Apple's iOS Location-Tracking Headaches: 5 Questions
U.S. Senators Al Franken (D-Minn.) and Rep. Edward J. Markey (D-Mass.) have each sent letters to Apple CEO Steve Jobs looking for answers about Apple's customer-tracking policies. Meanwhile, privacy regulators in Germany and Italy are investigating this policy, and France may follow suit, according to a The New York Times report.
Apple's privacy headaches started after two researchers released an open source application called iPhone Tracker that reads your iOS device's location history from an unencrypted backup file on your PC. The app then plots this information on a map and allows you to play back your location history complete with time and date stamps. The iOS file with your location history, called consolidated.db, has been known about for some time but has received a large amount of publicity since Wednesday.
As is typical for Apple, the company has yet to issue any statements or respond to several days of press inquiries about its tracking policies and consolidated.db. In the absence of any public statement from the company, we are left to wonder why Apple is saving a record of your device's location history based on triangulation from cell towers and, possibly, Wi-Fi access points.
So in the absence of any meaningful statement from Apple, here are five more questions we need answers to about Apple's iTracking headaches.
What Specific Information is Apple Gathering?
Apple admitted in July 2010 that it was pulling anonymous location information from some users' devices in a letter to U.S. Reps. Edward J. Markey (D-Mass.) and Joe Barton (R-Texas). Apple said it was doing this to build its own cell tower and Wi-Fi access point location database. The database helps Apple find your smartphone's location quickly for use in location-based services such as Foursquare and Facebook Places. Previously, Apple had relied on data from Google and Skyhook for cell tower and Wi-Fi access point locations. You can read Apple's response here.
Most experts seem to agree that Apple is not retrieving information stored in consolidated.db from your device, contrary to my theory from Thursday. The problem is Apple has admitted to collecting information similar to what's contained in consolidated.db. So if Apple is not collecting information from this file, where are the files Apple is retrieving from your device and what specific information are those files sending back to Apple?
How is the File Secured on Your Device?
This file isn't just on your PC, but also on your iPhone or 3G iPad where it can be updated. So what kind of protection does this file have while residing on your device? Is it encrypted? How hard would it be for a hacker to recover the file from your device? Macworld's Dan Moren says it would be pretty difficult to get off your phone, but Apple should answer this concern more clearly.
Why Apple? Why?
Apple needs to spell out very clearly why this database is there, and what the device needs it for. Some analysts believe this file helps your device find out where it is faster than continually communicating with Apple's servers. But is that the case? If so, why is this file recording your history instead of just reading location points off a list? Some are also guessing that a software bug is causing iOS to record this data instead of deleting it every few hours.
Did You Know Law Enforcement was Using This?
Several reports are claiming that law enforcement officials have been using forensic techniques to access the iPhone's location database for at least a year.
Was Apple aware of this? If so, why hasn't it worked to make this database less accessible in the interests of securing user data from unwarranted intrusion?
Isn't it Time for a Wider Discussion?
While Apple may be the company on the hook for tracking a user's location right now, almost every cell phone in the wild today can be used for the same purposes. A recent report by The Wall Street Journal says Google's Android phones are doing something similar. Cell phone carriers have been handing out user location data to law enforcement officials for years. In March 2010, Kevin Bankston, senior attorney for the Electronic Frontier Foundation told NPR's On The Media that Sprint had set up a Web portal that allows law enforcement officials to ping cell phones and find their location based on GPS. Over a one-year period, law enforcement officials used this site over eight million times, Bankston said.
It's not just Apple that can track you, but also Google, Sprint, Verizon, AT&T, and (for now) T-Mobile. If you want to get serious about cell phone location privacy, then it's important to ask not only what Apple is doing, but what every company in the mobile industry is doing, especially the wireless carriers. And, more importantly, how quickly are these companies handing over your cell phone location data to law enforcement?