Apple, Inc. finds itself amidst controversy once again, this time provoking the criticism of privacy watchdogs which are demanding an explanation as to why its iPhones and iPads are secretly collecting location data on their users. Other mobile service companies maintain similar records but require a court order to release the information.
The Blaze writes: "The worry prompted by a report from researchers Alasdair Allan and Pete Warden at a technology conference in Santa Clara, Calif., raises questions about how much privacy you implicitly surrender by carrying around a smartphone and the responsibility of the smartphone makers to protect sensitive data that flows through their devices."
Concerns that iPhones and iPads were logging the physical coordinates of users without their knowledge were exacerbated when it was discovered that the information was then stored in an encrypted form which made it easy for a hacker, suspicious husband, or law enforcement official to access without a warrant.
Allan and Warden report that though the location coordinates and time stamps may not always be exact, the information is stored up to a year. In a blog posting, the researchers wrote, “We’re not sure why Apple is gathering this data, but it’s clearly intentional, as the database is being restored across backups, and even device migrations.”
The controversy rests not with the tracking aspect of the phone, but with what is done with the data. The Blaze explains, “A central question in this controversy is whether a smartphone should act merely as a conduit of location data to service providers and approved applications — or as a more active participant by storing the data itself, to make location-based applications run more smoothly or help better target mobile ads or any number of other uses.”
Security expert Alex Levinson contends that Apple devices have been retaining this type of information for some time, but that it was maintained in a different form until the release of the iOS 4 operating software last year. It was through Levinson’s work for the Katana Forensics firm that he accessed the location data in older iPhones and warned about the privacy issue over a year ago. Now, the location data is even easier to find.
“Either way, it is not secret, malicious, or hidden,” explains Levinson. “Users still have to approve location access to any application and have the ability to instantly turn off location services to applications inside the settings menu on their device.”
Because the information on the phones is unencrypted, researchers believe anyone with access to the device can see it.
Prominent iPhone hacker Charlie Miller disagrees, however, claiming that Apple’s recent security change makes extracting information from the phones even more difficult. “On the phone, they take a lot of precautions,” he noted. “It’s sort of frightening in the sense that it’s there, and it’s full of information about where you’ve been, but the good news is it’s not easy to get to.”
That changes, however, when the data is transferred to another computer for backup. If that computer is infected with malicious software, the information is located and sent to a hacker. Researchers contend that the information would be protected if the iPhone backup is encrypted through iTunes.
The privacy concerns have prompted the input of lawmakers, who are now demanding answers from Apple.
Senator Al Franken (D-Minn.), for example, asserts that the issues raise “serious privacy concerns,” particularly for children who use the devices, because “anyone who gains access to the single file could likely determine the location of a user’s home, the businesses he frequents, the doctors he visits, the schools his children attend, and the trips he has taken — over the past months or even a year.”
Representative Edward Markey (D-Mass.) made similar assertions:
Apple needs to safeguard the personal location information of its users to ensure that an iPhone doesn’t become an iTrack. Collecting, storing, and disclosing a consumer’s location for commercial purposes without their express permission is unacceptable and would violate current law.
Whether Apple itself has access to the data remains unknown, but it is certain that the data remains on the device as well as the computers that back it up.
Researcher Alasdair Allan also told the AP that it appears likely that phones run by Google, Inc.’s Android software behave similarly, and that he is investigating them as well.
