iOS Location “Tracking”; Gross Invasion Of Privacy Or Media Sensationalism?

Oh dear. For a few years now I’ve been talking about how the privacy aspect of today’s location technologies is something that may just catapult location into the mainstream, and possibly tabloid, media and probably for the wrong reasons. I envisaged this as being something salacious and potentially titillating, such as two Z List celebrities involved in a high profile divorce case, where they claimed to be in two separate places but their phone’s A-GPS showed the complete opposite. If you were at Where 2.0 in San Jose this week or reading the headlines on the web sites of the BBC, The Guardian or BoingBoing, you’d be forgiven for thinking that just such a location media event had happened. But has it? The headlines certainly seem to think so …

iPhone tracks users’ movements … says the BBC

iPhone keeps record of everywhere you go … says the Guardian

Got an iPhone or 3G iPad? Apple is recording your moves …. says O’Reilly Radar

iOS devices secretly log and retain record of every place you go … says BoingBoing

… and when I use the word “says” in reality “screams” would be more accurate.

Privacy Area

But as is often the case, the headlines don’t tell the whole story. At Where 2.0 two security researchers have discovered a cache file in iOS which contains cell tower ids and corresponding longitude and latitude coordinates. This cache file isn’t accessible if your iOS device has a passcode lock enabled, which it should be, and while it is backed up to any computer you synch your iOS device with, if your backups are encrypted, which they should be, this cache file isn’t accessible is anyone, especially not “a jealous spouse or private detective” as the researchers claim.

So why is your iOS device caching your cell tower ids and their locations? A reasonable supposition would be to speed up the A-GPS subsystem in your device, so that time consuming network calls don’t always need to be made and so your iOS device seems to be faster. Caching is a common technique used to speed up network systems and it’s not surprising, at least to me, that iOS is using caching techniques.

Massachusetts Ave with iPhone Google Maps

So if you’re an iOS user, should you be worried? It’s true that the iTunes terms of service does say that “We may collect information such as occupation, language, zip code, area code, unique device identifier, location, and the time zone where an Apple product is used so that we can better understand customer behavior and improve our products, services, and advertising” but there’s currently no evidence that location information is actually being sent to Apple as a result of this caching. That’s not to say that it isn’t or that it won’t be in the future, but for now, it looks unlikely. Take some basic security precautions such as a phone passcode lock and encrypt your synchronised backups and this looks less like a gross invasion of privacy and much more like any other use of caching techniques.

Cell Tower Mast

I think it’s right and good that researchers are probing into the the depths of a popular mobile operating system and looking for vulnerabilities. Your location, regardless of whether it’s your current position or where you’ve been is valuable and above all private information and is ripe for abuse as last year’s news on how free Android apps are sharing people’s location without their knowledge shows. But I take issue with the conclusions drawn from such research as this and how it’s being publicised. To put this in context, consider the following, totally imaginary on my part, media headlines about caching …

Your web browser records every web page you visit!

Well yes, but … without this your browser would far less usable and far slower and caching is a fundamental part of how the web works.

Your Internet Service Provider stores copies of every email you send and receive!

Well yes, but … it’s part of the IMAP protocol that most email accounts use today.

Your mobile phone provider tracks your mobile phone’s location!

Well yes, but … it’s the way that cellular networks work. It’s how you can make and receive calls. Disable this and mobile networks stop working.

Finally I’m reminded of the other, media fueled furores, that have appeared and subsequently disappeared, around the launch of Google’s Latitude and Facebook’s Places. Much media coverage ensued, many sensationalistic headlines, much wringing of hands from industry pundits and then the rest of the world got on with using location technologies and didn’t give it a second thought … until the next time the media wants some headline attentions.

Photo Credits: Mark Barkaway, Steve Garfield and Happychopper on Flickr.
Written and posted from home (51.427051, -0.333344)

3 Comments

  • It looks like the “researchers” didn’t look for previous work, which is part of the problem. Some security researcher discovered this previously, published it and found it to be common knowledge amongst peers in the industry: https://alexlevinson.wordpress.com/2011/04/21/3-major-issues-with-the-latest-iphone-tracking-discovery/

    Recently, I gave a talk on Expertise vs Knowledge in Web 2.0. In it, I discuss frequency/followers/timing as ingredients that create the perfect storm for information to be perceived as “knowledge” by people who aren’t formal experts in the Web 2.0 world. The media frenzy regarding this “discovery” is a case of information, masquerading as “knowledge” in a Web 2.0 format. As you rightly point out, there are reasons for saving location with regards to caching, etc… that help the device do what it needs to do. But these Web 2.0 researchers were in a perfect place (Where 2.0, with followers, and press) to distribute this “knowledge” as true knowledge.

    If you’re interested, the slides (advance with arrow key) are here;

    http://anthropunk.com/TtW2011_Applin_Fischer/TtW2011_Applin_Fischer.mov

  • The really disappointing bit about this whole story is that it sets us back about 3 years. Privacy is obviously an issue but I thought it was one we’d resolved but stressing that people choose to report their location as in places, foursquare or fire eagle. Even if Apple aren’t doing anything with the location info it’s the fact it’s being collected without the users explicit (who reads the terms anyway) consent. For me location tracking can be genuinely valuable and fun (free muffin thx to foursquare) but we cannot forget to ask people’s permission really clearly first.

    This would be a non-issue if apple had a setting which something along the lines of ‘Switch the setting on for a super-quick GPS fix, we’ll keep you location private’.

  • Running the guys’ app on my Mac and seeing the map of my previous locations filled me with surprise. ‘Gosh’, or words to that effect. Partly because it hits you where you’ve been in the last year… or so, and that it’s all been captured or ‘diaried’ in your little phone.

    Just watching ITV news, one of the guys who wrote the app were discussing the ‘jealous spouse’ potential. Proper Daily Mail fodder.

    If I were a cynic, I’d say that the cell tower IDs were captured alongside location to make it *look* as though it were a caching technique. However, I’m not so cynical. I read Alex Levinson’s response, though he doesn’t actually provide a reason for it. Cell tower location caching seems to be the most likely reason – and even if not, I don’t believe it’s malevolent. Apple would have too much to lose. Still, it’ll be interesting to hear their response.