There’s a bit of a stink going on – even in major media – about something iOS 4’s been doing. Apparently, iOS 4 has been storing a list of locations and timestamps to a hidden, but readable file in a standard database format. The locations are triangulated using cell towers, and generally aren’t as accurate as for instance GPS. Still, the file is stored without any form of protection on both your iPhone as well as your desktop.
This isn’t entirely new information, but Alasdair Allan and Pete Warden made a nice tool to visualise your own data, making it all a bit more tangible. It isn’t new information since this database file has been known in smaller circles for a while now. Of course, this has been causing a pretty big stink, and rightfully so – partially. Yes, this is bad – but no, it’s not as bad as some make it out to be.
First and foremost: Apple is not collecting the information. It’s stored on your iPhone, and on your desktop through iTunes backups. Apple does not collect the information from your iPhone, and it doesn’t collect it from iTunes either. So, any headlines that claim Apple is collecting this information is wrong, since it’s actually iOS that’s doing the collecting. It seems like a minor distinction, but since it only takes three links to turn a kiss on the cheek into a steamy night of passion, it’s a good idea to emphasize this.
Second, this information can technically be abused, but only if any malicious person has either physical access to your device or computer, or, of course, by using a security hole. Even then, I wouldn’t really know what anyone would do with this. I mean, if you’re interesting enough for someone to track your location, you’ve probably got bigger problems.
That doesn’t however, make it right. Some people are claiming this is not a problem at all, but they are wrong. First, Apple does not ask your permission to track your location this way; you can turn of GPS tracking, but not this cellular tracking. Second, it is not stored in a secure way, but naked and open. This is bad.
Overall though, this information could be very useful to law enforcement, but those guys can get court order access to the same data from carriers. You could be cynical and wonder if it is potentially easier to obtain a court order for a suspect’s phone than for carrier records, but alas, I’ll leave that for the law enforcement experts (I believe we have an active commenter who works for law enforcement – wink wink) to figure out.
I’m guessing this is nothing more than a bug which will be fixed in the next iOS point release. It’s been overblown – but it shouldn’t be underestimated either. If you have your device jailbroken, you can search for the Untracked application to continuously clean the database file. You can turn on encryption in iTunes for your iOS backups, too.
Why wait for apple to fix it when they want? You have to wonder.. it took effort to design and code this capability, one has to wonder why.
Get an open source OS and fix it quicker.
You would, of course, have a plausible suggestion as to how this would make a difference? The one open source phone os I can think of that is actually used is Android, and even if you knew how to change the code to prevent this in Android, you would have to:
1. Download the source, fix it, and rebuild it for your exact device. This entails installing all of the cross-compilation tools that are needed, as well as carefully considering whether your phone might be using proprietary drivers that you would lose. If so, you will have to live with whatever limitations that might be.
2. Flash the re-built Android on to your phone. The last time I heard, most phone manufacturers didn’t exactly make this easy save for HTC. We’ll see what happens with Sony/Ericsen.
3. Continue to roll your own updates from that point on.
From the end-user’s perspective, this wouldn’t help. They don’t know what source code is, they don’t know how to rebuild it let alone change it, and they won’t want to roll their own updates. So, in practice, they can wait for Apple to fix it, wait for Google to fix it, or wait for their phone manufacturer to fix it. Either way, for most, it involves waiting and open source doesn’t even enter into the picture. Before we start shouting open source at the top of our lungs, we need to consider whether it would make a difference to the people to whom we’re preaching. Open source is not the cure-all, despite what some here seem to believe.
Edited 2011-04-21 23:49 UTC
Or just have a community that looks at the code and fix such “problems” before you install it. Works for all the distros.
And anyways, IF the code would have been open it wouldn’t have had this “feature” in the first place. Apple thought they could get away with it.
Is Android open in your opinion (serious question, opinions seem to vary on that)? It does exactly the same thing, only difference it is implemented sanely – it is limited to 50 fixes.
https://github.com/packetlss/android-locdump
It does not get wiped nor does it expire though (it will prune the data during updates, but not when nothing is happening), so you can use it to figure out he last 50 towers a phone contacted… Even if the phone has been off for an extended period of time.
My point is only that keeping track of stuff like this for the purposes of faster location fixing is not inherently evil – there is a valid reason to do it. It’s just in Apple’s case they either have a bug (it should be clearing out old data but it isn’t) or they are doing it on purpose. Their eventual solution to the problem will make it clear which one it is.
Hanlon’s Razor – “Never attribute to malice that which is adequately explained by stupidity”
Edited 2011-04-22 00:32 UTC
Android is not one singular thing. It can be open and fairly closed.
If you run a community build rom like Cyanogenmod on your phone you can be more sure that there are no hidden surprises like this.
Um… Cyanogenmod uses the same code to do location caching as Android proper… References to cache.cell and cache.wifi are all over the Cyanogenmod git repo. What was your point again?
I just wanted to point out that Android can be many things. I wasn’t refering to the 50 locations. I don’t think that saving such a limited numbers is any problem at all to be honest. At least you can be sure what Cyanogenmod is doing. That is a major bonus.
Oh. Sorry, fair enough.
Not only sanely, but as secure as possible. You need a rooted device to get to the data. I hope that iOS has some protection against leaking that data.
Yes, because Android phones are generally not rooted the day of release and pretty much sold with that notion (“their openeness”) as a feature, or whatever.
I can’t really think of a genuine reason why this geolocation data is useful as a local cache. Ever. Can one of you fanboi apologists for Google/Apple please provide a use case where it makes sense to keep track of previous locations at an OS level?
I could see where some applications might make use of last known locations for ease-of-use features but I’m pretty sure App Store and Android marketplaces would reject out of hand any app that stored this information without first securing the user’s permission.
It can take a few seconds to get a gps fix… Until you do get a fix, you have no idea where you are, so any mapping app has to wait idly until the fix is done. Having coordinates of cell towers you recently communicated with let’s you get an approximate fix instantly. This can dramatically improve the user experience, because you can instantly set an appropriate zoom level and center the map on the approximate location while waiting for a more accurate gps fix.
The point is gps is not instant – there is latency involved. There is also latency with the mapping API itself (downloading map tiles and such). This let’s you hide both latencies.
Also, gps is not always available – especially when indoors. This offers a fallback. Not as accurate, but better than nothing.
You can’t get tower location info on demand… You get it when it happens (when the cellular radio picks one up or switches between them). Therefore to actually use the information for this type of purpose you have to log it.
Btw, the geolocation Apis in both iOS and android do all of this stuff for you – it’s built into them. Hence why the OS itself does the logging. Apps do not ever read these logs directly, the apis used to get position fixes do that for you (without telling you how the information was derived, it just returns coordinates and an accuracy indicator).
That explain it well enough?
Edited 2011-04-23 05:02 UTC
Nope. That explains the need to require the last known location. Not the last 100, 1000 etc, and again that would be an application use case not an OS one.
You are obviously without a clue how AGPS works on the CDMA/GSM networks. Go troll somewhere else.
Ask for a fanboi response, get one I suppose.
Technically, the last N entries for locations of WiFi hotspots and cell towers leads to lowered traffic to the same geolocation servers.
This lowers traffic considerably when you are stationary at a intersection of many cell towers, because you may switch from one to another every few seconds. Imagine the traffic to the geolocation servers in that scenario….
Can only imagine, PDE magic provided by the carriers remains such a closely guarded secret.
So at best I think you are arguing for a transient cache, which I could also see as being useful to decrease load on upstream carrier servers but that load is already guarded by access controls and I really doubt Apple/Google were responding to carrier reports of load with this “feature.” I think it’s pretty clear what they are doing and it is in their own best interests.
And in any case that is not what we are talking about here. For both Android and iOS we are talking about persistent, uniquely identifiable information being held and transmitted off the device. I really don’t see it as justifiable.
The data that Android is sending is used for “checking in” new data about WiFi hotspot locations and adjusting cell tower locations. I’m not defending, just explaining. Because I think they are overprotecting themselves with getting too much uniquely identifying information. On the other hand, since they are not sending the IMSI I personally really don’t care.
I NEVER said there was a need to store the last 100 or 1000, just enough to compute an approximate location (at most 5-10 towers I would think)… I’m not defending what Apple is doing (i.e. long term logging of the information) – I was simply explaining why there is a valid reason to log _some_ of it. You said you could not think of a single valid reason to keep any of this data – I gave you one.
How can you say this is an application use case when applications on iOS/Android cannot access either GPS hardware or Cellular radio hardware directly (and therefore could not log raw data themselves)? The apis expose your coordinates, not those of nearby cell towers. You could not log such data even if you wanted to – there is no way to get it (without going around the OS anyway).
I was sincerely just trying to answer your question, and you go all flaming assh*le on me? I’ve written softare using location apis on iOS and blackberry (haven’t done Android yet) and I know enough to tell you have no idea what the f*ck you are talking about…
A-GPS is NOT the same thing as cellular triangulation (which is what I am describing). A-GPS does not eliminate the need to do triangulation, it speeds up GPS locking by giving the GPS hardware information about the closest satellite and can enhance accuracy, but it still relies primarily on GPS and GPS is both slow and power hungry…
Cellular Triangulation is done by the OS using data logged from the network and the reason to do so is so that you can do it when the GPS hardware is turned off. UTDOA (Uplink Time Difference on Arrival) data is used on GSM networks to do this – it has absolutely nothing at all to do with GPS or A-GPS. The UTDOA data is what is being logged in these files everyone is talking about (at least the cellular data part).
Glad I could help
Please allow me to inform you how incorrect you are.
http://developer.android.com/reference/android/telephony/TelephonyM…
Unless of course this reference documentation is from the future! MCC+MNC+LAC is also available in iOS.
Just stop.
I don’t know what your getting at with posting that… I don’t see how it in any way disputes anything I said, but I guess you do… If you want to elaborate somewhat Ill be happy to respond further.
you need root to get to it on iOS as well… It’s the whole backed-up-copy-on-the-computer that everyone is going gaga over. Android doesn’t seem to have that particular issue.
Vanilla Android has the exact same issue. And just to be clear, iOS 3.x+ and Android since I dunno 1.6 are transmitting your location to their servers. Not just storing them on in the filesystem. iOS does it about once every 24 hours. Android is more frequent.
They are using their customer’s location in order to put Skyhook out of business by mapping the MAC addresses of open wifi points around the world. Typical Google/Apple business practices at work. Enter some vertical market and destroy any value in it all to provide “better” ad networks in the future.
The justification remains burying a sentence or two in a EULA to justify user acceptance of the program.
How are we sure Apple doesn’t collect this data?
(Not trolling/tinfoilhat-ing, just asking an honest question)
Thom hexdumped his Iphone and Itunes and dissassembled all the code. Read it all and found no trace of it.
Only way to be sure, so that is what he has done.
The number one issue here imo is that Apple is choosing to include this file in their phone backups – something that is inherently transient data and is not required nor even particularly useful in the event of a restore. It’s more or less a cache to make position locking faster (at least that seems to be the only logical use for it) – there is no reason to back it up. It also does not need to be a full history, how much to truncate may be arbitrary (depends on how much data you need to compute a fix), but you certainly don’t need data going back to June of last year… For that I say shame on them.
On the other hand, this is blown WAY out of proportion in most of the media and most have published things as facts which are simply wrong, most of which Thom outlined, but here are a few more:
1. On the phone device itself, the file is only accessible by root. That means non-system processes cannot read it on a normal device (jailbroken or otherwise compromised devices not withstanding). In this regard it is in fact MORE secure than any such cache would be if an application were to do some form of transient caching of user location, and I don’t think anyone would argue that such caching, if done in a reasonably manner, would be in any way “evil”.
2. In backups, if the user chooses to encrypt their backups, the file is again not readable by other processes. However, I agree that this is not an excuse and does not mitigate the problem in any meaningful way. It simply shouldn’t be there in the first place because it does not represent state data that is useful to retain between device reboots (and a restore is by definition a device reboot).
To put it simply, in my opinion if Apple did the following the issue would be completely diffused:
1. Only store the last few cell locations however much is required and no more. The data is not useful beyond that if they are using it for what is being claimed (speeding up location fixing).
2. Don’t back it up at all – it is transient after all.
3. Wipe file and start from scratch on device restarts – not that this adds much from a security point of view, but it would make it obvious that their intention is that this data be treated as a transient cache.
What bugs me about Apple is they don’t respond to these kinds of things in a timely manner… They do not need to fix it today, but a simple explanation of what the file is used for (an authoritative explanation, not guess work) and a simple “oops, our bad – we will fix that in the next release” would go a long way imo.
Silence just makes people question their motives, and prolonged silence makes people REALLY question their motives – silly mistake or not.
IF the motive is, as some people might deduce if they assume Apple has nefarious intent, that the phone is keeping such a log for possible use by police/government agencies/whoever in the event that the want to extract such information from “procured” devices…
Well I’ll give them the benefit of the doubt for now and assuming they fix this promptly the issue should die. But the longer they wait the more the bees will buzz… If they end up “fixing” this by some means other than destroying the data they should be called out on it – at that point they deserve whatever bad press they get.
Edited 2011-04-21 22:53 UTC
The issue here is one of “informed consent,” a basic legal principle in a free society.
Apple Inc. would have had no problem if they had merely made it clear to users they were doing this. Instead they offer an opaque “privacy policy” that masks what they’re really up to.
I often see comments saying “if you have nothing to hide you have nothing to fear.” But in this case it should be phrased as “if Apple had nothing to hide, they had nothing to fear” by making this tracking known to their customers.
I agree on principle… But if you are talking about the solution to this particular problem being informed consent I don’t think that quite cuts it.
Apple in effect has software running at all times on you phone which is logging every cell tower you ever communicate with. And the log is kept for at least 10 months, probably longer
Asking if it is ok to do so is nice and all, but my question would be if that is really what they want to do, wtf is it for?
I willing to accept that this is all simply a mistake and their intent is not to do such long term logging. But if that is their intent, they better have a damn good explanation for what they need it for. Simply asking permission before recording a permanent history of my whereabouts in such a manner does not quite do it for me…
http://www.itnews.com.au/News/255262,apple-users-consented-to-spyin…
In fact they actually get permission to collect it, even though in this case they don’t it would seem.
Just more headline grabbing…
Cop-out, and you know it. Location data from GPS: ask permission on the device. Location data from cell towers: get permission buried deep in a text no one reads, a text of questionable legality in many European countries?
The discrepancy here is clear to anyone who isn’t stuck deep up the RDF’s ass. Expecting people to know the difference between the two techniques – or even that different techniques exist in the first place – is idiotic.
Edited 2011-04-22 00:49 UTC
I’m with you on the issue of burying the request for permission in walls of boring and hardly read text: It’s despicable.
As for the law enforcement impact of this (nudge nudge), well our guys here in the US still have to get a warrant to search the phone’s contents if you don’t give them permission to, at least at the level of internal log files and such (there is a gray area regarding what is seen on the screen during a stop-and-frisk). Granted, I’m just a peon so take my word for what it’s worth, but this has been the S.O.P. at both agencies I’ve worked at: One warrant to physically seize the device, and another to search its contents. It’s a CYA move so the evidence isn’t successfully challenged.
All that said, I can readily see three types of cases where such location data would be worth pursuing, and one isn’t even criminal. First is a murder case where the suspect’s phone would give clues to the path he took leading up to, during and after the murder. Another would be a drug enforcement investigation, where an accused dealer’s phone records could corroborate an undercover agent’s movement and activity reports. And finally, in a divorce case where one spouse wants to prove the other was unfaithful. I’m sure there are many other creative ways law enforcement can use this info against suspects, and plaintiffs can use it against defendants in civil court.
I also read this morning in an article on this subject that a company in New York has already assisted police with mining this data from phones and backup files, and has been doing so for a little while.
I personally am not affected as I doubt I’ll own an iDevice in the foreseeable future; I loathe both Verizon and AT&T, and have no need or desire for an iPad, 3G or no. However, I am mildly alarmed at the implications, and I wonder how long it will take Apple to fix this issue.
“The California Supreme Court allowed police Monday to search arrestees’ cell phones without a warrant, saying defendants lose their privacy rights for any items they’re carrying when taken into custody.
Under U.S. Supreme Court precedents, “this loss of privacy allows police not only to seize anything of importance they find on the arrestee’s body … but also to open and examine what they find,” the state court said in a 5-2 ruling.”
source: http://bit.ly/dWqwni
“Alarmingly, in many cases, extracting data from a mobile device is possible even if the device password is not known. Such extraction techniques take advantage of widely known vulnerabilities that make it disturbingly simple to access data stored on a smartphone by merely plugging the device into a computer and running specialized forensics software. For instance, Android and iPhone devices are vulnerable to a range of exploits, some of which Ars documented in 2009.”
source: http://bit.ly/eXxS6y (page2)
Wow, what a blow to the 4th Amendment! Thank you for posting that. It seems the “gray area” I referenced earlier is becoming much broader in scope.
The Michigan State Police have also been accused of using devices at roadside checkpoints to download people’s cell phone data:
http://abcnews.go.com/Technology/michigan-police-cellphone-data-ext…
“well our guys here in the US still have to get a warrant to search the phone’s contents if you don’t give them permission to”
No. The federal judge ruled that TSA and border control do not need warrants to search your phones or computers.
That’s true at the border and in airports, but not your average stop by local law enforcement. Though, as others have pointed out, that may be changing for the worst as well.
“Interesting” position for you take, given all of your past whining about how Android is insecure because there’s no draconian app store approval process restricting what software can be installed on it.
From a comment you posted back in March:
So let’s re-cap. A mobile device that puts you at risk of extra data charges due to your children/s use? UNACCEPTABLE!!! But a device that tracks & records all of their movements by GPS and potentially makes that information available to third parties? Meh, that’s okay, as long it’s mentioned somewhere in the 8,000 words of legalese that you “I Agree’d” to without reading.
Damn! Where do I nominate you for Parent Of The Year?
Yet we all know you’d be practically soiling yourself in delight if this story were about Android, you’ve already done so in the past (over significantly less-serious issues):
Could your fanboyism be *any* more transparent?
“it only takes three links to turn a kiss on the cheek into a steamy night of passion”: Dutch saying?
If it is, I don’t know it. I think he’s just referring to a game of Chinese whispers.
No, I just made it up.
Now if the police of other security institution wants to check your alibi, they will simply ask for your iPhone.
No they ask your network provider with a court order. And they get your location data based on the cell tower triangulation every 5 minutes for your phone.
Ofcourse if you life in California (I think it was California, the video says which state), they don’t need a courtorder. They just take your smartphone and investigate it. They have a law for that.
But location based information is one thing, how about all the data the apps have on your and where do they store/transmit this information ?:
http://www.youtube.com/watch?v=diAMOkGr1JY
Also, this was discovered months ago and Apple has been doing this in pre 4.0 versions of iOS: https://alexlevinson.wordpress.com/2011/04/21/3-major-issues-with-th…
http://online.wsj.com/article/SB10001424052748703983704576277101723…
its not about where you been its about your habits (read making money)
this is done so apple can dissect you and start a targeted subliminal psychological campaign
For a proper analysis, without media sensationalism, please read:
http://www.reddit.com/r/geek/comments/gumri/your_iphone_is_keeping_…
and
http://news.ycombinator.com/item?id=2466445
What about this excerpt from the wsjournal article about Google/Android ?:
‘Google previously has said that the Wi-Fi data it collects is anonymous and that it deletes the start and end points of every trip that it uses in its traffic maps. However, the data, provided to the Journal exclusively by Mr. Kamkar, contained a unique identifier tied to an individual’s phone.
Mr. Kamkar, 25 years old, has a controversial past. In 2005, when he was 19, he created a computer worm that caused MySpace to crash. He pled guilty to a felony charge of computer hacking in Los Angeles Superior Court, and agreed to not use a computer for three years. Since 2008, he has been doing independent computer security research and consulting. Last year, he developed the “evercookie”—a type of tracking file that is difficult to be removed from computers—as a way to highlight the privacy vulnerabilities in Web-browsing software.
The Journal hired an independent consultant, Ashkan Soltani, to review Mr. Kamkar’s findings regarding the Android device and its use of location data. Mr. Soltani confirmed Mr. Kamkar’s conclusions.
Transmission of location data raises questions about who has access to what could be sensitive information about location and movement of a phone user.’
http://online.wsj.com/article/SB10001424052748703983704576277101723…
Everyones talking about location data but its also logging ACCESS POINTS the Mac Address of the access point, timestamp of detection, coordinates including height accuracy, speed
See table WiFiLocation
CREATE TABLE WifiLocation (MAC TEXT, Timestamp FLOAT, Latitude FLOAT, Longitude FLOAT, HorizontalAccuracy FLOAT, Altitude FLOAT, VerticalAccuracy FLOAT, Speed FLOAT, Course FLOAT, Confidence INTEGER, PRIMARY KEY (MAC));
But google gets nailed for doing almost the same thing???
makes no sense!!
OMG Apple logs. This is three parts stupid because a.> it iOS is a unix variant and Location Services, well is a service and a service logs. b.> Apple isn’t the government and you we the consumer have the option to read the EULA (I pdf’d mine out you should too) There doensn’t need to be an opt-out because Apple isn’t going to do any thing like arrest you. They are a company. The most evil thing they can do is Market to me. AND MOST OF ALL c.> Location is a Core Feature of ‘teh gadget’ from ‘find my phone’ to ‘urban spoon’ to “Google”-anything – iOS is concerned with your position. So that if they find I go to a certain coffee shop or chain restaurant then I dont have to look for a card to punch for a free latté. My phone will know where I went–Pure Apple EEE-vil
-=- And speaking as though this is a threat is inviting computer ignorance. It is like saying B.S.D. is ‘satanic’ because of ‘daemons’. Fact of operation the Phone Company has always know where you are, or where you were when you made a call. Your Plain Ol’Telephone Service was tied to a physical address. Now it is tied to at least 2 and possibly more than 4 towers. All Phones work like that. The phone company will give my information away readily and easily – The Phone Book had a run of nearly 75 years of invading my ‘privacy’.
-=-More than that my Bank has a lot of data on me, Waaaay more data than you can easily imagine. This could easily be mined to tell you where I am going to eat lunch 2 or three weeks into the future, They can take a strong guess at what Lego set I will buy my Son, they know what size shoes my daughter wears, and had about a 90% chance of knowing what is in my pantry & fridge. OMFG and the Metro ‘knows’ where I am because of where I get on and off the subway, they probably know where I work because of my location. (And the fact that my employer is required by federal law to list me as a contracter in a public database)
-=- This folks is the information age, and that is information. And frankly the part that needs to be protected _is_ protected by the law. ATT knows where I am and, if subpoenaed they will tell you where I was. I can think of 3 recent murders that were solved by telco evidence. And at least a dozen that were proven as premeditated by search engine history. If I was accused of something chances are my innocence would hinge on my phone saying ‘nope he was stationary at home with the kids’ or, ‘he was on the subway’ not “he was in the Parlor with the lead pipe” There is no legal issue, because all of these various angles make a coherent shape. They are benign or at the worst protect the innocent (the guilty remained guilty, I am not ready to discuss the privacy rights of someone under criminal investigation) This is exactly what was advertised. Read the Google EULA they promise to share my data and track my locations and searches and the context that I was searching in.
We are what we do every day.
I would rather teach PPL to get over the fear themselves than be part of the noise.
“Compile a detailed profile of all your target’s movements? Yep, there’s an app for that.” -Dexter Morgan
So Apple and Google have basically admitted they are transmitting the tracked locations off the phone to servers.
What information is it that OSNews is using to state that this is not true?
Any Apple iPhone user or Android OS user who DIDN’T think Apple and Google respectively was collecting loads of data from their phones is delusional. As I’ve always said: “Security is merely an illusion.” While GPS and Internet connectivity are common in myriad devices, the manufacturers are banking on the data they can collect. Get used to it. Anyone who expects privacy would be advised to ditch their smartphone and stay off the Net.
…But it’s Not Sent to Apple
Thats like saying “some guys just took your wife, but don’t worry, they’re not fucking her”. Pheww thank god for that, now I wonder whats on TV….
Why is this functionality present in the phone? Undoubtedly Apples excuse will be that its a “bug”. This will keep the tech-ignorant main stream media happy like when Google used that excuse when caught stealing peoples private wifi information.
But are the tech watching sites going to give apple a free ride on this? No doubt the shills are being mobilized and briefed by Apple PR to start the disinformation campaign. The usual excuse-making cheer-leading whores who sold out years ago: mossberg, ihnatko, pogue etc.
It is being sent to Apple. Every 24 hours a list is submitted off the phone to Apple servers since iOS 3.2. Android does it every few minutes since I think 1.6. Google servers appear to me to be receiving the 50 most recently connected cellsites and the MACs of the last few hundred broadcasted wifi SSID. Dunno about Apple, but the list in cosolidated.db seems to be retaining a year’s worth.
They are using your hardware and your movements as the largest dynamic, for-profit illicit sensor network in history and both are using a 2 line sentence buried in a EULA to say they have user assent. The extent to which either Google or Apple are anonymising the data collected upstream is not known to me.
This is not a new effort for Google, they tried it earlier with their Google Street View fleet of vehicles. As they went out snapping images they also were intruding into any available wifi network and recording signal strength as they passed by in order to attempt “wifi triangulation”. As interesting as it is unethical. They are trying to create landmarking indexes in order to sell or give it away as a service on their respective platforms for “located” directed advertising. Google earlier blamed an errant unnamed engineer and the investigation didn’t even levy a single penalty (lol). Now I’m guessing they believe they are covered by some EULA so won’t have to come up with a fall guy this time around.
Why is this being so misunderstood? Is it because a few fanboi “tech sites” that have no engineers on staff say it isn’t?
Why do you think Apple has not said one word in response about this? I’m guessing because the lawyers know they are in bad, bad place and especially in Europe where privacy laws are actually enforced. Al Franken will hopefully put Jobs or Cook in front of a committee panel with subpoena power and ask him directly but I doubt anything more than the letter already sent will happen. I think in Europe the real issue will be whether or not Apple has transferred or sold the data collected to another corporate entity in violation of consumer rights.
Borderline absurd. What’s it going to take? Packet captures that fanboi journalists can’t understand anyway? Even days after it has been shown to be the case the headline for this dedicated os news site still says, “not being sent to Apple”. Tech journalism is absurdly bad anymore. Seems pretty much limited to rewording press releases and covering paper launches of products with lip gloss “reviews”.
It is not without humor that what appears to have most (probably male) iOS users concerned is not the loss of privacy without compensation to corporate interests but the fact that a divorce lawyer with a subpoena could get the information rather easily, let alone a tech-savy spouse/partner since the file resides on a probably shared, easily accessible filesystem.
I think this is a neat ‘hidden’ feature. I loaded the WiFi data from my iPod Touch and it says I’ve been in Munich and Hong Kong. The WiFi data is so wildly inaccurate it could never be used for legal purposes.
Apparently you can not turn off tracking without a specific hack app for that — see http://technolog.msnbc.msn.com/_news/2011/04/25/6524572-iphone-trac…
Apple Inc continues its silence on the topic. Not helping their reputation, in the view of many. Either they’re maintaining silence due to the threat of lawsuits or they have no valid explanation.
1. Both iOS and Android store location data derived from cell triangulation, cell positioning and other data, and wifi network data. Android stores a much shorter history, Apple a much longer (maybe non-expiring) one.
2. Both iOS and Android receive consent in their EULAs to store this data. (Not making a value judgment on this; just observing it.)
3. They also receive consent to periodically upload that data if you consent to activate their location services. Google transmits it with device identification (not “personal”) and fairly frequently (they also purport to do various “anonymizations” to the data; Apple transmits it without device or personal identification at 12 or 24 hour intervals (This is where “we do not track” comes into play).
4. This is done under the guise of improving performance (which it does); it effectively eliminates Skyworks and provides both platform providers very valuable databases.
5. It’s also done for ad targeting (not necessary this data set, but transmission of location data, generally). The various consents (defaults, how/when it is required, if it is being respected properly) is greatly variable, but for the most part is off by default and requires opt-in on both platforms.
5. This has been happening progressively for nearly 2 years. Both Apple and Google provided this information to Congress. Developers have been clamoring for the APIs, got them, have been using them… Consumers have been consenting to app installs that ask for location access. Critics lambasted Apple for attempting to strong arm all third-party ad networks and the competition off of iOS, etc…
6. Apple is probably confused by the response: I think it’s sloppy and needs changes, but I like Apple’s take on location as much as anyone else’s. I hope they do continue to provide a user accessible cache of the location data, actually make it more viewable while at the same time more secure, and of course make sure you can set how much history is stored and allow you to manually delete/reset the cache.
7. I’m far less concerned with Apple’s maliciousness, or Congressmen unable to ask if data is stored locally than I am judiciaries permitting my personal information to easily be used against me (not that I’m a criminal).
I would also add:
Apple ultimately comes out of this stronger, better. They are already in a position where their data-collection techniques (off of the owners’ devices) is more stringent than other platforms, ad networks, and app developers… and enforce even stricter enforcement of ad networks and developers on their platform.
Even on the device side, they probably want to argue that accessing the data violates the EULA (most certainly), violates the privacy of the user legally in a way that precedes weak technological protection, and possibly violates the DMCA which they could enforce on behalf of their users. (Again, no value judgment; just an observation.)
So they get forced to testify a few times, maybe some fines in some more surly countries, and make a few modifications to something that was done in haste without much thought. And then in a few months, they can point to someone doing far worse for sleazy purposes, rather than just sloppily or stupidly, and say they care about you.
A week of silence is nothing. Apple can be quiet until WWDC if they can at least announce changes then.
Edited 2011-04-26 00:33 UTC