Senator to Apple: What’s Up with iPhone Tracking Data?

| News

Following the news that the iPhone keeps a log file of the locations users visit, Senator Al Franken (D-MN) sent Apple CEO Steve Jobs a letter (PDF) asking for detailed information about why Apple is storing the information, and whether or not the tracking data has been shared with anyone.

Senator Al FrankenSenator Franken questions Apple’s data policies

Word that the iPhone and 3G-enabled iPad track and log detailed information location data spread like wildfire on Wednesday when two security researchers released an application that overlays the information on a map. The collected data is transfered from user’s iPhones to their computer during a standard synchronization, and the information is stored in an unencrypted file.

The location data files first appeared about the same time as the release of iOS 4 in June 2010, which means that people who have used an iPhone for at least that long could have nearly a year worth of tracking data stored on their computer.

In his letter to Mr. Jobs, Senator Franken voiced his concern that “Anyone who gains access to this single file could likely determine the location of the user’s home, the businesses he frequents, the doctors he visits, the schools his children attend, and the trips he has taken over the past months or even a year.”

He added that the locally stored data could potentially be accessed by viruses and other malicious applications. “There are numerous ways in which this information could be abused by criminals and bad actors,” he said.

Senator Franken included a list of nine question he’d like Mr. Jobs to address promptly:

  • Why does Apple collect and compile this location data? Why did Apple choose to initiate tracking this data in its iOS 4 operating system?
  • Does Apple collect and compile this location data for laptops?
  • How is this data generated? (GPS, cell tower triangulation, Wi-Fi triangulation, etc.)
  • How frequently is a user’s location recorded? What triggers the creation of a record of someone’s location?
  • How precise is this location data? Can it track the users location to 50 m, 100 m, etc.?
  • Why is this data not encrypted? What steps will Apple take to encrypt the data?
  • Why were Apple consumers never affirmatively informed of the collection and retention of their location data in this manner? Why did Apple not seek affirmative consent before doing so?
  • Does Apple believe that this conduct is permissible under the terms of its privacy policy?
  • To whom, if anyone, including Apple, has this data been disclosed? When and why were these disclosures made?

iPhone location tracking mapThe iPhone stores detailed location data that can be mapped

While the location data logs are stored by default in an unencrypted format, users that enable encrypted backups in iTunes are better protected from prying eyes since their log files will require a password before they can be opened. Blocking access to the location data file doesn’t, however, stop someone from looking at the call history on a phone — which in many cases can be just as revealing as location logs.

Cell service providers log similar data, too, although they maintain the records on their own servers instead of locally on user’s computers.

Apple hasn’t commented yet on its data logging practices, nor has the company confirmed that the data isn’t being shared with third parties, although it’s very likely that it isn’t.

Despite the fact that the location log storage seems limited to user’s mobile devices and computer, Senator Franken isn’t comfortable with Apple’s actions. “Because this data is stored in multiple locations in an unencrypted format, there are various ways third parties could gain access to this file,” he said. “Anyone who finds a lost or stolen iPhone or iPad or who has access to any computer used to sync one of these devices could easily download and map out a customer’s precise movements for months at a time.”

[Thanks to Ars Technica for the heads up.]

Comments

craigf

While I suspect Apple has no evil intent here, and while I appreciate that these files appear to be entirely local and not read by Apple or shared with anyone else, I think these are good honest questions, not ignorant or hysterical, and that Steve’s smartest course of action is to use them as a framework for a quick and honest good-faith public response in order to defuse this issue before the hysterical nutbar Apple haters can spew more of their paranoia.

Dorje Sylas

Guess he should have been at WWDC to ask thoe questions raspberry

I think we in the tech sphere know the asnwer as why Apple has the iPhone doing that, how it’s done, and what devises it’s limited to.

The good question is who Apple shares that data with, if anyone. Although same question needs to be asked of cell phone companies in general.

Nemo

Sen. Franken has posed excellent questions.  I, for one, want to hear Apple’s complete and responsive answers.  And, if Apple has screwed up, it is best that it get out in front on this by issuing its mea cupla, appologizing, taking steps to correct the problem, that is, delete the files and remove the iOS’s ability to do the tracking, and explain how it will prevent this type of acquisition and use of personal information, that is not authorized by the user, from happening in the future.

Next, Sen. Franken should turn his attention to the carriers that store on their respective servers similar information, when there is no need to do so to provide network services.

Tiger

After 3 days of this story, you’d think people would have read and reread the part that THE DATA ISN"T BEING COLLECTED.

It is stored on your device and your computer. Even the researchers who discovered this months ago had no indication that it ever was reported to any central gathering point. Rather, it just stays on your computer.

Slogo

Sen. Franken has posed excellent questions.

As a Minnesotan, I can safely say that Sen. Franken has never posed an excellent question.

mhikl

This is kinda creepy. I have always held a little piece of worry that Apple might collect and store info (There are bucks in it.) but have hoped it wasn’t so.

Is this just stored on the consumer’s hardware and not anywhere with Apple? If so, we should be able to choose to store or have it automatically dumped at each shut down.

Will be watching this story earnestly.

Lee Dronick

As a Minnesotan, I can safely say that Sen. Franken has never posed an excellent question.

I think you are confusing him with Representative Bachman. Senator Franken is very intelligent and astute, he is one of the best things that has happened to your State.

daemon

I, for one, want to hear Apple?s complete and responsive answers.

Well I’m pretty sure the answer is that Apple is merely keeping track of their property that you licensed from Apple. That way Apple can take possession of their property should you ever violate your license.

geoduck

As a Minnesotan, I can safely say that Sen. Franken has never posed an excellent question.

As a former Minnesotan I can safely say that Sen Frankin is a damn sight better than the carpet bagging weasel Coleman he replaced.

mhikl

. . . it just stays on your computer.

Namaste, Tiger. Relieved.

Lee Dronick

Well I?m pretty sure the answer is that Apple is merely keeping track of their property that you licensed from Apple. That way Apple can take possession of their property should you ever violate your license.

I think that we can blame this situation on Gizmodo and the stolen iPhone prototype.

This is kinda creepy. I have always held a little piece of worry that Apple might collect and store info (There are bucks in it.) but have hoped it wasn?t so.

Is this just stored on the consumer?s hardware and not anywhere with Apple? If so, we should be able to choose to store or have it automatically dumped at each shut down.

Will be watching this story earnestly.

It could be worse, AT&T could also be tracking us and storing the data on their end, but I assume that they are already doing that.

From what I understand the iPhone or iTunes is not transmitting the file to Apple or anyone else. Doesn’t mean that they aren’t and some researcher may find that it is happening.

I suspect that soon we will have an iOS update that encrypts the files, allows you to delete them at will, and appease users in general. By then William and Kate will be married, some celebrity will be in court again, and the media will have forgotten about trackgate.

ProfSaint

Thanks for your “comment” Sluggo.  Now slink back under your rock while the adults talk.

ctopher

These are great questions, and after running it on the iPad at work I wonder why it was 2 states away a month ago.

What I really like about this situation is that it makes folks more aware of this kind of thing. Your GPS keeps track of where you go, when you connect it to your computer does that info get downloaded?

AT&T is keeping track? Doesn’t that freak you out just as much? or perhaps more since they control the data and not you?

Apple has a target on its back since it’s the darling of the business world and we all know there’s lot of money to be made betting against them. That being said, the target has brought light some important issues. Overseas labor, e-waste and now GPS tracking.

cisbell

People… Here’s the truth! Google Alex Levinson’s blog about “3 Major Issues with the Latest iPhone Tracking Discovery?

Fact: Most of these stories out there are mostly bogus. From the blog…

Fact: Apple is NOT collecting this data:
Forensic research rebuts this claim. Research in this field and all traffic analysis performed, show that not once has it been shown this data traverses a network. As rich of data as this might be, it?s actually potentially illegal under California state law.

Fact: This hidden file is neither new nor secret.
It?s just moved. Location services have been available to the Apple device for some time. Understand what this file is ? a log generated by the various radios and sensors located within the device. This file is utilized by several operations on the device that actually is what makes this device pretty ?smart?. This file existed in a different form prior to iOS 4, but not in form it is today.

Apps now have to use Apple?s API to operate in the background ? remember, this is not pure unix we?re dealing with ? it is only a logical multitasking through Apple?s API. Because of these new APIs and the sandbox design of 3rd party applications, Apple had to move access to this data. Either way, it is not secret, malicious, or hidden. Users still have to approve location access to any application and have the ability to instantly turn off location services to applications inside the Settings menu on their device. That does not stop the generation of these logs, however, it simply prevents applications from utilizing the APIs to access the data.

Fact: This ?discovery? was published months ago.
From Mr. Levinson’s blog, I understand that Mr. Allan and Mr. Warden are valued researchers for O?Reilly, but they have completely missed the boat on this one. In the spirit of academia, due diligence is a must to determine who else has done such research. Mr. Allan, Mr. Warden, and O?Reilly have overlooked and failed to cite an entire area of research that has already been done on this subject and claimed full authorship of it. He cites further evidence.

Be careful what you read or watch…

zewazir

Sounds to me like a bunch of chicken littles running around, and Franken grabbing a spotlight based on their squawking. There is no indication the data is being collected by Apple. It stays with the individual. Therefore, “what is Apple going to do with the information?” is, indeed, a stupid question because Apple does not HAVE the data; only the users have their own data on their own computers. The sam goes for the majority of Franken’s other questions, because they are all based on a false assumption that Apple has access to the data.

Now, Apple should have publicized this feature. Had they done so it would not be taking people by surprise like this. That they failed to do so is definitely a faux pas.

But Franken’s response is pure limelight stealing FUD. People keep all KINDS of confidential personal data on their portable data/communications devices and home computers, including banking records, doctor/health insurance records, phone numbers, account numbers, passwords, etc. etc. etc. The idea that this particular set of data makes people somehow more vulnerable to identity theft is ridiculous.

Lee Dronick

People keep all KINDS of confidential personal data on their portable data/communications devices and home computers, including banking records, doctor/health insurance records, phone numbers, account numbers, passwords, etc. etc. etc. The idea that this particular set of data makes people somehow more vulnerable to identity theft is ridiculous.

I said early on in these comments that if someone has access to your iPhone or Mac to get these files then you have greater problems than your back trail.

I have a lot of respect for Senator Franken. Maybe he is just getting attention, but if anyone could give Apple a fair shot in this it would be him.

d'nomder

I don’t think the US government is in ANY position to call another organization out on data compiling & people tracking.

Wonder if this is genuine concern from Franken, or if it’s a case of Congress sending the new guy on a goose chase.

a deal you can't refuse

There’s a very simple solution to this.

“You know, Al, it’d be a shame if the Mall of America Apple Store had to close, or if we suddenly became unable to supply Best Buy and Target with Apple products…”

Lee Dronick

d’nomder said: “Wonder if this is genuine concern from Franken, or if it?s a case of Congress sending the new guy on a goose chase.”

It is his duty to investigate this matter, he chairs the committee:


Committee on the Judiciary

Subcommittees:

  ?  Privacy, Technology, and the Law (Chairman)
  ?  Antitrust, Competition Policy, and Consumer Rights
  ?  Human Rights and the Law
  ?  Administrative Oversight and the Courts

The Judiciary Committee oversees important legal issues such as civil rights, consumer protection, crime, and judicial nominations. Most Senators on the Judiciary Committee are lawyers, but I’m not.? So at first I thought it was unusual that I was appointed to Judiciary. But I did some research, and it turns out that most Minnesotans aren’t lawyers either. So I decided to use my spot on this Committee to ask the common sense questions that regular Minnesotans would ask and ensure that someone was looking out for how these issues affect consumers, small businesses, and individuals’ civil rights. It’s actually a pretty great Committee for doing those things. My first week in the Senate I got a great chance to speak up for regular Minnesotans as part of the nomination hearing for Supreme Court Justice Sonia Sotomayor, and I’ve since been involved in the discussion of how corporate donations will affect our American elections, and how the proposed NBC/Comcast merger is going to affect consumers. ?

Sen. Franken chairs the subcommittee on Privacy, Technology, and the Law which includes?oversight of laws and policies governing the collection, protection, use, and dissemination of commercial information by the private sector, including online behavioral advertising; privacy within social networking websites and other online privacy issues; enforcement and implementation of commercial information privacy laws and policies; use of technology by the private sector to protect privacy, enhance transparency and encourage innovation; privacy standards for the collection, retention, use and dissemination of personally identifiable commercial information; and privacy implications of new or emerging technologies.
Learn more about the Senate Judiciary Committee:?http://judiciary.senate.gov/

mhikl

Be careful what you read or watch?

Important, very important words to always keep in mind, cisbell. No matter how much I learn or think I know, I’m always surprised how much space the pot still has.

For example, check out Daring Fireball this week, all ye who are carb chow hounds.

Nom

This whole thing is ridiculous.  DId you know that your computer keeps track of every website you’ve visited?  It’s called a “cache”.  And that any application you run can potentially keep track of everything you do?  It’s called a “log”.

“Hey, look, it’s a logfile!  And if you have the right tools, you can even READ it!”.  It would be nice if people didn’t insist on displaying their cluelessness quite so publicly.

Laurie Fleming

With everyone getting their knickers in a twist over this, when is someone going to ask Google what the same information is doing in their cache files?

https://github.com/packetlss/android-locdump

Personally, I don’t really give a toss - I checked where I had been over the last few months, and I found I’d been to Palmerston North, 200km north of here. Last time I was really there was January 1991.

Lee Dronick

In all seriousness this stinks of dirty tricks. Follow the money, who benefits if Apple gets a bad reputation on this tracking tempest in teacup.

Lee Dronick

Seeing as I was in snit over the iPhone tracking overreaction in the media I did some research and found some interesting products. Check these links

http://www.prlog.org/10890435-droid-phone-spy-monitor-droid-phone-track-droid-phone.html

http://www.mobilespytool.com

http://www.spyingmobilephone.com

So someone gains access to your iPhone or Mac and they may be able to tell where you have been. Someone gains access to your Droid and they can install software to track you real time, read your texts, and some other things.

Lee Dronick

Check these links

http://www.spyingmobilephone.com/

http://www.mobilespytool.com/

wab95

I was in snit over the iPhone tracking overreaction in the media I did some research and found some interesting products. Check these links


Many thanks, Sir Harry. I do think that there has been a profound over-reaction by both the media and the blogosphere, both of whom continue to misreport this as data being collected by Apple and/or Apple tracking people. I was not going to post anything further on this, having shared some links on this website yesterday to some authoritative input. I even tried to share those with CNN/BBC (groups to whom I never post) just to quiet the chatter, but both elected not to post my input - imagine that?

As for your links on the Android platform, no surprises there. 

The question is, so what? I think this is thoughtfully summarised by David Pogue, so will spare my fellow TMO’ers my two pence.

Here’s hoping for a rise today in the tide of sanity and reasoned discussion, if anymore is needed.

Lee Dronick

I do think that there has been a profound over-reaction by both the media and the blogosphere, both of whom continue to misreport this as data being collected by Apple and/or Apple tracking people.

Putting Apple or Steve Jobs in a headline garners more page hits and viewership than for most tech businesses and personalities. Yes, there is a lot of misinformation about this situation. This dust up will be over soon, the Royal Wedding is next weekend.

See today’s Joy of Tech comic http://www.geekculture.com/joyoftech/joyimages/1532.gif

Lee Dronick

One more post and I will probably let this go. Android does it too, see http://arstechnica.com/gadgets/news/2011/04/android-phones-keep-location-cache-too-but-its-harder-to-access.ars

Log-in to comment