All hell broke loose yesterday when Alasdair Allan and Pete Warden revealed that Apple stores your GPS location on your iPhone in an unencrypted file called consolidated.db, which is then uploaded to your computer when your sync your device. In fact, with a nifty open source application called iPhone Tracker, you can view, on a map, everywhere you’ve been since you updated your phone to iOS 4.
Articles filled with good information on the topic also seemed to be regrettably full of scare tactics and sensational headlines. If you haven’t read Ars Technica’s article “How Apple tracks your location without consent, and why it matters” I highly suggest it. As always, Ars Technica has the most most technical yet easy-to-understand breakdown of these new findings. But let me show you what I mean by sensationalism by quoting Jacqui Cheng directly:
What’s not shown is a week-long trip I took to Hong Kong in October. Why? Because I left my iPhone’s cellular and data connections turned off and only used GPS with WiFi while I was there. But if I know I used GPS in Hong Kong in order to make geotagged tweets and photos, shouldn’t it show up in this log file? The answer is no, and the reason behind it should scare you.
To summarize the rest of the article, and the reasons Jacqui Cheng thinks you should be scared, the iPhone only collects GPS data through Cell Towers and not Wifi (despite Wifi having the ability to acquire GPS information). Thus, there’s no way to turn it off. Unlike Jacqui, I find this acceptable rather than upsetting.
Apple is collecting locational data through cell phone tower triangulation in order to improve phone service. Cell phone companies have been doing this for years. Apple is not using this data in some insidious scheme. In fact, Apple doesn’t collect this data at all; it is simply stored it on your personal phone and computer.
However, there is still a scary part. This data should not be accessible to anyone (unless there is a court order), but Alasdair Allan and Pete Warden’s report prove that your GPS data can be easily collected by anyone with access to your computer or phone. The file is not encrypted by default on your computer, not not at all on your phone. Anyone, from sneaking spouses, to bosses, to overzealous fans can jump on your computer and reach the epiphany “Aha! John was in Colorado in June of 2010! I knew it!” Previously, this information was only available to warrant carrying law enforcement agents. Now, it’s out in the open—if your phone or computer is out in the open.
Which means this is a security issue, rather than a privacy issue. It means Apple needs to release an updated version of iOS and possibly iTunes in order to better encrypt this file. Do you know what also has security holes? Every internet browser you use and every operating system ever installed on a computer. This is why programs such as Norton Antivirus exist. To patch security holes. And this is why we shouldn’t be so quick to throw Apple under the bus.
People who are decrying this issue as a privacy concern need to take a look at other aspects of their life and put the iPhone tracking in perspective. Those with credit cards have almost every purchase they make logged by a major company (which can be accessed with a username and password or clever social engineering). Those walking around in New York City will no doubt be video taped on more than one of the 4468 (and counting) surveillance cameras monitoring the city (PDF). Those with an EZPass to pay for highway tolls are being tracked too. And people are actually monitoring this information.
Lest we forget, Apple DOES have an opt-out feature: don’t bring your phone with you. No one is holding a gun to your head and forcing you to carry your iPhone everywhere you go. If your cell phone is still by your side, right now, then you’ve made a conscious decision to accept this security flaw. You’ve weighed the pros and cons of having a cell phone, and ended up pro-phone. I don’t blame you. The iPhone has become an indispensable tool for me, as much as I hate to admit it.
So before we become overwhelmed by the crowd hysterics claiming that Apple is watching everything we say and do, we need to look at what is actually happening and put this in perspective. Apple made a booboo by not encrypting your cell tower triangulation file, but how many of you had sensitive personal information exposed in recent security breaches? How many of you simply charge everything you purchase? How many walk through cities without wearing a mask?
It’s time to pick our battles. Let’s focus this energy on worthy causes rather than being so quick to jump on the fear bandwagon. Where are we at with net neutrality and unhosted.org?