Apple claims turning Location Services to "Off" will cease all transmission of geodata from a device to Apple. Photo: Jon Snyder/Wired.com
iPhone and iPad customers were spooked Wednesday to find out that their devices have recorded a detailed history of their geographical locations for the past year in an unprotected file. But it turns out that Apple already explained its location-collection practices in a detailed letter — almost a year ago.
And even though Apple has provided an explanation, there’s still a problem — the fact that this file containing the data is so easily accessible to anyone, and the fact that this data is stored in such an intricate manner that doesn’t seem to benefit the customer.
“I’m guessing someone screwed up,” said David Navalho, a pHD student specializing in location services on mobile devices with advanced sensors. “It’s basically bad for users. If someone steals the phone they have access to a lot of data.”
The privacy scare stems from a discovery by two data scientists, who revealed Wednesday that iPhones and iPads contain an unencrypted file called “consolidated.db,” which has been tracking and recording your location data in a log accompanied with time stamps for the past 10 months.
Apple’s general counsel Bruce Sewell in July 2010 sent a 13-page letter (.pdf) explaining its location-data-collection techniques in response to a request from Congressmen Joe Barton and Edward Markey asking for Apple to disclose such practices (.pdf). (Incidentally, Markey authored the “Do Not Track” bill to stop online companies from tracking children.)
Apple doesn’t specifically note the “consolidated.db” file in the letter, but the letter explains how and why Apple keeps such a detailed log of location data from mobile devices.
How is Apple collecting geodata?
According to Apple’s letter, geodata is being tracked and transmitted to Apple only if a customer toggles the Location Services option in the settings menu to “On.” If it’s off, no location-based information will be collected.
If the Location Services setting is flipped on, the iPhone, 3G iPad and, to a more limited extent, the iPod Touch and the Wi-Fi iPad, are transmitting geodata to Apple under different circumstances.
Apple is collecting information about nearby cell towers and Wi-Fi access points whenever you request current location information. Sometimes it will also do this automatically when you’re using a location-based service, such as a GPS app.
As for GPS information, Apple is collecting GPS location data only when a customer uses an application requiring GPS capabilities.
Apple claims the collected geodata is stored on the iOS device, then anonymized with a random identification number generated every 24 hours by the iOS device, and finally transmitted over an encrypted Wi-Fi network every 12 hours (or later if there’s no Wi-Fi available) to Apple. That means Apple and its partners can’t use this collected geodata to personally identify a user.
At Apple, the data gets stored in a database “accessible only by Apple,” the letter says.
“When a customer requests current location information, the device encrypts and transmits Cell Tower and Wi-Fi Access Point Information and the device’s GPS coordinates (if available) over a secure Wi-Fi Internet connection to Apple,” Apple wrote in the letter.
Why is Apple collecting geodata?
The purpose of all this, according to Apple, is to maintain a comprehensive location database, which in turn provides quicker and more precise location services.
“Apple must be able to determine quickly and precisely where a device is located,” Apple said in its letter. “To do this, Apple maintains a secure database containing information regarding known locations of cell towers and Wi-Fi access points.”
In older versions of Apple’s mobile OS (1.1.3 to 3.1), Apple relied on Google and Skyhook Wireless to provide location-based services — so Apple left data collection to them. But ever since April 2010, starting with iPhone OS 3.2 and continuing into the current iOS 4 software, Apple has started using its own databases to provide location-based services to iOS devices.
“These databases must be updated continuously to account for, among other things, the ever-changing physical landscape, more innovative uses of mobile technology, and the increasing number of Apple’s users,” Apple said in its letter.
Navalho explained that mobile location services work like this: To get your location, first the iPhone or iPad pulls from Apple’s database containing previously stored information about nearby cell towers and Wi-Fi spots to quickly triangulate your location, and then finally the GPS chip analyzes how long it takes satellite signals to reach the device in order to pinpoint location.
In short, Apple’s stored location database is intended to assist and quicken location processes on iOS mobile devices.
The problems
However, one problem here is that after this information is sent to Apple, there’s no customer benefit for that geodata to be stored on your iPhone or iPad for any longer, Navalho said.
In other words, after that data is transmitted to Apple “every 12 hours,” Apple’s database should already have the data needed to improve your location services, and there’s no reason for it to stick around on your device — especially after 10 months.
Plus, Apple explicitly said this database is “accessible only to Apple” — but in actuality the database of your approximate locations is accessible to anyone with physical or remote access to your iPhone or iPad. Again, that’s a security issue.
“There’s really no reason for the information to be there,” Navalho said. “I’ll just assume they didn’t erase it and that it’s a security issue, and hopefully they’ll fix it.”
Therefore, the core issue reported Wednesday remains the same: A hacker or thief gaining access to your iPhone or iPad can easily dig into the consolidated.db file and figure out where you live, or other places you’ve frequented. Apple uses rich geodata to assist your location services, but it doesn’t need to be stored on your device permanently.
“What Apple is doing actually puts users very much at risk,” said Sharon Nissim, consumer privacy counsel of the Electronic Privacy Information Center. “If one of these devices is stolen, [the thief] could easily discover details about the owner’s movements.”
Apple has not responded to Wired.com’s request for comment on this story.
