a company. The most evil thing they can do is Market to me. AND MOST OF ALL c.> Location is a Core Feature of 'teh gadget' from 'find my phone' to 'urban spoon' to "Google"-anything - iOS is concerned with your position. So that if they find I go to a certain coffee shop or chain restaurant then I dont have to look for a card to punch for a free latté. My phone will know where I went-Pure Apple EEE-vil
-=- And speaking as though this is a threat is inviting computer ignorance. It is like saying B.S.D. is 'satanic' because of 'daemons'. Fact of operation the Phone Company has always know where you are, or where you were when you made a call. Your Plain Ol'Telephone Service was tied to a physical address. Now it is tied to at least 2 and possibly more than 4 towers. All Phones work like that. The phone company will give my information away readily and easily - The Phone Book had a run of nearly 75 years of invading my 'privacy'.
-=-More than that my Bank has a lot of data on me, Waaaay more data than you can easily imagine. This could easily be mined to tell you where I am going to eat lunch 2 or three weeks into the future, They can take a strong guess at what Lego set I will buy my Son, they know what size shoes my daughter wears, and had about a 90% chance of knowing what is in my pantry & fridge. OMFG and the Metro 'knows' where I am because of where I get on and off the subway, they probably know where I work because of my location. (And the fact that my employer is required by federal law to list me as a contracter in a public database)
-=- This folks is the information age, and that is information. And frankly the part that needs to be protected _is_ protected by the law. ATT knows where I am and, if subpoenaed they will tell you where I was. I can think of 3 recent murders that were solved by telco evidence. And at least a dozen that were proven as premeditated by search engine history. If I was accused of something chances are my innocence would hinge on my phone saying 'nope he was stationary at home with the kids' or, 'he was on the subway' not "he was in the Parlor with the lead pipe" There is no legal issue, because all of these various angles make a coherent shape. They are benign or at the worst protect the innocent (the guilty remained guilty, I am not ready to discuss the privacy rights of someone under criminal investigation) This is exactly what was advertised. Read the Google EULA they promise to share my data and track my locations and searches and the context that I was searching in.
We are what we do every day.
I would rather teach PPL to get over the fear themselves than be part of the noise. Fri, 22 Apr 2011 13:12:00 GMT donotreply@osnews.com (kaelodest) Comments RE[4]: why wait? http://www.osnews.com/thread?470840 http://www.osnews.com/thread?470840
Is Android open in your opinion (serious question, opinions seem to vary on that)? It does exactly the same thing, only difference it is implemented sanely - it is limited to 50 fixes.

https://github.com/packetlss/android-locdump

Not only sanely, but as secure as possible. You need a rooted device to get to the data. I hope that iOS has some protection against leaking that data. Fri, 22 Apr 2011 13:24:00 GMT donotreply@osnews.com (JAlexoid) Comments RE: Proper analysis http://www.osnews.com/thread?470841 http://www.osnews.com/thread?470841 What about this excerpt from the wsjournal article about Google/Android ?:

'Google previously has said that the Wi-Fi data it collects is anonymous and that it deletes the start and end points of every trip that it uses in its traffic maps. However, the data, provided to the Journal exclusively by Mr. Kamkar, contained a unique identifier tied to an individual's phone.

Mr. Kamkar, 25 years old, has a controversial past. In 2005, when he was 19, he created a computer worm that caused MySpace to crash. He pled guilty to a felony charge of computer hacking in Los Angeles Superior Court, and agreed to not use a computer for three years. Since 2008, he has been doing independent computer security research and consulting. Last year, he developed the "evercookie"â€"a type of tracking file that is difficult to be removed from computersâ€"as a way to highlight the privacy vulnerabilities in Web-browsing software.

The Journal hired an independent consultant, Ashkan Soltani, to review Mr. Kamkar's findings regarding the Android device and its use of location data. Mr. Soltani confirmed Mr. Kamkar's conclusions.

Transmission of location data raises questions about who has access to what could be sensitive information about location and movement of a phone user.'

http://online.wsj.com/article/SB10001424052748703983704576277101723... Fri, 22 Apr 2011 13:34:00 GMT donotreply@osnews.com (Lennie) Comments RE: Except they do tell you... http://www.osnews.com/thread?470849 http://www.osnews.com/thread?470849
http://www.itnews.com.au/News/255262,apple-users-consented-to-spyin...

In fact they actually get permission to collect it, even though in this case they don't it would seem.


"Interesting" position for you take, given all of your past whining about how Android is insecure because there's no draconian app store approval process restricting what software can be installed on it.

From a comment you posted back in March:

And if you were all grow'd up with teenage kids of your own and you were the one paying the bills for the masses of excess data that those lovely malware apps could wrack up you might just change your tune. ( http://www.osnews.com/thread?464688 )


So let's re-cap. A mobile device that puts you at risk of extra data charges due to your children/s use? UNACCEPTABLE!!! But a device that tracks & records all of their movements by GPS and potentially makes that information available to third parties? Meh, that's okay, as long it's mentioned somewhere in the 8,000 words of legalese that you "I Agree'd" to without reading.

Damn! Where do I nominate you for Parent Of The Year?

Just more headline grabbing...


Yet we all know you'd be practically soiling yourself in delight if this story were about Android, you've already done so in the past (over significantly less-serious issues):

Just goes to show...
...how dangerous it is to allow unchecked applications onto a device that has constant and unrestricted access to global data networks. ( http://www.osnews.com/thread?468601 )


Could your fanboyism be *any* more transparent? Fri, 22 Apr 2011 15:56:00 GMT donotreply@osnews.com (BallmerKnowsBest) Comments I can see the endorsement now... http://www.osnews.com/thread?470850 http://www.osnews.com/thread?470850 "Compile a detailed profile of all your target's movements? Yep, there's an app for that." -Dexter Morgan Fri, 22 Apr 2011 16:05:00 GMT donotreply@osnews.com (BallmerKnowsBest) Comments Transmission not local cache http://www.osnews.com/thread?470864 http://www.osnews.com/thread?470864 So Apple and Google have basically admitted they are transmitting the tracked locations off the phone to servers.

What information is it that OSNews is using to state that this is not true? Fri, 22 Apr 2011 20:16:00 GMT donotreply@osnews.com (Not2Sure) Comments RE[5]: why wait? http://www.osnews.com/thread?470866 http://www.osnews.com/thread?470866 Yes, because Android phones are generally not rooted the day of release and pretty much sold with that notion ("their openeness") as a feature, or whatever.

I can't really think of a genuine reason why this geolocation data is useful as a local cache. Ever. Can one of you fanboi apologists for Google/Apple please provide a use case where it makes sense to keep track of previous locations at an OS level?

I could see where some applications might make use of last known locations for ease-of-use features but I'm pretty sure App Store and Android marketplaces would reject out of hand any app that stored this information without first securing the user's permission. Fri, 22 Apr 2011 20:21:00 GMT donotreply@osnews.com (Not2Sure) Comments Storm in a teacup http://www.osnews.com/thread?470868 http://www.osnews.com/thread?470868 Any Apple iPhone user or Android OS user who DIDN'T think Apple and Google respectively was collecting loads of data from their phones is delusional. As I've always said: "Security is merely an illusion." While GPS and Internet connectivity are common in myriad devices, the manufacturers are banking on the data they can collect. Get used to it. Anyone who expects privacy would be advised to ditch their smartphone and stay off the Net. Fri, 22 Apr 2011 21:16:00 GMT donotreply@osnews.com (cmost) Comments RE[6]: why wait? http://www.osnews.com/thread?470872 http://www.osnews.com/thread?470872
Can one of you fanboi apologists for Google/Apple please provide a use case where it makes sense to keep track of previous locations at an OS level?


It can take a few seconds to get a gps fix... Until you do get a fix, you have no idea where you are, so any mapping app has to wait idly until the fix is done. Having coordinates of cell towers you recently communicated with let's you get an approximate fix instantly. This can dramatically improve the user experience, because you can instantly set an appropriate zoom level and center the map on the approximate location while waiting for a more accurate gps fix.

The point is gps is not instant - there is latency involved. There is also latency with the mapping API itself (downloading map tiles and such). This let's you hide both latencies.

Also, gps is not always available - especially when indoors. This offers a fallback. Not as accurate, but better than nothing.

You can't get tower location info on demand... You get it when it happens (when the cellular radio picks one up or switches between them). Therefore to actually use the information for this type of purpose you have to log it.

Btw, the geolocation Apis in both iOS and android do all of this stuff for you - it's built into them. Hence why the OS itself does the logging. Apps do not ever read these logs directly, the apis used to get position fixes do that for you (without telling you how the information was derived, it just returns coordinates and an accuracy indicator).


That explain it well enough?Edited 2011-04-23 05:02 UTC Sat, 23 Apr 2011 04:43:00 GMT donotreply@osnews.com (galvanash) Comments RE[5]: why wait? http://www.osnews.com/thread?470873 http://www.osnews.com/thread?470873
Not only sanely, but as secure as possible. You need a rooted device to get to the data. I hope that iOS has some protection against leaking that data.


you need root to get to it on iOS as well... It's the whole backed-up-copy-on-the-computer that everyone is going gaga over. Android doesn't seem to have that particular issue. Sat, 23 Apr 2011 04:56:00 GMT donotreply@osnews.com (galvanash) Comments RE[3]: Except they do tell you... http://www.osnews.com/thread?470888 http://www.osnews.com/thread?470888 "well our guys here in the US still have to get a warrant to search the phone's contents if you don't give them permission to"

No. The federal judge ruled that TSA and border control do not need warrants to search your phones or computers. Sat, 23 Apr 2011 13:25:00 GMT donotreply@osnews.com (dayalsoap) Comments RE[4]: Except they do tell you... http://www.osnews.com/thread?470890 http://www.osnews.com/thread?470890 That's true at the border and in airports, but not your average stop by local law enforcement. Though, as others have pointed out, that may be changing for the worst as well. Sat, 23 Apr 2011 13:52:00 GMT donotreply@osnews.com (Morgan) Comments RE[7]: why wait? http://www.osnews.com/thread?470920 http://www.osnews.com/thread?470920
That explain it well enough?


Nope. That explains the need to require the last known location. Not the last 100, 1000 etc, and again that would be an application use case not an OS one.

You are obviously without a clue how AGPS works on the CDMA/GSM networks. Go troll somewhere else.

Ask for a fanboi response, get one I suppose. Sat, 23 Apr 2011 19:45:00 GMT donotreply@osnews.com (Not2Sure) Comments RE[6]: why wait? http://www.osnews.com/thread?470921 http://www.osnews.com/thread?470921 Vanilla Android has the exact same issue. And just to be clear, iOS 3.x+ and Android since I dunno 1.6 are transmitting your location to their servers. Not just storing them on in the filesystem. iOS does it about once every 24 hours. Android is more frequent.

They are using their customer's location in order to put Skyhook out of business by mapping the MAC addresses of open wifi points around the world. Typical Google/Apple business practices at work. Enter some vertical market and destroy any value in it all to provide "better" ad networks in the future.

The justification remains burying a sentence or two in a EULA to justify user acceptance of the program. Sat, 23 Apr 2011 19:51:00 GMT donotreply@osnews.com (Not2Sure) Comments RE[8]: why wait? http://www.osnews.com/thread?470928 http://www.osnews.com/thread?470928
"That explain it well enough?


Nope. That explains the need to require the last known location. Not the last 100, 1000 etc, and again that would be an application use case not an OS one.

You are obviously without a clue how AGPS works on the CDMA/GSM networks. Go troll somewhere else.

Ask for a fanboi response, get one I suppose. "

Technically, the last N entries for locations of WiFi hotspots and cell towers leads to lowered traffic to the same geolocation servers.
This lowers traffic considerably when you are stationary at a intersection of many cell towers, because you may switch from one to another every few seconds. Imagine the traffic to the geolocation servers in that scenario.... Sat, 23 Apr 2011 21:35:00 GMT donotreply@osnews.com (JAlexoid) Comments RE[8]: why wait? http://www.osnews.com/thread?470932 http://www.osnews.com/thread?470932
Nope. That explains the need to require the last known location. Not the last 100, 1000 etc,


I NEVER said there was a need to store the last 100 or 1000, just enough to compute an approximate location (at most 5-10 towers I would think)... I'm not defending what Apple is doing (i.e. long term logging of the information) - I was simply explaining why there is a valid reason to log _some_ of it. You said you could not think of a single valid reason to keep any of this data - I gave you one.

...and again that would be an application use case not an OS one. You are obviously without a clue how AGPS works on the CDMA/GSM networks. Go troll somewhere else.


How can you say this is an application use case when applications on iOS/Android cannot access either GPS hardware or Cellular radio hardware directly (and therefore could not log raw data themselves)? The apis expose your coordinates, not those of nearby cell towers. You could not log such data even if you wanted to - there is no way to get it (without going around the OS anyway).

I was sincerely just trying to answer your question, and you go all flaming assh*le on me? I've written softare using location apis on iOS and blackberry (haven't done Android yet) and I know enough to tell you have no idea what the f*ck you are talking about...

A-GPS is NOT the same thing as cellular triangulation (which is what I am describing). A-GPS does not eliminate the need to do triangulation, it speeds up GPS locking by giving the GPS hardware information about the closest satellite and can enhance accuracy, but it still relies primarily on GPS and GPS is both slow and power hungry...

Cellular Triangulation is done by the OS using data logged from the network and the reason to do so is so that you can do it when the GPS hardware is turned off. UTDOA (Uplink Time Difference on Arrival) data is used on GSM networks to do this - it has absolutely nothing at all to do with GPS or A-GPS. The UTDOA data is what is being logged in these files everyone is talking about (at least the cellular data part).

Ask for a fanboi response, get one I suppose.


Glad I could help ;) Sat, 23 Apr 2011 23:07:00 GMT donotreply@osnews.com (galvanash) Comments RE[9]: why wait? http://www.osnews.com/thread?470938 http://www.osnews.com/thread?470938 Please allow me to inform you how incorrect you are.

http://developer.android.com/reference/android/telephony/TelephonyM...

Unless of course this reference documentation is from the future! MCC+MNC+LAC is also available in iOS.

Just stop. Sun, 24 Apr 2011 05:55:00 GMT donotreply@osnews.com (Not2Sure) Comments RE[9]: why wait? http://www.osnews.com/thread?470939 http://www.osnews.com/thread?470939 Can only imagine, PDE magic provided by the carriers remains such a closely guarded secret.

So at best I think you are arguing for a transient cache, which I could also see as being useful to decrease load on upstream carrier servers but that load is already guarded by access controls and I really doubt Apple/Google were responding to carrier reports of load with this "feature." I think it's pretty clear what they are doing and it is in their own best interests.

And in any case that is not what we are talking about here. For both Android and iOS we are talking about persistent, uniquely identifiable information being held and transmitted off the device. I really don't see it as justifiable. Sun, 24 Apr 2011 06:01:00 GMT donotreply@osnews.com (Not2Sure) Comments Remember their 1984 ad? lol http://www.osnews.com/thread?470949 http://www.osnews.com/thread?470949 ...But it's Not Sent to Apple


Thats like saying "some guys just took your wife, but don't worry, they're not fucking her". Pheww thank god for that, now I wonder whats on TV....


Why is this functionality present in the phone? Undoubtedly Apples excuse will be that its a "bug". This will keep the tech-ignorant main stream media happy like when Google used that excuse when caught stealing peoples private wifi information.


But are the tech watching sites going to give apple a free ride on this? No doubt the shills are being mobilized and briefed by Apple PR to start the disinformation campaign. The usual excuse-making cheer-leading whores who sold out years ago: mossberg, ihnatko, pogue etc. Sun, 24 Apr 2011 15:19:00 GMT donotreply@osnews.com (bazmail) Comments Neat feature http://www.osnews.com/thread?470950 http://www.osnews.com/thread?470950 I think this is a neat 'hidden' feature. I loaded the WiFi data from my iPod Touch and it says I've been in Munich and Hong Kong. The WiFi data is so wildly inaccurate it could never be used for legal purposes. Sun, 24 Apr 2011 16:31:00 GMT donotreply@osnews.com (Innominandum) Comments RE: Remember their 1984 ad? lol http://www.osnews.com/thread?470951 http://www.osnews.com/thread?470951 It is being sent to Apple. Every 24 hours a list is submitted off the phone to Apple servers since iOS 3.2. Android does it every few minutes since I think 1.6. Google servers appear to me to be receiving the 50 most recently connected cellsites and the MACs of the last few hundred broadcasted wifi SSID. Dunno about Apple, but the list in cosolidated.db seems to be retaining a year's worth.

They are using your hardware and your movements as the largest dynamic, for-profit illicit sensor network in history and both are using a 2 line sentence buried in a EULA to say they have user assent. The extent to which either Google or Apple are anonymising the data collected upstream is not known to me.

This is not a new effort for Google, they tried it earlier with their Google Street View fleet of vehicles. As they went out snapping images they also were intruding into any available wifi network and recording signal strength as they passed by in order to attempt "wifi triangulation". As interesting as it is unethical. They are trying to create landmarking indexes in order to sell or give it away as a service on their respective platforms for "located" directed advertising. Google earlier blamed an errant unnamed engineer and the investigation didn't even levy a single penalty (lol). Now I'm guessing they believe they are covered by some EULA so won't have to come up with a fall guy this time around.

Why is this being so misunderstood? Is it because a few fanboi "tech sites" that have no engineers on staff say it isn't?

Why do you think Apple has not said one word in response about this? I'm guessing because the lawyers know they are in bad, bad place and especially in Europe where privacy laws are actually enforced. Al Franken will hopefully put Jobs or Cook in front of a committee panel with subpoena power and ask him directly but I doubt anything more than the letter already sent will happen. I think in Europe the real issue will be whether or not Apple has transferred or sold the data collected to another corporate entity in violation of consumer rights.

Borderline absurd. What's it going to take? Packet captures that fanboi journalists can't understand anyway? Even days after it has been shown to be the case the headline for this dedicated os news site still says, "not being sent to Apple". Tech journalism is absurdly bad anymore. Seems pretty much limited to rewording press releases and covering paper launches of products with lip gloss "reviews".

It is not without humor that what appears to have most (probably male) iOS users concerned is not the loss of privacy without compensation to corporate interests but the fact that a divorce lawyer with a subpoena could get the information rather easily, let alone a tech-savy spouse/partner since the file resides on a probably shared, easily accessible filesystem. Sun, 24 Apr 2011 17:19:00 GMT donotreply@osnews.com (Not2Sure) Comments RE[10]: why wait? http://www.osnews.com/thread?470952 http://www.osnews.com/thread?470952 I don't know what your getting at with posting that... I don't see how it in any way disputes anything I said, but I guess you do... If you want to elaborate somewhat Ill be happy to respond further. Sun, 24 Apr 2011 19:25:00 GMT donotreply@osnews.com (galvanash) Comments Comment by benali72 http://www.osnews.com/thread?470966 http://www.osnews.com/thread?470966 Apparently you can not turn off tracking without a specific hack app for that -- see http://technolog.msnbc.msn.com/_news/2011/04/25/6524572-iphone-trac...

Apple Inc continues its silence on the topic. Not helping their reputation, in the view of many. Either they're maintaining silence due to the threat of lawsuits or they have no valid explanation. Mon, 25 Apr 2011 18:37:00 GMT donotreply@osnews.com (benali72) Comments RE[10]: why wait? http://www.osnews.com/thread?470976 http://www.osnews.com/thread?470976
Can only imagine, PDE magic provided by the carriers remains such a closely guarded secret.

So at best I think you are arguing for a transient cache, which I could also see as being useful to decrease load on upstream carrier servers but that load is already guarded by access controls and I really doubt Apple/Google were responding to carrier reports of load with this "feature." I think it's pretty clear what they are doing and it is in their own best interests.

And in any case that is not what we are talking about here. For both Android and iOS we are talking about persistent, uniquely identifiable information being held and transmitted off the device. I really don't see it as justifiable.


The data that Android is sending is used for "checking in" new data about WiFi hotspot locations and adjusting cell tower locations. I'm not defending, just explaining. Because I think they are overprotecting themselves with getting too much uniquely identifying information. On the other hand, since they are not sending the IMSI I personally really don't care. Mon, 25 Apr 2011 21:05:00 GMT donotreply@osnews.com (JAlexoid) Comments As I understand it... http://www.osnews.com/thread?470994 http://www.osnews.com/thread?470994 1. Both iOS and Android store location data derived from cell triangulation, cell positioning and other data, and wifi network data. Android stores a much shorter history, Apple a much longer (maybe non-expiring) one.

2. Both iOS and Android receive consent in their EULAs to store this data. (Not making a value judgment on this; just observing it.)

3. They also receive consent to periodically upload that data if you consent to activate their location services. Google transmits it with device identification (not "personal") and fairly frequently (they also purport to do various "anonymizations" to the data; Apple transmits it without device or personal identification at 12 or 24 hour intervals (This is where "we do not track" comes into play).

4. This is done under the guise of improving performance (which it does); it effectively eliminates Skyworks and provides both platform providers very valuable databases.

5. It's also done for ad targeting (not necessary this data set, but transmission of location data, generally). The various consents (defaults, how/when it is required, if it is being respected properly) is greatly variable, but for the most part is off by default and requires opt-in on both platforms.

5. This has been happening progressively for nearly 2 years. Both Apple and Google provided this information to Congress. Developers have been clamoring for the APIs, got them, have been using them... Consumers have been consenting to app installs that ask for location access. Critics lambasted Apple for attempting to strong arm all third-party ad networks and the competition off of iOS, etc...

6. Apple is probably confused by the response: I think it's sloppy and needs changes, but I like Apple's take on location as much as anyone else's. I hope they do continue to provide a user accessible cache of the location data, actually make it more viewable while at the same time more secure, and of course make sure you can set how much history is stored and allow you to manually delete/reset the cache.

7. I'm far less concerned with Apple's maliciousness, or Congressmen unable to ask if data is stored locally than I am judiciaries permitting my personal information to easily be used against me (not that I'm a criminal). Tue, 26 Apr 2011 00:13:00 GMT donotreply@osnews.com (jared_wilkes) Comments RE: As I understand it... http://www.osnews.com/thread?470996 http://www.osnews.com/thread?470996 I would also add:

Apple ultimately comes out of this stronger, better. They are already in a position where their data-collection techniques (off of the owners' devices) is more stringent than other platforms, ad networks, and app developers... and enforce even stricter enforcement of ad networks and developers on their platform.

Even on the device side, they probably want to argue that accessing the data violates the EULA (most certainly), violates the privacy of the user legally in a way that precedes weak technological protection, and possibly violates the DMCA which they could enforce on behalf of their users. (Again, no value judgment; just an observation.)

So they get forced to testify a few times, maybe some fines in some more surly countries, and make a few modifications to something that was done in haste without much thought. And then in a few months, they can point to someone doing far worse for sleazy purposes, rather than just sloppily or stupidly, and say they care about you.

A week of silence is nothing. Apple can be quiet until WWDC if they can at least announce changes then.Edited 2011-04-26 00:33 UTC Tue, 26 Apr 2011 00:30:00 GMT donotreply@osnews.com (jared_wilkes) Comments