Hasta La Gadget!

1. Why is Apple tracking the location of my iPhone?
Apple is not tracking the location of your iPhone. Apple has never done so and has no plans to ever do so.

The big hubbub that arose last week around location tracking within the iPhone has now received its due response from Apple itself. Firstly, the Cupertino company claims it does not, and has no plans to, track users’ iPhones. What it’s actually doing is “maintaining a database of Wi-Fi hotspots and cell towers around your current location,” which are then used to provide speedier calculation of your position when you want to use the device’s maps or other location-based services. The data collection that was recently brought to the public attention represents, according to Apple, the location of WiFi hotspots and cell towers around you, not your actual iPhone. Still, the fact iPhones have been shown to store as much as a year’s worth of data is considered a bug by Apple, who plans to limit that period to a week in a future software update. The additional issue of data being collected after users turned off Location Services is also a bug, also to be fixed by Apple in that upcoming update. Left unanswered, however, are the questions of when Apple “uncovered” these bugs, as it claims, and why the fix for them is only coming now. Specialists have known about this behavior since at least September of last year. Either way, the software remedy is promised over the next few weeks, while the next major iteration of iOS should encrypt the cache file that’s been the subject of all the scrutiny. You’ll find the full Q&A after the break.

P.S. — One of Apple’s answers seems to disclose an extra bit of new information: “Apple is now collecting anonymous traffic data to build a crowd-sourced traffic database with the goal of providing iPhone users an improved traffic service in the next couple of years.”

Continue reading Apple officially answers questions on location tracking, says it doesn’t do it

Apple officially answers questions on location tracking, says it doesn’t do it originally appeared on Engadget on Wed, 27 Apr 2011 08:36:00 EDT. Please see our terms for use of feeds.

Permalink   |   | Email this | Comments

Apple claims turning Location Services to ‘Off’ will cease all transmission of geodata from a device to Apple. Independent tests show otherwise. Photo: Jon Snyder/Wired.com

The iPhone continues to store location data even when location services are disabled, contrary to Apple’s previous claims.

The Wall Street Journal did independent testing on an iPhone and found that even after turning off location services, the device was still collecting information on nearby cell towers and Wi-Fi access points.

This discovery challenges some of Apple’s claims. As Wired.com reported last week, the company explained in a detailed letter last year that it deliberately collects geodata to store in a comprehensive location database to improve location services. In the letter, Apple noted that customers can disable location-data collection by turning off Location Services in the settings menu.

“If customers toggle the switch to ‘Off,’ they may not use location-based services, and no location-based information will be collected,” Apple said in the letter (.pdf).

That doesn’t appear to be the case from WSJ’s testing, as well as multiple independent reports from customers who had the same results.

The controversy surrounding Apple’s location-tracking stems from a discovery by two data scientists, who found that a file stored on iPhones and iPads (“consolidated.db”) contains a detailed history of geodata accompanied with time stamps.

Apple claimed in its letter last year that the geodata is stored on the device, then anonymized and transmitted back to Apple every 12 hours, using a secure Wi-Fi connection (if one is available).

Although it’s thorough, Apple’s explanation does not address why the stored geodata continues to live on the device permanently after it’s transmitted to Apple, nor does it address why geodata collection appears to persist even when Location Services is turned off.

Google does similar geodata collection for its own location-services database. However, it notifies Android users clearly in a prompt when geodata collection will occur, and it also gives users a way to opt out. Also, Android devices do not permanently store geodata after transmitting it to Google.

Meanwhile, a MacRumors.com reader claims he sent an e-mail to CEO Steve Jobs asking him to explain why Apple tracks geodata, threatening to switch to an Android device.

“Maybe you could shed some light on this for me before I switch to a Droid,” the reader wrote. “They don’t track me.”

The CEO shot back a terse reply, defending his company and attacking his competitor Google, according to the reader: “Oh yes they do. We don’t track anyone. The info circulating around is false.”

Apple has not commented on the authenticity of the e-mail.

The purported e-mail is similar in nature to many e-mails that Jobs has sent to customers in the past: It’s concise and still manages to pull off some word play. Jobs would be accurate to claim that Apple is not tracking customers directly — but instead it is using iPhones to gather information about nearby cell towers and Wi-Fi stations, occasionally combined with GPS data. In other words, Apple is tracking geodata from mobile devices, as Google is also doing.

Apple has not commented on the location-tracking issue since the story broke last week.

While the collected geodata doesn’t reveal specific addresses for locations you’ve visited, it can still leave a pretty rich trail of a user’s movements. Combine this data with other pieces of information on the iPhone, like your messages and photos, and you’ve got a device that knows more about you than you do yourself, says The Atlantic’s Alexis Madrigal.

Madrigal tested an iPhone forensics program called Lantern, which stitches together contacts, text messages and geodata into a neat interface that reconstructed a timeline of his life.

“Immediately after trying out Lantern, I enabled the iPhone’s passcode and set it to erase all data on the phone,” Madrigal said. “This thing remembers more about where I’ve been and what I’ve said than I do, and I’m damn sure I don’t want it falling into anyone’s hands.”

See Also:

• Why You Should Care About the iPhone Location-Tracking Issue
• Why and How Apple Is Collecting Your iPhone Location Data
• iPhone Tracks Your Every Move, and There’s a Map for That

As reported by Alasdair Allan and Pete Warden on O’Reilly on Wednesday, Apple’s iPhone and iPads with cellular data connections have been recording their users’ whereabouts in a file that gets backed up to their computers for reasons unknown. More »

Not entirely cool with the idea of your iPhone or iPad following your every move without your consent? Understandable! Luckily, only a day after the privacy revelation, a fix has been cooked up that switches off Apple’s covert tracking. More »

An unencrypted file stored in iPhones and iPads constantly records a user's location data. An open source application was used to plot the location data from an iPhone belonging to a Wired.com reporter.

Your iPhone or 3G-equipped iPad has been secretly recording your location for the past 10 months.

Wired.com can confirm that fact: The screengrab above shows a map containing drop pins of everywhere yours truly has been in the past year.

Software hackers Peter Warden and Alasdair Allen discovered an unencrypted file inside Apple’s iOS 4 software, storing a long list of locations accompanied with time stamps. The file is labeled “consolidated.db.”

“Ever since iOS 4 arrived, your device has been storing a long list of locations and time stamps,” Warden and Allen wrote. “We’re not sure why Apple is gathering this data, but it’s clearly intentional, as the database is being restored across backups, and even device migrations.”

Warden is providing an open source program “iPhone Tracker” for iPhone and 3G iPad customers to output their location file into an interactive map, like the one above, so they can see for themselves. All you have to do is plug in your iDevice through USB and run Warden’s application. The software requires OS X 10.6 (Snow Leopard).

The iPhoneTracker application features a sliding bar for users to see where they were in specific times of the year.

Apple did not immediately respond to a request for a comment. Apple has not previously disclosed that iPhones and iPads are constantly tracking and storing user location.

The discovery is the latest in a series of alarming incidents that serve as cautionary tales about privacy in the always-connected mobile era.

Recently, German politician and privacy advocate Malte Spitz sued his phone carrier Deutsche Telekom to get every piece of information it had about him. The carrier delivered to him a gigantic file containing 35,000 data points of his location for six months. Later, a German publication plotted Spitz’s data onto an interactive map.

This iPhone and iPad privacy leak is eerily similar, and creepier, considering that Apple has sold over 100 million iPhones and 15 million iPads.

The location data stored inside “consolidated.db” cannot be accessed by Safari or any apps, said Charlie Miller, a security researcher known for discovering vulnerabilities in the iPhone. However, the data file is sensitive because a thief who gains physical access to an iPhone or iPad could look at the file and see everywhere a customer has been, or a hacker could remotely break in and read the file, Miller said.

It’s not simple for a hacker to remotely access an iPhone to get to that file. But in the past, Miller found an exploit that would allow a hacker to hijack an iPhone just by sending a text message to it containing malicious code. Apple later patched that exploit, but security researchers say there are plenty of vulnerabilities in the wild left unaddressed.

Sharon Nissim, consumer privacy counsel of the Electronic Privacy Information Center, said it is possible Apple is violating the Wireless Communications and Public Safety Act, which allows telecom carriers to provide call information only in emergency situations.

“By asking for permission to collect location data, Apple may be trying to get around its legal obligations, by asking people to give up privacy rights they don’t even know they have,” Nissim said.

She added that a potential privacy concern is that law enforcement would be able to subpoena these types of records from people’s iPhones or iPads.

See Also:

• IPhone Can Take Screenshots of Anything You Do
• iPhone or iSpy? Feds, Lawyers Tackle Mobile Privacy
• Hacker Resolves iPhone Screenshot Security Issue