Got an iPhone or iPad? Apple is Recording Your Movements

failPete Warden and Alasdair Allen have found something especially unsettling in iOS4, the operating system that Apple devices use. It’s news that I must admit has me reconsidering whether to stick with the iPhone when my contract ends.

You see, these devices are equipped with GPS so that location-aware apps like Foursquare and such can operate. Well, it seems that your iPhone is storing a record of all your movements in a hidden file in the operating system. “Who cares?” you might ask; after all, you can already be tracked to a great extent through your Yelp and Foursquare check-ins. Well, this is a little different.

As security researcher Peter Warden puts it:

The most immediate problem is that this data is stored in an easily-readable form on your machine. Any other program you run or user with access to your machine can look through it.

Stop and think for a minute. Think about the number of applications on your iDevice. I’ve got three pages of nested folders full on my handset, for instance. It’s a lot like the apps and games on Facebook. Notice how you have to authorize them to have access to your data? Same thing, but Apple has failed in a major way by not making it opt-in. That’s not all though, as Warden goes on to say:

The more fundamental problem is that Apple are collecting this information at all. Cell-phone providers collect similar data almost inevitably as part of their operations, but it’s kept behind their firewall. It normally requires a court order to gain access to it, whereas this is available to anyone who can get their hands on your phone or computer.

By passively logging your location without your permission, Apple have made it possible for anyone from a jealous spouse to a private investigator to get a detailed picture of your movements.

These days, people seem willing to give up their personal data at the drop of a hat in order to play a game or use an app. Most of them would probably have shared the data without a second thought if asked. Apple just did not ask.

All it takes is direct access to a device that has been synched to the iPhone, and a user can get access to this hidden file. If someone gets their hands on the handset itself, they can “jailbreak” it — a process which is much easier than many think — and have direct access to the file that way as well. It’s not very hard to do, especially for someone with a little tech know-how.

Is this a dastardly and Machiavellian move on Apple’s part? I don’t think so, and neither does Charles Arthur, technology editor for The Guardian:

Graham Cluley, senior technology consultant at the security company Sophos, said: ‘If the data isn’t required for anything, then it shouldn’t store the location. And it doesn’t need to keep an archive on your machine of where you’ve been.’ He suggested that Apple might be hoping that it would yield data for future mobile advertising targeted by location, although he added: ‘I tend to subscribe to c*ckup rather than conspiracy on things like this – I don’t think Apple is really trying to monitor where users are.’

While bearing overtones of Big Brother at first glance, I’ll bet we can file this under “collecting marketing data” rather than malice. Even so, my problem with its implementation and lack of security remains. This should have been opt-in or not rolled out. While it may well be within the terms of the service agreement, it is still bad business and shows no respect for their user base — a user base that is renowned for its fanatical devotion to Apple’s product line.

Data security and privacy are becoming more important issues every day. Issues like this discovery throw that fact into sharp relief.

So tell me, fellow iPhone users, what is your take on this? Enough to make you consider a Droid? (Warden was quoted as saying that Alasdair had looked for similar functionality on the Droid and had found none. )

Source: “iPhone keeps record of everywhere you go,” The Guardian, 04/20/11
Source: “Got an iPhone or 3G iPad? Apple is recording your moves,” O’Reilly Radar, 04/20/11
Source: “Pete Warden’s iPhone Tracker,” Githhub, 04/20/11
Image by Firefly the Great/Dagny Scott, used under its Creative Commons license.

About George Williams

George “Loki” Williams is the community and brand manager for award wining game company Savage Mojo, Ltd. and the owner of SocialGumbo, LLC, an online consultancy specializing in Web content and online communications. Loki has produced content for clients including the Open Society Institute, National Association of Broadcasters, Kobold Press, and Kaiser Permanente. His work has been seen or written about in The New York Times, The BBC, Air America, The Gambit Weekly, and NOLA.com, among others.

  

Leave a Comment

LEAVE A COMMENT

  1. It’s not just Apple storing location info; Google is, too. Android phones are also logging your location “every few seconds,” according to The Wall Street Journal (“Google, Apple Glean Computer Locations,” April 27, 2011).

    And it’s not just smartphones and tablets that are logging, storing, and transmitting your location. Macintosh computers connected to Wi-Fi transmit this info to Apple and any computer running the Chrome browser on a Wi-Fi network will transmit this information to Google.

    Frankly, Apple’s and Google’s defense that people “opt-in” to this by using apps such as Google Maps is BS. Yes, you agree to have your location known when getting GPS directions; that doesn’t give them carte blanche to monitor, log, store, and transmit your every motion.

    And I don’t buy the theory that this is just a mistake. The fact that the data is transmitted back to Google and Apple puts the lie to that. They know it’s there. They’re intentionally gathering it. I suspect before this investigation is done, we will learn that they are also analyzing it. Google has admitted as much, telling The Wall Street Journal it “uses the accumulated location data to target advertisements.”

    It’s about time for some Do Not Track legislation. The “opt-out” option just doesn’t work with these data-hungry technology companies and advertisers.