Sense and Sensibility Regarding Apple’s iPhone Tracking

| Hidden Dimensions

“Rationalization is the highest form of technical development achieved by some executives.” — Anon

Between the almost religious extremes of outrage and loyalty to Apple lies the heart of the matter regarding Apple’s iPhone tracking data. That is, how does Apple treat its customers?

It’s no exaggeration to say that, once again, Apple has gotten behind the public relations curve on a critical technical issue. This doesn’t happen because, from time to time, Apple slips up or because the media decides to kick some sand in Apple’s face. It happens because Apple is a large, aggressive company and these kinds of events become typical. Like cancer, hoping that it will all go away and that things will return to normal is unjustified.

One of my favorite TV commercials, and there are a few that are charming, is from IBM about a decade ago. An IT manager is told that he’s in denial. His response:

“No I’m not!”

With every incident, Apple seems to go through the Five Stages of Grief. First is denial. The problem will go away. But the customers are angry, and it doesn’t. Lawsuits are launched. Then, I am sure, Apple gets mad, internally, at the press for fanning the flames. Then there’s some internal bargaining. How can we make this thing go away without spending a lot of money? There’s no depression phase. Instead Apple goes straight to the Acceptance phase and finally issues a press release. Or, perhaps Steve Jobs, as he did on September 11, 2010, when he addressed “Antennagate,” makes a public appearance.

Now I realize that it takes time to, first, identify the technical issues and, second, consult with the legal staff. But Apple, again, has acted very slowly and hasn’t gotten out in front in another public relations nightmare. Will things improve? These events, that never plagued Apple when it was a boutique UNIX hardware company, will only increase in frequency now.

USA TODAY’s Byron Acohido quoted Michael Robinson, senior vice president of Levick Strategic Communications. He advises senior Wall Street executives and U.S. politicians.

By staying silent, Apple and Google risk losing control of a message that location tracking technology embedded into popular iPhones and Android handsets are desirable and mostly benign. In a crisis, you want to over communicate and define the narrative before it’s defined for you. Silence only fuels fear and speculation.”

Is the Media Getting it All Wrong?

Several articles I’ve seen on this affair suggest that those stupid people in the mass media just can’t get the technical facts right. And so they are responsible for confusion and disinformation. Actually, I’ve been fairly impressed with the coverage by professional news organizations, on the Web and TV. They must summarize the facts and inform their readers. They do homework and report. On the other hand, some of the coverage by tech columnists has been too paranoid or too apologetic.

Last week would have been a good time for Apple to publicly explain the situation and put the problem behind them, showing that customers matter most. Apple could have explained why the data was being collected, point out that they realize that with the iPhone in the wrong hands, the data could be harmful, that it was never intended to be collected for an entire year, and that a future update will give customers control. An apology is always good form. Instead, we got a (purported) one-liner snarky e-mail from Steve Jobs. But perhaps that’s because Mr. Jobs is watching, observing and analyzing from a distance* how the executive team, perhaps without his direct, energetic, daily guidance, is performing in a case like this.

I am still holding out hope that Apple will make an announcement in the next few days.

Meanwhile, Apple is facing an inquiry from the U.S. Senate’s Al Franken in addition to the Illinois Attorney General.

Denial

A final aspect of this is more denial. Apple doesn’t appear to believe that customers can possibly turn against the company. The old AT&T, Dell, and Microsoft didn’t believe it could happen either. Paul Allen recently referred to it as Microsoft’s “breathtaking fall from grace.” Big, rich, powerful companies are beholden to no one and never believe that customers will turn on them. Ever.

It takes time. The customers keep score. The betrayals by any sufficiently large company add up and become the collective legacy of the company. It’s the biggest risk Apple faces nowadays, and I know that we’re all rooting for Apple to emerge unscathed by this snafu. It’s time to act.

____________

* Mr. Jobs went on medical leave in January, 2011.

Sign Up for the Newsletter

Join the TMO Express Daily Newsletter to get the latest Mac headlines in your e-mail every weekday.

39 Comments Leave Your Own

Lee Dronick

“But the customers are angry”

Have we seen that?

MyRightEye

Just Jailbreak your phone - there’s a patch to stop the tracking.

brett_x

Yes, Sir Harry. I’m fairly concerned / angry about this.

But.. it would be worse if my situation was different:
If I had a child with an iphone, I’d be enraged.
If I was a corporate citizen who was given an iPhone, I’d be enraged that my employer would have access to my whereabouts if they just ask for their phone back (even for an update) etc.
If my wife had an iPhone, and she’d synched a few podcasts at work, I’d be a bit concerned that her IT staff would have her tracking data.

I’ve been called an apologist at times. But it’s mostly in trying to highlight a different point of view.

Honestly, in this case, I can’t see where this need to store this kind of data comes from. I believe it was John Gruber that suggested that it may be a glitch / bad programming of a cache of recent towers that you’ve been near, and it was supposed to only hold about 30 days worth of travel data.  That’s the only rational and acceptable answer I can come up with for this type of tracking. But it should be encrypted.

I agree with John. They’ve let other people speak for them. You can’t control your message if you’re not the one with the blow-horn.
Where is Apple? All they had to do was say that it will be fixed in the next update.

mhikl

John, I am a proud Apple Fan; I don?t think I am an Apple extremist in the religious sense, though. Such would be based on faith and faith in any realm is a fool?s dream. However, having dealt with countless Apple computers I have seen my fair share of dogs. I?m working on one right now and it is frustrating but I am obstinate about getting my time out of every computer I have owned. The first color iPod was the most expensive b gift I ever received and it lasted about eight months and then had to be replaced three times by refurbishes that didn?t work out of the mailing box. On travel without a central address made it difficult to keep up with the swinging door of defeat and I gave up. Obstinately, I bought a second hand shuffle refusing to replace the color iPod until my five year rule was up. I could go on. I know Apple?s limits and weaknesses.

However, I have also seen the alternative, the other sides of this world of chaos in action, M$ and Linux and now Google?s horrid Droidensteins. Against them Apple comes up smelling like moss, a good, healthy medium from which spouts some great seed. From the contaminated soils outside the Apple orchard come consistent inconsistencies and flimsy wares on which I should never waste my time.

A bit of an antenna prob? Not a big deal for most people. Perfection is the unreachable cloud of some people?s despair; not mine. But information sent off? Ya, that I don?t like and I do want an answer. Apple must answer this one and the longer it waits, the more concerned I become. And the reason for this is that either Apple or the expectations of members on this forum (or both) have led me to believe that Apple has the consumers best interests at heart. The king of this electronic age makes oodles of money off the physical and the etherial, so much so it doesn?t have to sell the most to gather the kind of booty that leaves the calamity market weeping.

If Apple has been doing what its own finger has pointed at in derision, I will be most concerned. If the information is needed for improving some important venue not implied to the specific customer from which it is gathered, I can buy that.

Looks like time will tell.

Lee Dronick

If Apple has been doing what its own finger has been pointed at in derision, I will be most concerned. If the information is needed for improving some important venue not implied to the specific customer from which it is gathered, I can buy that.

Looks like time will tell.

Yes, let us wait and see what comes out of the hearings. Suppose that Homeland Security required, or at least pressured, Google and Apple to keep location/tracking files. Or perhaps it is just for marketing purposes, implemented or not.

As to children and their safety. The child almost certainly goes to the neighborhood school and plays in the neighborhood park, a pedophile or kidnapper doesn’t need a tracking file to snatch a vulnerable child.

vpndev

In this case, I suspect that Apple Legal figured out right away that there would be lawsuits a’plenty and cautioned against making *any* statement at all. There were lawsuits in antennagate, of course, but right from the start it was clear that they’d be related to product performance etc. Not so here - this is a whole different ballgame.

So I suspect that Apple is digging very hard to find out exactly what happened and when, who did what and why. And they won’t release any statement until they have all those facts in hand.

I believe that this will turn out to be a bug or oversight, in that the db entries weren’t culled (as Android does). And I believe this because there’s absolutely no gain for Apple in keeping the entries for longer. The conspiracy folks can wax as they will but answer this - what’s the upside for Apple in keeping them forever? There is none. I know why they (Apple) want the entries but there is no point keeping them on the iPhone once they’re uploaded. None at all.

We can argue whether or not they are sufficiently anonymized but that’s a separate discussion. Maybe they are, maybe not - I haven’t looked at that.

But what is beyond argument is that there is no benefit to Apple in having a long-term location history on an individual’s iPhone.

JMP456

“Actually, I?ve been fairly impressed with the coverage by professional news organizations…”

So much for that John!

The moto is still print and check after… if need be.

Quite sad.

mhikl

Hey Bosco, aka mhikl sucks, you are too cool. I feel famous! Don’t forget to take the dogs for a run at the kiddy park.

right on

Apple has the consumers best interests at heart. The king of this electronic age makes oodles of money off the physical and the etherial, so much so it doesn?t have to sell the most to gather the kind of booty that leaves the calamity market weeping.

Right on, mhikl! Apple is so awesome. They have our best interests at heart (not our bank accounts) and they prove it by consistently overcharging us on everything!

right on

The child almost certainly goes to the neighborhood school and plays in the neighborhood park, a pedophile or kidnapper doesn?t need a tracking file to snatch a vulnerable child.

Also, having a tracking file will not help a pedophile single out a specific child. If anyone thinks so you’re dumb!

BurmaYank

?But the customers are angry? - Have we seen that?

Yes, Sir Harry. I?m fairly concerned / angry about this.

IMHO, neither brett_x nor anyone else has any true reason to be angry/concerned about the “Apple?s iPhone tracking data” question, because, it seems clear to that what Steve said is the truth. (”... We don?t track anyone. The info circulating around is false.”) Here in this excerpt from Intruder‘s 4/25 link is why:

“The quick summary: I believe I have confirmed that Apple is not storing your location, but the (actual or estimated) location of cell towers (and WiFi access points) that are close to you, to help locate you as you move (these are not necessarily towers that you have been in communication with). In the data I have examined there is nothing that is based on the accurate location of the iPhone. For a good example, see my previous post showing the location of cell equipment in Coors Field baseball stadium, and not revealing the location of my home which is very close to there. In my opinion, if Apple was storing this data in order to know where you had been, they would be storing different, more accurate location data that they have access to.

And, importantly, they are not storing history - the only thing that can be found from the files is when you last visited a general area, not if you made repeat visits. This is especially important as it means that many of the concerns expressed about this data are simply not valid: it cannot be used to determine where you live, or work, or go to school, or who your doctor is.

Why does the FUD spiral on without any significant references this article’s point, that “Apple’s iPhone is NOT storing your accurate location, and NOT storing history” and that it’s not sending any personal location info back to Apple, getting raised in contradiction to the FUD?!

Pat Dissent

Not so here - this is a whole different ballgame.

This is the only half-way correct thing here.

YOU agreed to this when you clicked by the EULA at the speed of light. The simple reality is you agreed to this TWICE. Once with Apple, and once with AT&T (I will assume Verizon is the same). If you have an iPhone, the fact is it cannot be activated without your agreement to the contract.

It is a legally binding contract, and the people doing the suing simply have no case. The people who believe two major American corporations have nothing better to do than to track your every movement every minute of the day need to build some very sturdy bridges and get over themselves already.

vpndev

@Pat: I didn’t say that the lawsuits would be successful. they might be or might not be - it depends upon the facts and the law. We don’t yet know the facts and I am not a lawyer.

But this *is* a whole different ballgame - if for no reason other than the indisputable fact that people have started (finally) to be a bit more sensitive about privacy. So Apple could win the lawsuit(s) yet take a major bashing in the Court of Public Opinion. It would like to win in both, of course, but Apple Legal’s task is to make sure that they at least win the lawsuits.

EULA’s are flexible things and there have been lots of varying Court rulings over the years about which parts are enforceable and which parts are not. An EULA is a sensible and necessary step for a corporation to protect itself but it’s not an impregnable shield.

Personally, I think it’s OK if Apple collects location info and it’s anonymized. But a list of where I’ve been, even if it’s only the nearest cell-tower, does not fit into the “anonymized” category when it’s on my iPhone. And how do we know if it’s anonymized when sent to Apple? These are issues to be answered in Court and, presumably, at the Congressional hearings.

And until then, Apple’s keeping “mum”.

Bosco (Brad Hutchings)

Hey Bosco, aka mhikl sucks, you are too cool. I feel famous! Don?t forget to take the dogs for a run at the kiddy park.

Wasn’t me, but I’m sorry your feelings were hurt.

Dorje Sylas

Why does the FUD spiral on without any significant references this article?s point, that ?Apple?s iPhone is NOT storing your accurate location, and NOT storing history? and that it?s not sending any personal location info back to Apple, getting raised in contradiction to the FUD?!

Because people who have no technical background or skills are exactly the people using the iPhones and accept how they work as magical, without giving any though as to how the Cupertino pixies make their magic dust. They are also the first to freak out when the trick is reviled and it looks even a smidgin Orwellian.

I’d be more concurred about what Google and Microsoft is pulling out of the location based searches. You know the ones that give you the movie ticket prices at the nearest local theater without you even having to type your zip code. How do does that magically work? Oh wait they are either using the location data you authorized to send them or they are pulling your estimated zip code based on your regional ISP, if you are logged in with an account all the associated data from there.

John Martellaro

BurmaYank: The issue here is not that Apple isn’t tracking you personally. The company is not. The issue is that if your iPhone falls into the wrong hands, the combination of the anonymous tracking data + information about your identity contained elsewhere in the phone poses a threat to your privacy.  Or if confiscated by police, the combination of anonymous tracking data + the user identity could be misused.  So Mr. Jobs was being disingenuous, and that leads to customer dismay.

Lee Dronick

information about your identity contained elsewhere in the phone poses a threat to your privacy.

That is the greater threat.

BurmaYank

/i]quote author=“John Martellaro” date=“1303871677”]The issue is that if your iPhone falls into the wrong hands, the combination of the anonymous tracking data + information about your identity contained elsewhere in the phone poses a threat to your privacy.? Or if confiscated by police, the combination of anonymous tracking data + the user identity could be misused.? So Mr. Jobs was being disingenuous

John, did you read that article? You seem to be mistaken in your assumption that your iPhone is storing “...anonymous tracking data…”. According to that article, there apparently is NO tracking information being stored on the iPhone; what apparently is instead being stored is only downloads from Apple to your iPhone about undifferentiated coordinates of celltowers you have used or might reasonably need to use:

The data under discussion in this whole debate is clearly (in my opinion) a cache of the data mentioned here of nearby cell towers and Wi-Fi access points. I guess the remaining valid concern is that this cache is not stored as securely as it could be, and a fairly large amount of data is stored in the cache. But still this data provides only relatively coarse information as discussed here, and is stored only on the user’s own computer, so the risks are relatively minor compared to many of the more dramatic scenarios that have been raised…

So, this data stored in the iPhone logs is much less revealing than it may initially seem. At a quick glance it does look like it is recording your location history, and I think that Pete Warden and Alasdair Allan were quite right to raise the concerns that they did. It takes some digging in the data to realize that the concerns are not nearly as bad as they appeared at first sight. By publicizing it as they did, and providing their tools and documentation on how to examine the data, they made it easy for others like myself, Sean Gorman and Will Clarke to analyze the data and figure out more about what is going on.

It’s still not clear exactly what the data is for, but my guess, as Jude suggested, is that it is to aid in fast location determination - once the iPhone figures out that you’re in an area, it downloads data for surrounding cell towers (and Wifi hotspots, a detail I haven’t gone into here but the data is available for those too, as discussed in my previous post), so it can quickly locate you as you move around that area (update: see the first comment below, and my addition to the initial summary, which reference a document from Apple that confirms that this is the case).

So to summarize again, there are still some concerns with this data - it does give an approximate indication of places you’ve been, but not good enough to identify specific buildings or businesses. It doesn’t record history - there is no way to tell if you’ve visited a location multiple times, you can just tell the last time you visited a general area (though there might be clues about multiple visits - for example data showing you visited a neighboring area on a different date, but nothing definitive or detailed about repeat visits). But it definitely doesn’t reveal the sort of detailed information that many people have been concerned about.”

And none of it is new information - “Apple provided complete details/limitations of the Core Location data collection and transfer activities in July last year http://www.wired.com/images_blogs/gadgetlab/2011/04/applemarkeybarton7-12-10.pdf

This cache was also detailed in the WWDC 2010 session entitled ?Using Core Location in iOS?.

And so in no way was “..Mr. Jobs ... being disingenuous” about “...anonymous tracking data… in the phone (posing) a threat to your privacy” - About “... information about your identity contained elsewhere in the phone (posing) a threat to your privacy”? Yes, perhaps, but NOT about “...anonymous tracking data… in the phone”.

sharn cedar

A muslim woman at my work.  Her husband is very conservative.  She went out to lunch with a few friends.  Looks like (from my observation) she was trying to hide that from her husband, not sure why.  She has an iPhone.  She may be dead or whatever next week.  Still apologizing for Steve Jobs?  Anyone who can get access to your iPhone or your computer, including trojans, is not always someone you can trust.  All they need is consolidated.db, a little file, and this can be used to plan or perpetrate lots of crime.  Apple is headed for major lawsuits, possible criminal implications as the murders start rolling in.  Domestic murders will be the most common, especially of abused women.  Still proud of Apple?

Lee Dronick

Apple is headed for major lawsuits, possible criminal implications as the murders start rolling in.

I hope you warmed up before that making that stretch.

The honor murder is the responsibility of the murderers. Not Apple, not the cheap motel where the victim had her assignation, not her paramour.

Still proud of Apple?

Yes.

Bosco (Brad Hutchings)

@Burma, you’re just helping with the cover up, effectively calling it “no big deal” or “previously disclosed” or “old news”. The fact is that a couple of guys found a way to plot where people had been using unencrypted information stored on their phones. Regardless of how or why the data was stored that way, the ability to do that with it unnerves many people.

The correct course of action for Apple was to recognize the concern, own the mistake, and promise a fix. Period. If there were reasonable trade-offs involved, explain the trade-offs and why a particular approach was taken. You earn and lose trust the most in times of turmoil.

Apple lost my trust long ago. So long as Steve Jobs is in control or his DNA is dripping all over the executive suite, Apple’s initial response to concerns, questions, and scrutiny will be “you’re holding it wrong”. It has nothing to do with lawyers and everything to do with arrogance.

BurmaYank

“...All they need is consolidated.db, a little file, and this can be used to plan or perpetrate lots of crime…”

What a load of ignorant nonsense!  No one could possibly tell from the consolidated.db data where this woman had been beyond neighborhood-wide coarse localizations.  And one could possibly tell from this data when this woman had been in a such a general neighborhood, nor how often she had been there, or even if she actually had been there, because many of the consolidated.db locations are of cell-towers that the iPhone was never near, as you should be well aware!

Shame on you, sharn cedar, phony FUDslinger!

BurmaYank

“The correct course of action for Apple was to recognize the concern, own the mistake, and promise a fix.”

There never was any mistake, in reality.  And nothing to fix; encrypting the iPhone’s downloaded cell-tower locations is useless, un-necessary and unbeneficial to the iPhone’s user.

So, of coarse, there never could be anything to cover-up & so there obviously never was any cover-up.

mhikl

I hope you warmed up before that making that stretch.

Clever.

What’s with all the trolls, Sir Henry? Such empty lives. Like going to a practice game of your opponents and booing. Funny.

Bosco (Brad Hutchings)

There never was any mistake, in reality.? And nothing to fix; encrypting the iPhone?s downloaded cell-tower locations is useless, un-necessary and unbeneficial to the iPhone?s user.

Well, over in Android land, we just crucified a prominent third party for storing sensitive user data unencrypted on the device. Skype made changes to how they store account lists and is now back in good graces. As the kids say, Skype > Apple.

Lee Dronick

What?s with all the trolls, Sir Henry? Such empty lives. Like going to a practice game of your opponents and booing.

God I don’t know. It is like that on the political blog where I also hang out. “But O, how bitter a thing it is to look into happiness through another man’s eyes.” from Shakespeare’s As You Like It

You go watch your competitor’s practice so that you can better better compete with them, to find their weaknesses and strengths.

rjackb

The tracking of any location information is completely unacceptable to me without my express written consent. Anything else, IMO, violates the 4th amendmendt of the U.S. Constitution (for us U.S. citizens).

vpndev

@rjackb: the Fourth Amendment, although is has been roundly abused, applies only to the Government.

Please, don’t challenge Apple on Fourth Amendment grounds.

Instead, go camp on the head (figuratively) of your local Congresscritter and impress upon him/her the need for privacy legislation such that privacy is the default. We need a legislative solution here - it’s not a Constitutional issue.

Bosco (Brad Hutchings)

here never was any mistake, in reality.? And nothing to fix; encrypting the iPhone?s downloaded cell-tower locations is useless, un-necessary and unbeneficial to the iPhone?s user.

So, of coarse, there never could be anything to cover-up & so there obviously never was any cover-up.

Apple begs to differ this morning.

Bosco (Brad Hutchings)

Oh, will you take a look at this from Apple’s Q&A:

2. Then why is everyone so concerned about this?

Providing mobile users with fast and accurate location information while preserving their security and privacy has raised some very complex technical issues which are hard to communicate in a soundbite. Users are confused, partly because the creators of this new technology (including Apple) have not provided enough education about these issues to date.

Coincdentally, I posted that exact sentiment a few days ago, a perspective quite unique to the commentary on this issue. Typical Apple being a copycat.

zewazir

BurmaYank: The issue here is not that Apple isn?t tracking you personally. The company is not. The issue is that if your iPhone falls into the wrong hands, the combination of the anonymous tracking data + information about your identity contained elsewhere in the phone poses a threat to your privacy.  Or if confiscated by police, the combination of anonymous tracking data + the user identity could be misused.  So Mr. Jobs was being disingenuous, and that leads to customer dismay.

If your iPhone, other smart phone, or other personal data device up to and including full-blown laptop “falls in the wrong hands” chances are you will have a heck of a lot more to worry about than a file which indicates where you have been.  I mean, get real. We all carry around a ton of personal information with us on a daily basis, in both electronic and other forms. If ANY of these forms “falls in the wrong hands” then there is indeed something to worry about, and a tracking history of your movements is likely one of the smallest items to add to those worries.

OTOH, how the heck do people think their iPhone is able to give them instant directions to the nearest Starbucks if said iPhone does not transmit and receive location data to the system in order to answer the question?  Again, GET REAL people!! The very services everyone is hailing as the next best thing to white bread are the same services which REQUIRE location data to be shared between the users and the networks.

BurmaYank

“There never was any mistake, in reality.? And nothing to fix; encrypting the iPhone?s downloaded cell-tower locations is useless, un-necessary and unbeneficial to the iPhone?s user.

So, of coarse (sic), there never could be anything to cover-up & so there obviously never was any cover-up.”

Apple begs to differ this morning.

Not quite, Bosco.  Both you and your Gizmodo article were mostly quite incorrect in what you claimed Apple said.

Yes, according to Gizmodo, Apple did admit that a bug (”...which we plan to fix shortly”) has caused it to mistakenly (& inadvertently) store ”...up to a year’s worth of location data… on the iPhone”, and also to “...sometimes continue updating its Wi-Fi and cell tower data from Apple’s crowd-sourced database…” even when one iPhone turns off Location Services.  Apple says this is too much data storage; “We don’t think the iPhone needs to store more than seven days of this data.”

But no, Apple’s statement categorically denied that this data stored on the iPhone is “...the iPhone’s location data-it is a subset (cache) of the crowd-sourced Wi-Fi hotspot and cell tower database which is downloaded from Apple into the iPhone to assist the iPhone in rapidly and accurately calculating location.”  Moreover, “...Apple is not tracking the location of your iPhone. Apple has never done so and has no plans to ever do so”.  The evidence clearly shows Apple has told the truth about this (despite the Gizmodo article’s ignorant/oblivious attempt at a contradicting diatribe):

3. Why is my iPhone logging my location?
The iPhone is not logging your location. Rather, it’s maintaining a database of Wi-Fi hotspots and cell towers around your current location, some of which may be located more than one hundred miles away from your iPhone, to help your iPhone rapidly and accurately calculate its location when requested. Calculating a phone’s location using just GPS satellite data can take up to several minutes. iPhone can reduce this time to just a few seconds by using Wi-Fi hotspot and cell tower data to quickly find GPS satellites, and even triangulate its location using just Wi-Fi hotspot and cell tower data when GPS is not available (such as indoors or in basements). These calculations are performed live on the iPhone using a crowd-sourced database of Wi-Fi hotspot and cell tower data that is generated by tens of millions of iPhones sending the geo-tagged locations of nearby Wi-Fi hotspots and cell towers in an anonymous and encrypted form to Apple.

4. Is this crowd-sourced database stored on the iPhone?
The entire crowd-sourced database is too big to store on an iPhone, so we download an appropriate subset (cache) onto each iPhone. This cache is protected but not encrypted, and is backed up in iTunes whenever you back up your iPhone. The backup is encrypted or not, depending on the user settings in iTunes. The location data that researchers are seeing on the iPhone is not the past or present location of the iPhone, but rather the locations of Wi-Fi hotspots and cell towers surrounding the iPhone’s location, which can be more than one hundred miles away from the iPhone. We plan to cease backing up this cache in a software update coming soon (see Software Update section below).

5. Can Apple locate me based on my geo-tagged Wi-Fi hotspot and cell tower data?
No. This data is sent to Apple in an anonymous and encrypted form. Apple cannot identify the source of this data.

And you are also still wrong to allege Apple has engaged in any sort of coverup - none of this news of Apple storing this data is new information; “Apple provided complete details/limitations of the Core Location data collection and transfer activities in July last year http://www.wired.com/images_blogs/gadgetlab/2011/04/applemarkeybarton7-12-10.pdf

This cache was also detailed in the WWDC 2010 session entitled ?Using Core Location in iOS?.

right on

is completely unacceptable to me without my express written consent.

Who do you think you are? Major League Baseball?

John Martellaro

I was very pleased to see Apple’s official response on April 27th.

http://www.apple.com/pr/library/2011/04/27location_qa.html

Bosco (Brad Hutchings)

Not quite, Bosco.? Both you and your Gizmodo article were mostly quite incorrect in what you claimed Apple said.

FFS, BurmaYank. You are insufferable. What part of truncating the data to a week in the near term and encrypting it eventually is not recognizing a mistake and promising to fix it?

BTW, nobody cares what they detailed in a WWDC session. It still turned out to be a security problem once a couple guys put points to paper. To not accept the problem and then do nothing as you suggested would have been the height of arrogance and irresponsibility. I just wanted to point out that cooler heads actually prevailed and congratulate Apple for not being as tone-deaf as some of its fanboys. It’s a start.

BurmaYank

What part of truncating the data to a week in the near term and encrypting it eventually is not recognizing a mistake and promising to fix it?

As I did admit in my post (*please refer to my quote from it, below), you were NOT incorrect about Apple recognizing that it had made a (actually harmless & trivial) mistake (i.e - ”...too much data storage…”) and promising to fix it. Can’t you see that I admitted you were correct on that one “mistake” issue at least (even though I insisted/insist you were/are wrong about the rest of what you were saying about whether there was any “coverup”, or any significant security/privacy issue involved in what iPhones were downloading & storing from Apple)?

It still turned out to be a security problem once a couple guys put points to paper. To not accept the problem and then do nothing as you suggested would have been the height of arrogance and irresponsibility.

You’re WRONG there, Bosco:
- There has been no security/privacy problem revealed in any of this on iPhones. iPhones’ locations cannot be revealed by examining/mining this data and so privacy cannot be jeopardized by revealing this data to thieves/hackers/etc..
- Since there is no such problem to accept or do something about, there is no “...arrogance and irresponsibility…” associated with doing nothing about the non-existent problem.  (SHEESH!)

————————————
(*quote referred to from above:
Yes… Apple did admit that a bug (?...which we plan to fix shortly?) has caused it to mistakenly (& inadvertently) store ?...up to a year?s worth of location data? on the iPhone?, and also to ?...sometimes continue updating its Wi-Fi and cell tower data from Apple?s crowd-sourced database?? even when one iPhone turns off Location Services.  Apple says this is too much data storage.”)

wab95

John:

Thank you for hosting a discussion on this topic. I had promised myself not to contribute any more to this nutrient-poor food fight pending the release of actual information from Apple and/or hearings.

The one element from your piece that I would underscore is the issue of communication, specifically what is referred to as hazard communication - communicating information to the public when the public has been, or even simply believes it has been, exposed to some form of hazard. This remains more an art than a science, but there are elements of this in Apple’s statement released today. I agree, in spirit, with your assertion that this needs to be done early, a cardinal point in hazard communication; but equally important, it must be done well, or else it can actually make things worse. A case study is the handling of the nuclear reactor crisis in post-tsunami Japan by both TEPCO and the government, particularly the former, who made serious public relations missteps in their initial communications that undermined public confidence in their subsequent communications and credibility.

A key objective of hazard communication is to let the public know that their concerns are heard. If one does not have information to address those concerns, a message can simply say that the public’s concerns are deserving of a response, and that a response is forthcoming. In general, this is done in extreme situations where leaders need to minimise the risk of panic, however the BP oil spill illustrated how unsatisfactory that can be. Otherwise, if there is no imminent danger, or panic, and information will be available soon, a delay might be preferable, which was Apple?s tack. Hazards or their risk provoke fear, a fear based on a lack of information and/or understanding of the nature of the threat, and information, however unpleasant, is needed to mollify that fear. This is what both the press and the public want, information. There are many other elements to hazard communication.

But there is another issue that is not so simple, and that is the one of risk or hazard assessment by individuals; and here is where, in my opinion, much of the discussion (writ large) has gone off the rails. Perhaps the best illustration of this, and forgive me for pointing fingers, is the histrionic statement by sharn cedar about the possible death of a Muslim woman at the hands of presumably Steve Jobs and his iPhones.

We are very poor at assessing risk in general, and even worse at doing so when we do not know all the facts surrounding a potential hazard (hence the need for hazard communication). There is a tendency at such times to allow our dread to magnify a threat beyond proportion and reason, at which point our risk assessment becomes irrational. Michael Specter treats this well in ?Denialism? (I get no commission if you buy the book).

But there are tools we have at our disposal to give us a sense of perspective, while we await new information. One of these is categorisation of the threat. In the case of the iPhone, the issue was the phone logging location information, and the threat was that this ?might? be accessed by parties (choose your favourite boogeyman) who could use this against us. ?What if? scenarios are seldom helpful in the face of an unknown or poorly understood hazard. Indeed, they fan panic into outright silliness, and if anything, make us more vulnerable to those who would prey (at some price) on that panic.

I propose instead a thought exercise for perspective, pending further information. Ask yourself if you have ever been the focus of a criminal investigation, where your location information was subpoenaed. Ask yourself if any of your friends have been the same. Ask yourself, if you have been the victim of identity theft or fraud or stalking, if the exploit depended on your location information. If you answered ?yes? to any of the above, you have reason for concern, but at least it is familiar and quantifiable; you have some perspective. (If you answered yes to all three questions, you may want to consider a lifestyle change.) If you answered ?no? to all the above, then ask yourself one final question: What is the probability that the existence of a location log in your iPhone makes any of the above more likely to occur. Be clear here. Not whether the data ?could be used? (a ?what if?), rather the mere existence of the data increases your chances of becoming such a target, despite the fact that never in your life have you or your associates been one. Perspective. You either are or are not the object of interest, and the mere existence of these data do not change that one iota.

In the meantime, I look forward to more information, and hopefully, rational discussion and realistic hazard assessment.

Bosco (Brad Hutchings)

Perhaps the best illustration of this, and forgive me for pointing fingers, is the histrionic statement by sharn cedar about the possible death of a Muslim woman at the hands of presumably Steve Jobs and his iPhones.

That was obviously satirical, but being the subject of even the cruelest satire is one of the costs of cocking things up. More than just a random cost, it’s a test of humility. Should you cock things up and then fail the humility tests, people will start piling on. Sharks, in sniffing out blood, serve a very useful purpose. Perhaps they have in this particular case as well. We shall see.

vpndev

This cache was also detailed in the WWDC 2010 session entitled ?Using Core Location in iOS?.

It’s worth noting that this is NOT disclosure. All WWDC sessions, except for the keynote, are under NDA and can’t be discussed in public.

Log-in to comment