By Harry McCracken | Wednesday, April 27, 2011 at 9:26 am
It took a week, but Apple has published questions and answers about the discovery that iOS devices keep an unencrypted file with months of data that can be used to figure out where the device has been. It does a good job of explaining what the data is (a subset of a database of Wi-Fi hotspots, some of which may be up to a hundred miles from where the device is), what it’s used for (pinpointing the device’s location more quickly than can be done with GPS alone), and why it stores so much data and does so even if you shut off location services (because it’s buggy). It also confirms that Apple can’t use the data to track you–it sees it only in anonymous, encrypted form. And it says it’s collecting anonymous traffic data for a service–built-in turn-by-turn navigation?–which it plans to release eventually.
Apple says that it’ll release an update in the next few weeks that collects less data and none at all if location services are turned off, and doesn’t back it up to iTunes. And in the next major iOS revision, it’ll encrypt the data on the device.
Was reaction to all this overblown? Yes, since some of it suggested that Apple had access to data it could use to track individual consumers, a scenario that the evidence didn’t support. But it’s important that we know what our phones know about us. The researchers who wrote about this did Apple customers a favor–and they seem to have done Apple a favor, too, by finding bugs in iOS.
April 27th, 2011 at 9:33 am
Yeah, that's in line with what I've been saying over on my blog about this: the locations were too scattered and the time intervals too random for this to be an effort to track me. Take a look at my video, "iPhone Spypone?", which illustrates this pretty clearly.
April 27th, 2011 at 10:37 am
The discovery wasn't recent, either. Fully described many months ago.
And if my file got loose, it would tell people that I don't go very far from home, and roughly where that is. If anyone asks, I'll tell them that myself. But no one cares.
The only reaction to my Port Ludlow, WA location has been one mailing list subscriber in Austrailia who wrote asking where in West Australia Port Ludlow was, as he didn't recognize the name. That's why I now say Port Ludlow, WA, USA in sigs.
April 27th, 2011 at 11:15 am
If you read all their statements, it is clear that Apple *is* tracking individual people, or at least they are capable of doing so. How else could they assemble an accurate database for the new traffic service? So the tracking clearly goes beyond just collecting nearby cellphone towers, and must at least include a longitudinal record of which specific phone is progressing through a geographical area. Let's not focus on what Apple has said, but what they haven't said…
While anonymizing and encrypting the information is important, I think there could be an unintentional downsides to turning off this service. Specifically, what happens to E911 if Apple allows the user to turn off the continuous collection of cell tower information? Will it slow down the ability of 911 operators to locate you? The risks are obvious…
As another downside of turning off this database, it is blocking some potentially intriguing uses of this information if we were allowed to continue to collect it. For example, could the consolidated.db tracking information be used as a rough GPS logger for geotagging photos? And while the information can be used against you, it also could be used in your defense…
April 28th, 2011 at 12:47 am
"a subset of a database of Wi-Fi hotspots, some of which may be up to a hundred miles from where the device is"
And what's the use for a Wi-Fi hotspot a hundred miles away, let alone a cell tower? It would take way too much power to reach it and we'd likely fry our brain in the process.
Now, the "explanation" was long overdue (especially with governments and watchdog groups taking an interest) but I'm not entirely satisfied with it. Actually, some answers border on the offensive. For instance:
"The iPhone is not logging your location. Rather, it’s maintaining a database of Wi-Fi hotspots and cell towers around your current location"
it's hair splitting plain and simple. I mean, how is logging the location of stuff around me all that different from logging my location?
RT.