Apple, Google Under More Government Privacy Focus

Apple and Google are facing scrutiny by the Illinois attorney general, amid controversy over their respective location-tracking practices for iOS and Android smartphones.

Apple and Google could find themselves under additional government pressure to reveal how they collect and store location data, after Illinois Attorney General Lisa Madigan asked to meet with executives from both those companies to discuss privacy issues.

"I want to know whether consumers have been informed of what is being tracked and stored by Apple and Google and whether those tracking and storage features can be disabled," Madigan wrote in a statement reprinted April 25 by Bloomberg.

Apple already faces similar inquiries from the federal government, after U.S. Rep. Edward Markey, D-Mass., and Sen. Al Franken, D-Minn., fired off letters to Apple CEO Steve Jobs April 21, asking for clarification on news that the iPhone and 3G-enabled iPad running iOS 4 have been saving location data to a hidden database file.

"The existence of this information stored in an unencrypted format raises serious privacy concerns," read Franken's letter. "The researchers who uncovered this file speculated that it generated location based on cell phone triangulation technology. If that is indeed the case, the location available in this file is likely accurate to 50 meters or less."

Researcher Alasdair Allan wrote about iOS 4's supposed location-sniffing abilities in an April 20 posting on the O'Reilly Radar blog. Working with co-researcher Pete Warden, he released an open-source iPhone Tracker application that can plot that stored location data on a map.

"The database of your locations is stored on your iPhone as well as in any of the automatic backups that are made when you sync it with iTunes," Allan wrote as part of a FAQ about removing the data. "One thing that will help is choosing encrypted backups, since that will prevent other users or programs on your machine from viewing the data, but there will still be a copy on your device."

The location data saved by iOS 4 apparently contains information gleaned from cell towers and names of WiFi access points, and not actual GPS data from the tablet or smartphone. In theory, anyone who seizes both the user's iOS device and its synching PC would have access to the unlocked database file and roughly a year's worth of consolidated location data. News reports suggest that law enforcement agencies have been using that data for at least the past year.

Other recent news reports also suggest that smartphones running Android are transmitting location data to Google.

Some analysts feel that Apple needs to rectify the situation-or at least boost its security.

"With this ability to collect comes a duty to consistently protect," Ian Glazer, a research director at Gartner, wrote in an April 25 posting on his corporate blog. "And this is where Apple has fallen down on the job. No doubt, Apple protects this kind of data in its data centers. But those protections ought to extend throughout the lifecycle of the data where they can protect it."

That means protecting data both on the iOS device and the desktop.

"Unfortunately, there is no way for the user of the phone to disable this location data from being generated and stored," Glazer added. "The appropriate thing to do is provide iPhone customers meaningful choice and enable them to disable the location of this data."

Jobs himself may have weighed in on the situation. According to the Apple-centric blog MacRumors, the CEO e-mailed an inquiring iPhone user with a curt: "We don't track anyone. The info circulating around is false." Apple has yet to officially respond, although the company has offered explanations for its privacy protections in the past.