Apple Addresses China's CCTV Security Allegations

With a bit of déjà vu, Apple explained to Chinese consumers that it collects encrypted location information in order to render services more quickly.

Apple has responded to allegations that a Frequent Locations feature on the iPhone could pose a security threat, as Chinese broadcaster CCTV told viewers in a program last week.

"We are strongly committed to giving our customers clear and transparent notice, choice and control over their information, and we believe our products do this in a simple and elegant way," Apple said in a lengthy statement posted to its site in China.

Apple quickly added that it appreciates CCTV's effort to educate consumers on the "important" topic of ensuring the privacy of customer data.

The CCTV program, Reuters said in a July 11 report, included an interview with an "expert" who called the tracked data "extremely sensitive" and said that if hacked, it could reveal the country's economic situation, if not "state secrets."

Apple went on to explain that many users enjoy location-based services but find it inconvenient to wait several minutes for GPS satellite-based data to be configured; Apple has figured out how to reduce that wait to just seconds by using "pre-stored WLAN hotspot and cell tower location data in combination with information about which hotspots and cell towers are currently being received by the iPhone."

To do this, Apple maintains a crowd-sourced database of WLAN hotspots and cell towers that is informed by millions of devices.

"It's important to point out that during this collection process, an Apple device does not transmit any data that is uniquely associated with the device or the customer," Apple continued.

Further, the feature is optional, it can be turned off in the phone's Settings, and Apple can't access the information. It explained:

"Apple does not have access to Frequent Locations or the location cache on any user's iPhone at any time. We encrypt the cache by the user's passcode and it is protected from access by any app. In the interest of even greater transparency for our customers, if a user enters their passcode successfully, they are able to see the data collected on their device. Once the device is locked no one is able to view that information without entering the passcode."

Additionally, Location Services is turned off by default, and a user must approve each application's ability to access location data.

Apple's Well-Trodden Path

Apple has had a good deal of practice explaining its practices regarding such services. In April 2011, data scientists in Great Britain realized and reported that their iPhones were recording their whereabouts, via longitude and latitude, along with a timestamp. Several U.S. iPhone owners sued, and Congress stepped in to question Apple about the practice.

Apple explained at the time, in near-identical language as its 2014 statement, that instead of using GPS data, which could take minutes, it relies on "a crowd-sourced database of Wi-Fi hotspot and cell tower data that is generated by tens of millions of iPhones sending the geo-tagged locations of nearby Wi-Fi hotspots and cell towers in an anonymous and encrypted form to Apple."

Fueling the incendiary nature of the story at the time was the fact that iPhones continued to update WiFi hotspot and cell tower data from the database even when Location Services was turned off—a practice Apple blamed on "a bug." It shortly afterward issued a software fix.

Apple concluded its 2014 statement by saying that while all location data is encrypted, in the interest of greater transparency, a user can input her password and view the data.

It also added, "As we have stated before, Apple has never worked with any government agency from any country to create a backdoor in any of our products or services. We have also never allowed access to our servers. And we never will. It's something we feel very strongly about."

Follow Michelle Maisto on Twitter.