Earlier this week Alasdair Allan and Pete Warden announced their discovery (re-discovery, actually, this one has already gone around the block at least once but few noticed) that iPhones and iPads with 3G radios that are running iOS 4.0 or later regularly record the location of the device in a hidden file. The file is restored across backups and migrations.
The information has always been collected; it was just stored in a different, less accessible place on the device (h-cells.plist in the Library folder).
This is, of course, a privacy and security issue. To make matters worse, Allan and Warden report that the file is stored in an unencrypted and unprotected format and resides on any machine with which you’ve synched your iOS device. Apparently the only information available is the physical location of your device, stored as not-always-accurate latitude-longitude coordinates and a timestamp. Allan and Warden figure that the location coordinates are determined by cell-tower triangulation with a widely varying frequency of recording updates.
Let’s not get carried away—the mobile phone companies have always had this information (although it usually takes a court order to access it). You may find it creepy—I’m sure many folks really, honestly do—I’m pretty fanatical about personal privacy and I just assumed a mobile phone with a GPS radio that seemed to almost continually ask me if it could use my location is storing this data somewhere. What’s really creepy is that unencrypted file sitting on every machine you’ve synched your iPhone with is tempting bait for law enforcement wanting location information without a court order.
As it turns out, as Brian X. Chen, writing for Wired reports, Apple explained its location information collection policy (.pdf; 540KB) almost a year ago. The explanation came on the heels of a request from US Representatives Joe Barton (R-Texas) and Edward Markey (D-Massachusetts). The location information for a given device is transmitted to Apple only if the user turns on the Location Services option. Any information transmitted to Apple is anonymized. Apple claims this is used to provide faster and more accurate location services. But the original data file remains unnecessarily stored, unprotected, on the iOS device (and any synched computers).
Why would Apple (and Google, it’s collecting location information from its Android users including a unique phone identifier) want this information? Julia Angwin and Jennifer Valentino-Devries, writing for the Wall Street Journal, follow the money and find it’s “part of their race to build massive databases capable of pinpointing people’s locations via their cellphones. These databases could help them tap the US$2.9 billion market for location-based services—expected to rise to US$8.3 billion in 2014, according to research firm Gartner Inc.”
The reason why this is getting so much attention this round is because Allan and Warden built an application that plots your device’s location data on a map.
Best advice? If this information stored on your device bothers you, encrypt your backups in iTunes.
As Tim O’Reilly, founder of O’Reilly Media, told Nick Bilton, writing for the New York Times, “It is more symbolic than anything else. It is one more sign of how devices are collecting data about us and potentially sharing it with others. This is the future. We have to figure out how to deal with it.”
0 responses. Comments closed for this article.