Apple’s release of version 4.3.3 of its iOS operating system “..kills iPhone tracking”, according to a recent article. After nearly three weeks of public attention on this issue, this news will perhaps appease some iPhone fans but is not likely to end the debate over what users should know and control about their smartphones’ location tracking abilities. Like Apple, Google’s Android and Miscrosoft’s Windows Phone systems have also recently come under fire, though important differences exist in the way each company collects and uses location-based information.
We have reviewed recent articles and research on each of these mobile operating systems’ location tracking capabilities and will describe the various claims made and the research undertaken to test these claims.
It is important to note that, while concerns exist around the collection of location-based data, there is no evidence that “payload data”, such as emails and passwords, is being transmitted to any of these companies, as was collected in last year’s Google Street View debacle.
Apple iPhone (iPhone 3G, iPhone 3GS, iPhone 4, and some iPad models)
The current controversy erupted publicly in mid-April, when Alasdair Allan and Pete Warden exposed the iPhone’s tracking capability and released software that produced visualizations of users’ locations over time. The consolidated.db file on which Allan and Warden’s blog and software focused had already been described earlier by both Alex Levinson and Paul Courbis.
However, while the initial descriptions of the vulnerability were quite technical and academic, Allan and Warden’s more approachable piece was quickly picked up by The Guardian and other media outlets. In addition, their open source software was released publicly and free of charge. Within hours, numerous iPhone users had used it to produce detailed maps of location data stored on their iPhones, and examples begun to pop up online.
As Allan and Warden stated in a follow-up article on the subject, “The main reason we went public with this was exactly because it already seemed to be an open secret among people who make their living doing forensic phone analysis, but not among the general public.” And indeed, the book “iOS Forensic Analysis”, written in 2010, notes;
The controversy around a third party’s ability to determine an iPhone user’s location at a particular time is compounded by the fact that, before the recent iPhone OS update, the files containing this information were unencrypted on the device, machine-readable, and were stored in this unencrypted format by default on any computer used to sync the device. Additionally, prior to the recent update, iPhones and any computers that had been connected to them stored this location data indefinitely.
Apart from the issue of unencrypted data storage is the question of whether this data is sent to Apple and at what frequency. According to Allan and Warden’s initial post, “There’s no evidence that [iPhone location data is] being transmitted beyond your device and any machines you sync it with.” However Apple has admitted since July of 2010 that location data is transmitted from iPhones to Apple every twelve hours, though they point out that users can opt out these services. On April 27th, Apple directly addressed a number of these concerns in a statement on its website:
The iPhone is not logging your location. Rather, it’s maintaining a database of Wi-Fi hotspots and cell towers around your current location, some of which may be located more than one hundred miles away from your iPhone, to help your iPhone rapidly and accurately calculate its location when requested. Calculating a phone’s location using just GPS satellite data can take up to several minutes. iPhone can reduce this time to just a few seconds by using Wi-Fi hotspot and cell tower data to quickly find GPS satellites, and even triangulate its location using just Wi-Fi hotspot and cell tower data when GPS is not available (such as indoors or in basements). These calculations are performed live on the iPhone using a crowd-sourced database of Wi-Fi hotspot and cell tower data that is generated by tens of millions of iPhones sending the geo-tagged locations of nearby Wi-Fi hotspots and cell towers in an anonymous and encrypted form to Apple.”
The entire crowd-sourced database is too big to store on an iPhone, so we download an appropriate subset (cache) onto each iPhone. This cache is protected but not encrypted, and is backed up in iTunes whenever you back up your iPhone. The backup is encrypted or not, depending on the user settings in iTunes….
No. This data is sent to Apple in an anonymous and encrypted form. Apple cannot identify the source of this data.
It shouldn’t. This is a bug, which we plan to fix shortly.”
This and other “bugs” have since been addressed with the release of iOS 4.3.3, though questions remain (legal and otherwise) about whether Apple’s user base is sufficiently informed that its data is being used as part of a “crowdsourced” effort, especially given Apple’s rather vague mention of it in its user agreement:
“By using any location-based services on your iPhone, you agree and consent to Apple’s and its partners’ and licensees’ transmission, collection, maintenance, processing and use of your location data to provide such products and services”
Much like iPhones, Android phones also collect and store location data, though the amount stored is disputed. It is described as either ‘about the last 200 Wi-Fi networks it has “seen” and the last 50 mobile cell towers it has connected to or “seen”’ or “the last few dozen locations”. The question of whether Android phones transmit this information, what permissions are required before it is sent, and whether it is anonymous have all been points of contention.
According to a recent Wall Street Journal article (based on consultation with hacker, Samy Kamkar) Android phones collect and send location data and unique phone identifiers to Google (they deny this) “at least several times an hour”. In response, Google sent the following statement to the blog, TechCrunch:
This is in direct conflict with the findings announced in a Wall Street Journal article which indicate that the data sent to Google contained a “unique identifier” tied to an individual’s phone. Google reps explained that “this number is in no way associated with the device’s IMEI, the user’s name, or other information.” However, it remains to be seen whether this data is really “anonymized”, as numerous de-anonymizing techniques exist which can successfully connect a limited amount of information to individuals with surprising accuracy. This will likely be a point of contention as the debate moves forward.
An article in the Guardian describes how Microsoft acknowledges that Windows Phones also collect location data and user IDs. However, Microsoft points out that, unlike iPhones, “location histories are not saved directly on the device”. The following is a description of the process (nearly identical to Apple’s), according to the Windows Phone website,
Clearly, some of the functionality users have come to expect from their smartphones is dependent on location data. How else would people be able to “check in” with Foursquare, use apps like Google Maps to determine where the nearest ice cream shop is located, or use Yelp’s mobile app to determine which one makes the best milkshake? Whether users are sufficiently informed about the degree of information gathered by organizations like Apple and Google in the process is another story. Some of the many questions that remain include:
- Can “anonomized” location information be tied to an individual user? If so, what are the consequences?
- While Apple and others do allow users the option to turn off all location-based services, isn’t the sort of “crowdsourcing” described by Apple something that should be opt-in rather than opt-out?
- When organizations such as Apple fail to secure their users’ security due to bugs or other causes, what are the consequences?
- While smartphone users are asked permission for their apps to access location data, are they sufficiently aware of the how this information is being used and the potential risks this poses?
- As organizations ranging from commercial enterprises to law enforcement agencies become increasingly savvy at mining mobile phones for sensitive data, how can the public be better educated?
As the US Senate subcommittee hearing on mobile privacy proceeds, current gaps in legislation on this issue will be filled in one way or another. One first step to improving the current situation would be to require that consumers be made aware of how their data is being used by mobile phone companies and by makers of various mobile apps, as was proposed to the Senate subcommittee today by Ashkan Soltan, an independent privacy researcher and consultant:
Al Franken, the Senator from Minnesota, also pushed Apple and Google at the hearings and stated in no uncertain terms that he wants to see better privacy policies put in place by companies. He noted in an interview recently:
“The current policies don’t do a lot of good. Apple’s software licensing agreement is about the same length as the Constitution. Google’s screen for privacy settings does give you more options for what you share than Apple’s does. But it’s not a complete list and people aren’t aware of whether or not that information will go to a third party.”
In the meantime, users can access tools such as The Wall Street Journal’s “What They Know – Mobile” website and better educate themselves on what information they are providing to whom in the quest for a perfect milkshake.
Image courtesy of Alasdair Allan and Pete Warden