Apple is facing some serious questions about how and why its mobile products collect users’ location data. But it’s not the first time the company has dealt with interrogation by lawmakers over its practices related to that sort of information.
On April 21, U.S. Rep. Edward Markey (D-Mass.) and Senator Al Franken (D-Minn.) fired off letters to Apple CEO Steve Jobs, asking for clarification on news that the iPhone and 3G-enabled iPad running iOS 4 have been saving location data to a hidden database file.
Apple has not yet officially responded, but it’s not the first time the Cupertino, Calif.-based tech giant has run smack into lawmakers’ inquiries about its location data. In June 2010, Edward Markey, along with U.S. Rep. Joe L. Barton (R-Texas) sent Apple a letter demanding information on its practice of collecting, storing and sharing the location of users’ mobile devices.
The congressmen were apparently motivated by a change in Apple’s iTunes privacy policy, which had been revised to allow the sharing of location data with application providers-if customers opted in to the providers’ location services.
Apple responded at the time that, while its mobile devices and Mac computers did collect location information, they did so anonymously in batches, before encrypting and sending it to Apple’s servers every 12 hours.
In recent days, reports have emerged suggesting that smartphones running Android have been transmitting location data to Google. Security analyst Samy Kamkar, in research quoted in The Wall Street Journal April 22, suggested that the information uploaded by Android devices was free of personal data.
The current focus on iOS 4 started after researchers Alasdair Allan wrote a long April 20 posting about the mobile operating system’s supposed location-sniffing abilities on the O’Reilly Radar blog. Working with co-researcher Pete Warden, Allan released an open-source iPhone Tracker application that plots the consolidated information on a map.
“The database of your locations is stored on your iPhone as well as in any of the automatic backups that are made when you sync it with iTunes,” Allan wrote as part of a FAQ about removing the data. “One thing that will help is choosing encrypted backups, since that will prevent other users or programs on your machine from viewing the data, but there will still be a copy on your device.”
The location data saved by iOS 4 apparently contains information gleaned from cell towers and the names of WiFi access points, and not actual data on the tablet or smartphone. In theory, at least, anyone who manages to seize the user’s iOS device and its syncing PC will have access to the unlocked database file and roughly a year’s worth of consolidated location data.
As the week closed, news reports emerged that law-enforcement agencies have been using iPhone and iPad location data for at least the past year. Law and order aside, though, a least a few of the nation’s legislators have expressed reservations over Apple’s policy.
“The existence of this information stored in an unencrypted format raises serious privacy concerns,” read Franken’s April 21 letter to Jobs. “The researchers who uncovered this file speculated that it generated location based on cell phone triangulation technology. If that is indeed the case, the location available in this file is likely accurate to 50 meters or less.”
In turn, he wrote, that raises the possibility of some very negative consequences: “It is also entirely conceivable that malicious persons may create viruses to access this data from customers’ iPhones, iPads and desktop and laptop computers … There are numerous ways in which this information could be abused by criminals and bad actors.”
Other popular online services, including Twitter and Foursquare, also leverage location data.