thoughts on locationgatePosted: April 27, 2011
Just in case you missed the biggest tech story of the last week, covered by everyone from Engadget to CNN:
About a week ago, some researchers found that the iPhone, while running iOS 4, collected a permanent and unencrypted record of its general location that backed up to the user’s computer and was basically impossible to stop or remove. Even with location services turned off, which is an option, the iPhone continued to collect this data and store it indefinitely. There was no evidence that Apple received this data or could track your iPhone in any way, but it was possible for someone with physical access to your phone or computer to get a rough picture of where you had been for the last year. The data did not extend past one year since previous versions of iOS, which was updated last June, did not do this.
This was by no means news to those working in iPhone security, and others had discovered this file long ago. But this was the first time it made its way into popular media. Needless to say, the press pounced on the story, and speculation ran rampant. Did Apple sell this information? Was your every move being tracked by Steve Jobs? Inquiring minds wanted to know. Even Congress demanded that Apple and Google answer for their behavior.
Publicly, Apple has mentioned its commitment to privacy many times, most specifically at last year’s D8. The company’s stance has always been something along the lines of “we don’t collect anything beyond anonymous location data, and we don’t collect anything at all unless you give permission.” The recent discovery of the location log obviously contradicts this official position, mostly since it impossible for the user to opt out.
In response, a press release from Apple addressed this discrepancy today, and pledged to correct the problem within the next few weeks.
Some key points:
1. Why is Apple tracking the location of my iPhone?
Apple is not tracking the location of your iPhone. Apple has never done so and has no plans to ever do so.
3. Why is my iPhone logging my location?
The iPhone is not logging your location. Rather, it’s maintaining a database of Wi-Fi hotspots and cell towers around your current location, some of which may be located more than one hundred miles away[…] Calculating a phone’s location using just GPS satellite data can take up to several minutes. iPhone can reduce this time to just a few seconds by using Wi-Fi hotspot and cell tower data to quickly find GPS satellites[…] These calculations are performed live on the iPhone using a crowd-sourced database of Wi-Fi hotspot and cell tower data that is generated by tens of millions of iPhones sending the geo-tagged locations of nearby Wi-Fi hotspots and cell towers in an anonymous and encrypted form to Apple.
5. Can Apple locate me based on my geo-tagged Wi-Fi hotspot and cell tower data?
No. This data is sent to Apple in an anonymous and encrypted form. Apple cannot identify the source of this data.
7. When I turn off Location Services, why does my iPhone sometimes continue updating its Wi-Fi and cell tower data from Apple’s crowd-sourced database?
It shouldn’t. This is a bug, which we plan to fix shortly.
Sometime in the next few weeks Apple will release a free iOS software update that:
- reduces the size of the crowd-sourced Wi-Fi hotspot and cell tower database cached on the iPhone,
- ceases backing up this cache, and
- deletes this cache entirely when Location Services is turned off.
In the next major iOS software release the cache will also be encrypted on the iPhone.
For the complete list of questions and answers, click the link above to read for yourself. This release is important for a number of reasons. First, it shows Apple is still concerned about user privacy, or at the very least the public’s perception. The company waited much longer to resolve Antennagate last summer because it didn’t see it as a problem unique to Apple or something that affected most customers. This time, they responded in a week and admitted total responsibility for the undesired behavior.
Second, it stops the ridiculous cries of “Apple is tracking you!” from the media. No one is tracking your iPhone, but they are tracking everyone’s iPhones. See the difference? Apple sold 18.65 million iPhones in the last quarter alone, and even more during the holiday quarter. I personally don’t mind if Apple knows the rough location of its tens of millions of iPhones, as long as I can’t be identified as the owner of any particular phone. Apple includes no unique signature with its GPS data, so there’s no way for anyone to know which iPhone is yours. And if you opted out of location data in the first place, your iPhone still collects the data but doesn’t send it to Apple.
Personally, I couldn’t care less if my iPhone collected GPS data and sent it to Apple. Notice that I do not call it “my GPS data,” because it isn’t. It’s simply the rough history of an iPhone that I carry. From Apple’s database, that location information is in no way identifiable as belonging to me, or even my specific phone. The only way someone can know where I have been is to steal my phone or the computer I connect it to. And if someone steals either of those, I have much bigger problems, like my missing personal files, calendar info, address book, and email.
Even this is unacceptable though, since the iPhone clearly does not need a whole year’s worth of data, and it is unencrypted by default. John Gruber first hypothesized that this was simply a bug, and Apple confirmed that today. When the next software update arrives, the data will be protected and be reduced to 7 days. Also, the phone will no longer record data if you decline location services.
It’s worth noting that according to the Wall Street Journal, Google’s Android, which escaped unscathed from this scandal, also stores data in a similar way:
In the case of Google, according to new research by security analyst Samy Kamkar, an HTC Android phone collected its location every few seconds and transmitted the data to Google at least several times an hour. It also transmitted the name, location and signal strength of any nearby Wi-Fi networks, as well as a unique phone identifier.
To me, this is much worse, thanks to that last mention of a “unique phone identifier.” That means Google, or anyone else with access to the data, can tie that location directly to you. Given Android’s penchant for giving location data to advertisers, this is much scarier. Apple, while taking the brunt of heat from the media, stores only anonymous data. However, Android does not store this data permanently, which is good. Apple also deleted it until iOS 4 was released in June, and will be once again after the next update.
I’m satisfied by the prompt (for the business world) response by Apple PR, but apparently that wasn’t enough for the company. None other than Steve Jobs, joined by Phil Schiller and Scott Forstall, gave an interview to Mobilized today that reiterates Apple’s policy to preserve user privacy.
“We haven’t been tracking anyone,” Jobs said in a telephone interview with Mobilized on Wednesday. “The files they found on these phones, as we explained, it turned out were basically files we have built through anonymous, crowdsourced information that we collect from the tens of millions of iPhones out there.”
Jobs also said Apple would be happy to testify before Congress in response to Senator Franken’s request, lending further credibility to his rhetoric.
The ultimate test will come with the next iOS update, when the tech world will eagerly test Apple’s promises and inflame once again if anything is amiss. Until then, the only thing to do is take Apple at its word. Guard your phone and computer from unfriendly hands, and encrypt your iTunes backups if you feel so inclined. That will prevent anyone from determining your location until the fix arrives.
EDIT: The update has landed, even faster than Apple promised. It does indeed reduce the size of the location database and deletes it if you turn off location services. Go get it!