This morning Apple (finally!) released an official and detailed response to all the questions that surfaced over the last week about the security of Location Services on the iPhone. The history of this is very well documented, and Apple very much needed to respond.
While reading Apple’s response, there were four messages I found between the lines:
- It is now clear that enabling or disabling “Location Services” in prior and current iOS releases only serves to allow or disallow Apps’ access to this data. The iPhone itself is still doing its level best to figure out where it is at all times. Or, more accurately, the iPhone is doing its best to be prepared to figure out where it is: before the iPhone even turns on GPS it can use cell tower and WiFi hotspots to triangulate a “rough guess” location, making it that much faster to ascertain specific location from GPS once that radio is enabled. This saves both time and battery power.
If the iPhone is already seeing these cell towers and WiFi hotspots at no additional battery/power cost, then it would be silly NOT to cache this data, regardless of whether or not Location Services is enabled. From a programming standpoint this makes good sense. When users see this and don’t understand what they’re seeing, it seems creepy. Plus, in a general (but not necessarily specific) sense, this does track where you’ve been, and that can actually be creepy.
In today’s Q&A Apple has said that future updates to iOS will no longer do this. The cost will be a potential time delay in the iPhone being able to figure out where you are if you have Location Services off and then turn it on. Many users disable Location Services simply to save battery life, and they will now suffer this delay when re-enabling it (probably less than 30 seconds).
- In this morning’s statement Apple said the iPhone is caching this “general location” data pretty far back (sometimes up to a year). From a programming standpoint this, again, makes good sense. If you have the data and you don’t need that room for other data, why delete the data? The answer, of course, is when the sum of that data poses a potential privacy risk.
Apple’s future updates to iOS will limit this to 7 days maximum in the cache. Honestly, I see no downside to this decision.
- iTunes currently backs up this cache of “general location” data when you backup your iPhone. Akin to #2 above this makes good sense programatically: you have the data why wouldn’t you save it? The answer, of course, is the same as #2.
In the future your computer won’t back up this data at all. This means if you have to wipe and restore your iPhone from a backup, you’ll do so with Location Services’ cache being completely empty. In all but a few edge cases I can’t see this being an issue for anyone.
- Apple also said they are “collecting anonymous traffic data to build a crowd-sourced traffic database with the goal of providing iPhone users an improved traffic service in the next couple of years.” This isn’t so much between the lines as it is the lines themselves, but worth noting that Apple is aware of this data and is happy to use it for their own purposes. Note that Google has been doing this for years, and many GPS navigation App vendors do it, as well. The difference is that this is the first time Apple’s being up front about it and, in a rare moment, Apple is also telling us of (some of) its future plans.
But Do We Believe Apple?
Everything I’ve stated above is under the premise that we’re taking Apple’s Q&A at face value. Do we trust Apple on this one? Again I look to the programmer in me and say yes: it’s the simplest answer to all of this. We have to remember that Apple is (among other things) an engineering company. When building devices and writing code, their main goal is to make something work smoothly, efficiently, and with as little required from the user as possible. I’m sure security factors into their processes, of course, but it’s clear to me that their driving goal is a pristine user experience. If we take Apple at face value, everything they were doing made good sense from that user experience standpoint. Going forward some degrees of that will suffer (but not by much) to ensure users’ privacy is protected.
The big question is how will this shape Apple’s engineering path for the future? The last thing I want is some Windows Vista-like experience where my Mac or iPhone pesters me about every little thing it wants to do before it does it, ensuring I’m as secure (and annoyed!) as possible.