Last Tuesday Apple vice president of software technology Bud Tribble was brought before a hearing of the US Senate Judiciary’s privacy and technology subcommittee to account for the company’s use, and potential abuse, of location data as collected on devices running the iOS operating system. Under questioning by Sen Al Franken, Tribble had the thankless task of laying out company policy on the use of location data, and whether it was being used for the purposes of tracking individual users.
Franken (a former stand-up comedian and satirist) cut to the quick of Apple’s longstanding defense that while it collected location data it did not dial home with any information on the whereabouts or actions of the user; rather it used the data collected to map the presence of mobile phone masts and Wi-Fi hotspots. On its own a handset has limited application, but a large number of handsets together can give an accurate picture of telecommunications coverage in an area, a process dubbed ‘crowdsourcing’, which can be a valuable source of market intelligence or raw data for engineers in choosing which research and development projects to pursue.
Apple’s explanation of ‘yes we know “a” handset is there, but not “your handset” did not wash with the Democratic senator. Franken’s line of questionning was characteristically direct: “Does this data indicate anything about your location or doesn’t it?”
Well, does it? Yes, badly.
Forensic experts have been aware of the iPhone’s location caching since the third version of Apple iOS mobile operating system (running on Apple TV, iPod, iPad and iPhone). Sean Morrissey, CEO of US security company Katana Forensics, said his company had been using the location logging feature buried in iOS 3 as part of its investigations into kidnappings and missing persons. Katana had even developed a tool for use by law enforcement agencies “from the federal to the local level”. That was a full year before the same information was discovered by two developers working on a data visualisation app and the discovery went mainstream.
The data collected by the iPhone resides in the consolidated.db file and consists of latitude and longtitude readings collected by either passing through different areas in a mobile phone network (ie leaving coverage of one mast and finding another), or using location data-enabled GPS apps like Google Maps or picture sharing apps like Instamatic to give but two examples. The accuracy of the data is directly linked to the proximity to phone masts and Wi-Fi networks, the closer the masts, the more accurate the data. This makes information collected in cities reasonably accurate, but that collected in less urbanised areas prone to error – to put it mildly. To take an example of what can go wrong, one of the developers behind the visualisation app found that his phone had readings placing him in countries (never mind cities) he had never been in. As a means of surveillance it was less reliable than the kind of information that can be obtained (by warrant) from any telecommunications provider.
Apple’s response to the location data debacle has been a mixture of befuddled statements and a rush to provide an out for enraged users. A statement on Apple’s website stressed that no personal data was being transmitted, except that which the user has given permission to be shared though the ‘location services’ option in the settings menu or by consenting to the terms of a third party application – in which case you have no one but yourself to blame (consider it analogous to letting third party developers gain access to your Facebook profile for apps and games). The latest version of iOS, 4.3.3, goes some way to alleviate user concerns, without abandonning the crowdsourcing function. The update restricts the amount of data retained and erases the cache entirely if location services are switched off.
Users have a lot more control than they think when it comes to location services. With the click of a button they can become masters of their own domains.
Subscribers 0
Fans 0
Followers 0
Followers