Report: Both Apple & Google Smartphones Transmit Location Data

| News

Both Apple’s iPhone and smartphones powered by Google’s Android OS are busily transmitting location data of their users back to the two companies. The story comes to us amidst a related story about iPhones and iPads storing location data on the owner’s Mac or PC, but The Wall Street Journal found that Android smartphones and iPhones are actually transmitting location data back to Google and Apple.

Why 2011 Might Be Like

Why 2011 Might Be Like 1984?

The Wall Street Journal reported that a security researcher named Samy Kamkar found an HTC Android smartphone was gathering location data every few seconds and then transmitting that data back to Google “several times an hour.” The researcher also said that the device was transmitting a unique identifier that could tie the data to the specific user, and that Google was also collecting the name, location and signal strength of any nearby WiFi networks.

Google had previously stated that the data it collects is anonymous, and that it furthermore deleted the start and end points of trips its devices were making. The company has also said that it used that data for such Google services as its traffic maps. Mr. Kamkar, however, showed The Journal that the data being sent to Google included the above-mentioned unique identifier.

The Apple revelation came from a letter Apple sent to U.S. Reps. Edward Markey (D-Mass.) and Joe Barton (R-Texas) in 2010. That letter acknowledged that iPhones were collecting location data (GPS coordinates and nearby WiFi networks) throughout the day, and then transmitting that data back to Apple once every 12 hours.

The Journal also pointed out that Samy Kamkar is the same Samy Kamkar that was convicted of a felony charge of computer hacking in 2005 after creating a worm that brought down MySpace, and that he also created a kind of cookie that is difficult to delete in order to demonstrate the vulnerabilities in modern Web browsers. After receiving Mr. Kamkar’s findings about his Android device, the newspaper hired another security researcher, Ashkan Soltani, to confirm those findings, which he did.

One reason Google and Apple are interested in collecting data on WiFi hotspots is because this is one of the key datapoints used in pinpointing a user’s location. This is the kind of thing most smartphone users use frequently when using an app like Google Maps or another “GPS-assisted” map service.

Apple relies on Google Maps for its iPhone map app, and the company has purchased enough map-related companies to be rumored to be developing its own competing service. Developing its own database of WiFi hotspots, therefore, would be key to developing its own mapping services.

Going back to the letter sent to Representatives Markey and Barton, Apple wrote that it was developing a “database with known location information. This information is batched and then encrypted and transmitted to Apple over a Wi-Fi Internet connection every twelve hours (or later if the device does not have Wi-Fi Internet access at that time).”

Apple also stipulated that the data was not tied to the user, but also separated that data from the data collected via its iAd mobile ad network, which does tie location data to the user. That data is then used to serve out ads tailored to the user without giving that data to the advertiser.

All of this is stirring up increased interest in the privacy implications and ramifications of smartphones. Regulators on the state and national level in the U.S. are looking into the issue, Senator Al Franken of Minnesota has added his Congressional voice to the issue that has already been raised by the above-mentioned Representatives.

Sign Up for the Newsletter

Join the TMO Express Daily Newsletter to get the latest Mac headlines in your e-mail every weekday.

Comments

Nemo

Bryan:  An apposite graphic:  Big Brother.

Lee Dronick

An apposite graphic:? Big Brother.

How about this one, it is more current.

Either way, can we commence the Two OS Hate now?

Bryan Chaffin

Nemo, I take pride in both the depth and breadth of my lexicon, but I had to look up “apposite.”

So, thanks for the comment and the learning opportunity. smile

Lee Dronick

Nemo, I take pride in the breadth of my lexicon, but I had to look up ?apposite.?

I looked it up as well. I wish that I had taken more than one year of Latin when I was in high school.

Nemo

I didn’t know the word “apposite,” before the law.  Lawyers use the word a lot, and given what many people think of lawyers, you both are probably better for not being marked by lawyers’ argot.

gnasher729

In the case of Apple, the fact is well known and Apple has a damned good reason to do it for the benefit of its customers: An iPhone or iPod Touch or iPad can determine its location by using the built-in GPS (if you have one, and you are not in-doors) or by checking which WiFi basestations are nearby, getting their position from a database, and calculating your own position. The second method requires an accurate database of WiFi basestations and their locations, especially when people move their basestations to different places.

To help with this, any iPhone with GPS that detects basestations nearby now knows the exact location of these stations and sends the information to Apple to update the database. It also makes sense to send the signal strength, so once there are several reports of the same basestations, its location can be calculated more precisely. There would be no reason to send any information that identifies the iPhone or the user, and Apple says they don’t do that.

It would also make sense if the iPhone remembered which information it has sent, so it doesn’t send it again. Would be stupid if my iPhone told Apple where my neighbours’ basestations are ten times a day, every day. Of course if such a database is detected on the iPhone, we can assume that paranoia will strike.

aaberga

Well, I am neither surprised nor offended by this piece of news.

In the place I am now (that I will not disclose to avoid being tracked down by any malevolent Big Co wink there are only my wifi basestations.

The iPod touch would never be able to locate. The fact that it does easily (if the iPad or iPhone have been active..) means that Apple got/gets the GPS coordinates from the other devices.

This is OK to me. I was actually counting on that: with an iPod touch and a MiFi you can easily navigate in any populated area as if you had a GPS equipped mobile device, for a fraction of the cost of an iPhone. *IF* Apple maintains the db they say they are maintaining..

Why should people not enjoying a 3G iDevice get the same free maps assistance that other users are getting?

Privacy concerns are a good thing, you never know what could happen if nobody cared.

But still I would use common sense before starting any ‘heavy indignation gunnery’ against Apple, Google or anybody mapping GPS and reachable WiFi routers.

aaberga

Well: better ->

Why should people not enjoying a 3G iDevice *NOT* get the same free maps assistance that other users are getting?

wab95

but I had to look up ?apposite

Bryan:

I’m confident that you’ve heard the word before. I’ll tell you where.

Kirk uses it in the transport room in ‘Undiscovered Country’ (I’m betting you’ve seen it at least once) when they’ve beamed the Klingons back to their ship. Lieutenant Valeris (the Vulcan number two onboard) suggests Romulan ale to accompany the coming evening meal with the Klingons. Kirk responds that this is ‘Apposite thinking…’.

Great word, Nemo.

Bosco (Brad Hutchings)

Well, I am neither surprised nor offended by this piece of news.

I think what offends people is that there has been a lack of plain English, up front disclosure with the benefits to both sides of the trade of data clearly explained. I generally keep up with the bleeding edge of technology and the business of it, and for the life of me, I never quite got what the Google wi-fi sniffing brouhaha was about from Google’s side. I didn’t get why they were even checking it. I didn’t get Skyhook. I didn’t understand how you could make a business out of war-driving, which I thought was just a nerdy activity that radio geeks and pedophiles might engage in as sport. The WSJ article was an ah-hah moment. Extrapolating from the data point of me, I doubt that many people have a basic understanding of the exchange of a handset’s location data (GPS, WiFi networks in range, cell towers in range, etc.) for services (traffic, maps, driving directions, etc.). Without understanding the trade, I’d expect most people to be taken aback.

I’m going to assume that the failure to explain the trade comes from legal pressures to get explicit permissions coupled with business sense to protect trade secrets and knowing that many consumers won’t send data to fuel ads given an option. All three are satisfied by a sentence like “this app/device sends location data to Company X’s servers, your personally identifying information will not be sent”.

Everyone needs to do better before the lawmakers get involved, because regardless of which party dominates and which company’s lobbyists have the most pull, lawmakers will overreact and screw things up semi-permanently with the force of government behind their cock-up.

BurmaYank

“Mr. Kamkar… showed The Journal that the data being sent to Google included the above-mentioned unique identifier… After receiving Mr. Kamkar?s findings about his Android device, the newspaper hired another security researcher, Ashkan Soltani, to confirm those findings, which he did.”

What do you want to bet Apple actually contracted Mr. Kamkar to take all “his” information to the WSJ in the first place, yesterday or the day before?

Lee Dronick

What do you want to bet Apple actually contracted Mr. Kamkar to take all ?his? information to the WSJ in the first place, yesterday or the day before?

Like I said yesterday, this whole thing reeks of dirty tricks with the first one played on iOS.

Now will the media report that both of the big players trackers users? I won’t hold my breath on that happening, Apple is the one who gets viewer ratings and page clicks.

BurmaYank

How about this one, it is more current.

Yes, and accordingly, does that Big Brother face remind anyone else of DARPA’s first honcho‘s face?

amergin

My 13 year old nephew just arrived with my wife into our local airport from the UK and his phone immediately came up with a message welcoming him to Ireland and telling him the local tariffs. He has a non-smart phone (a thick phone?). Surely all phones are constantly monitored. Who monitors the monitors?

Lee Dronick

Surely all phones are constantly monitored. Who monitors the monitors?

By now it is probably Skynet

Yes, and accordingly, does that Big Brother face remind anyone else of DARPA?s first honcho?s face?

Yes with those eyeglasses there is a resemblance between Big Brother and Admiral Poindexter. 

I think I remember reading something about how the NSA wanted all communications routed through their servers. Also remember that stink a while ago about AT&T and domestic spying?

other side

In the case of Apple, the fact is well known and Apple has a damned good reason to do it for the benefit of its customers

SO, after your entire post, why is it a damned good reason & a benefit to Apple customers?

Why does Apple (or anyone) need to continually look over your shoulder and mine?

Calculating basestation strength is NOT that reason (nor Apple’s business anyway since they’re not a service provider).

other side

Yes with those eyeglasses there is a resemblance between Big Brother and Admiral Poindexter.

Actually Big Brother reminds me of Steve Jobs.  Glasses and all.

Oh the irony of ironies….

Lee Dronick

Actually Big Brother reminds me of Steve Jobs.

You are going to end up in Room 101 smile

d'monder

“Both Apple?s iPhone and smartphones powered by Google?s Android OS are busily transmitting location data of their users back to the two companies.”

Nothing a hammer couldn’t fix.

Like the one in the commercial….

gnasher729

O, after your entire post, why is it a damned good reason & a benefit to Apple customers?

Why does Apple (or anyone) need to continually look over your shoulder and mine?

Calculating basestation strength is NOT that reason (nor Apple?s business anyway since they?re not a service provider).

Because that is how _you_ can find out your location. Your iPod Touch, or your iPhone with GPS not finding any satellites, detects base stations nearby, sends the information to Apple, and Apple tells your device where it is. Apple can only do that if they know where these base stations are.

Now let’s explain that signal strength thing: Let’s say an iPhone user with GPS is at location X and notices a base station nearby. It doesn’t know exactly where the base station is, but sends the information to Apple anyway. Then the phone user moves ten meters north, and the signal gets stronger. So what can we conclude about the location of the base station? It is probably a bit towards the north. Now we move 50 meter further, and the signal gets weaker. With all the information, and a bit of mathematics we can get the location of the base station quite precisely.

Of course you can decide that _you_ don’t want the ability to find out where you are. Or maybe you can come up with a clever method how you can ask Apple’s server for your location, and the server tells you the location, without you giving Apple information that let’s them find out where you are.

(Reminds me of a story of some army place with a broken hard disk that contained important and secret data. They decided to use a data recovery service to restore the data. Then they realised that the data recovery service might be able to read the secret data. So they drilled a hole through the hard drive and sent it off to the data recovery service. )

greatgazoo192

My cell phone keeping track of where it’s been?  No big deal when you consider how a cell phone works anyway.
A cell phone is a low power communications device that has to communicate with a cell tower, and the cell tower it communicates with has to constantly change as the phone moves.  The cell phone company has to keep track of where each phone is so that it knows which cell tower to use when someone calls you/you call someone.
That’s why ALL cell phones communicate with the cell network FREQUENTLY (i.e. about every minute) so the cell system can keep up to date tracking tables on EVERY cell phone in the system.  There’s nothing preventing cell phone carriers from keeping records of all cell phone movement.
It’s no different than Google (and your ISP or any website you visit, etc.) keeping records of every search you’ve ever done, every website you’ve ever visited, etc.
BTW, by default your phone, computer, tablet, etc. ALL keep history on websites you’ve visited, e-mails you’ve sent/received, etc.  The autofill of web browsers keeps track of things you’ve entered into web pages (like addresses, phone numbers, credit card numbers, etc.) That’s why you’re supposed to protect your computers/phones/tablets both physically and electronically (keep tabs on the hardware, password protect them, maintain anti-virus software on them, etc.).
But none of these safeguards truly protect against “big brother” (cell phone manufacturers/providers, search engines, ISPs, and even governments) from gaining access to this info if they really want to.
Oh, and BTW, those traffic cameras and toll way car pass systems are keeping track of your car’s movement as well!  And let’s not even mention what your credit card company is doing with every transaction you make on your cc.
Technology is a double edged sword!  If you don’t like what the technology does in order to make it possible, don’t use it!
The problem is people aren’t technically savvy, so they assume everything works by MAGIC and has no downsides.  They don’t stop to think about the implications, and then get pissed when someone points out how the systems work!
If it all bothers you, ditch the electronics, sell your car and walk and pay cash for all your purchases.
Or, if you’re going places on the web/in real life you’d be ashamed about if anyone knew, I suggest you stop going there.

Bosco (Brad Hutchings)

Calculating basestation strength is NOT that reason (nor Apple?s business anyway since they?re not a service provider).

Apple, Google, etc. should be up-front about both the how and the why and make it easy for people to opt in and out at will. They most definitely need to avoid taking anything that looks or feels like a passive-aggressive stand toward those who opt out. And if they really want to win, they might consider paying for data provided which helps them keep their databases up-to-date. A sliding scale from $1 to $10 of store credit per month (for some activity range between leaving the device on and in a drawer to traveling thousands of miles around a metro area) might make the whole exchange more palatable.

The fact that we’re having this discussion now points out how little is generally know by so few about how and why this data is being exchanged.

wab95

The fact that we?re having this discussion now points out how little is generally know by so few about how and why this data is being exchanged

I agree with you Bosco, however I believe the issue is wider than that. Indeed, I argue that there are two distinct, albeit related, issues.

First, is this more limited issue, sparked by the iPhone, of why data are collected, via location services, and what is the end use, who ultimately has access to how much of it, and what is the end game for those data. More to the point, what are the rights and options for the consumer, and as you aver, what effect on the consumer’s user experience does the exercise of those rights bring? I think it naive to believe that only Apple and Google’s business strategies are at issue here. This is the role that governments can play in creating a transparent, if not level, playing field, where the rules are common and understood by all.

Second, is the broader issue of the use of user data as currency in the internet (Facebook, Google, MS, Apple, third parties developers, you name it). What are the limits of use, who has access under what conditions, what are the limits of a contractual relationship between a user of one service towards the distribution of those data to third parties, what rights do consumers have in withdrawing informed consent on the use of those data, how is this policed, and what are the penalties for lack of compliance by internet companies with said regulations - if and when such regulations are created. This is a model that hails from my own profession in which we, the medical research community, have had to deal with issues of informed consent and the sharing of biological specimens and clinical data and the limits of use and ownership. I argue that consumers’ private data are no less valuable, particularly to the consumer.

The sooner these discussions are had, the better for the consumer, the industry and for the market. Litigation to redress wrongs is no free lunch, and costs everyone, including the consumer.

Bosco (Brad Hutchings)

This is the role that governments can play in creating a transparent, if not level, playing field, where the rules are common and understood by all.

You assume that the retards we elect to make such momentous decisions have any better information or understanding than most of us do. No thank you. BTW, the wider medical community has ensured a shortage of vital organs by legislating the market out of procurement. The doctors can get rich transplanting organs. The pharma companies can get rich selling anti-rejection drugs. The suppliers are expected to donate the raw materials. And private in-kind trade arrangements for redundant living tissue like kidneys or bone marrow are between frowned upon and shunned. Nice model.

I think it’s more likely that as the data collection is better understood, efforts to obfuscate or just plain pollute the data will probably force the collectors to “pay” for good data. It will probably sort itself out.

wab95

You assume that the retards we elect to make such momentous decisions have any better information or understanding than most of us do. No thank you.

Bosco:

You appear to assume that I am talking about US politicians, in saying ‘we’. My reference frame is wider than that. There are other countries that have a say in regulation.

Second, what you describe with transplants bears no relation to medical research, to which I can speak with some authority, does a disservice to the complex issue of organ transplants, and has nothing to do with this discussion.

Anyhow, I’m off to enjoy what remains of a glorious afternoon.

Cheers.

Lee Dronick

See today’s Joy of Tech comic

wab95

See today?s Joy of Tech comic

I thought as much; either that or the data were going to this guy.

Lee Dronick

I thought as much; either that or the data were going to this guy.

The Cigarette Smoking Man is probably inside Apple’s North Carolina Data Center.

wab95

The Cigarette Smoking Man is probably inside Apple?s North Carolina Data Center


I think you’re mistaken, Sir Harry. I’m quite certain that this will be the guy inside the data centre.

Log-in to comment