Lawmakers Demand Apple Clarify iPhone Tracking Capability
Amid a brewing controversy over a tracking feature in Apple's iOS 4, several members of Congress have called on Apple to explain what the information is for.
Rep. Edward Markey (D-Mass.) wrote to Apple CEO Steve Jobs on April 21 requesting information and suggesting that the practice may violate the Federal Communications Act. Markey asked Apple to confirm that the collection feature exists, explain why it was developed, describe how customer information is collected and verify whether users can disable the collection.
Markey's letter expressed concern that collecting user-location data and storing it unprotected on the device runs counter to the provision in the Communications Act that requires companies to get express authorization from customers to use, disclose or access location information for commercial purposes.
"Apple needs to safeguard the personal location information of its users to ensure that an iPhone doesn't become an iTrack," wrote Markey.
Apple's iPhone and the 3G iPad running iOS 4 are regularly recording the device's location position into a hidden database file, Alasdair Allan, one of the researchers who discovered the file, wrote April 20 on the O'Reilly Radar blog. Location data is being saved to the file and is regularly backed up when the device is synced to the PC, according to Allan.
The data saved in consolidated.db appears to contain cell-tower triangulation information and names of WiFi access points, not actual GPS data from the phone.
"What makes this issue worse is that the file is unencrypted and unprotected, and it's on any machine you've synced with your iOS device," Allan wrote. Anyone can look at the file to know where the user-or at least, the device-has been over the past year since the iOS was released in June, said Allan.
It's not clear if the data is being sent on to Apple, and Apple is not saying anything at this point. However, in a letter to Markey last July, Apple said it may "collect and transmit cell tower and WiFi Access point information," which it would then use to build a cell tower and WiFi access-point database. The data is "batched and then encrypted and transmitted to Apple over a secure WiFi Internet connection every 12 hours," Apple said in that letter.
Apple used to build the location database by licensing the data from Skyhook, which collected the information by sending cars to "drive around the world," F-Secure's researchers wrote on the News from the Lab blog. Apple started replacing the Skyhook database with its own iPhone OS 3.2, which was released in April 2010. Apple asked user permission via a highly misleading prompt shown during the initial iTunes installation, according to F-Secure.
Google also maintains its own global database of the locations of WiFi networks, based on information collected when the Google Maps Street View cards were going around the globe.
Since the database is currently unprotected and unencrypted, it's possible that malware can target the data, either on the mobile device or on the desktop PC. In fact, it's even possible that law enforcement can look at the information to determine where the person has been for the past year, raising privacy flags, F-Secure's researchers said.
Allan and his co-researcher, Pete Warden, have released an open-source iPhone Tracker application that can plot the collected information on a map.
This is the second such unprotected file containing user information found on mobile devices this month. Skype recently fixed a security flaw that would have allowed a third-party application to view user data stored in a Skype database on Android phones.
Markey is not the only concerned voice in Congress. Sen. Al Franken (D-Minn.) penned his own note to Jobs asking for details on why it is collecting the data, on what devices, how frequently it's being collected, what Apple does with it, why it's not encrypted, and why Apple didn't notify its users, among other things.
It's also possible that this is a bug, and Apple will fix it immediately. "My little-birdie-informed understanding is that consolidated.db acts as a cache" for recent location data, and historical data is supposed to be removed, wrote John Gruber on the Daring Fireball blog.