Everything You Need to Know About the iPhone Tracking ‘Scandal’ [Updated]

Seeing as I cover OSX/iOS security and privacy, I figured it’s about time I weighed in on this whole iPhone/iPad tracking ‘scandal’. I have to admit I was surprised when I first heard of the iPhone storing location data, especially that it does so with Location Services turned off. This issue is not new, however, and was described in a fair amount of depth by Alex Levinson several months ago. What has made it so popular this month is the release of the iPhoneTracker app, developed by Pete Warden and Alasdair Allan, that creates a visual map of your visited locations. I promptly tested iPhoneTracker, and sure enough it showed a bunch of areas that I’d visited. Upon closer inspection, however, I noticed that it didn’t specifically geolocate me in two places where I’d spent a lot of time; namely home and work. On top of that, there were a number of locations I’d never even been to.

[Updated] According to the info recently published by Apple, this stored location data is not the location of the iPhone itself, but rather a subset of crowd-sourced location information for local cell towers and wifi networks, which is only used to rapidly provide the user with location information. Full details at the bottom of this post.

While it’s safe to say that your general whereabouts can easily be traced using the stored location data, it hardly pinpoints your location. Peter Batty investigated this further and states that the iPhone doesn’t store an accurate location (these are not GPS coordinates), nor does it store history. While the location data does store time-based information, Batty’s analysis suggests that it only stores the date you last visited a specific area, and not if you made repeat visits.

“[…] the data will show what cities you’ve visited, with some indication of which parts of a city you may have visited, though nothing definite – there will be records in areas you didn’t visit. And it doesn’t show repeated visits to the same location, only the last one.”

So clearly, after the initial outcry from uninformed privacy activists and iPhone-haters, the situation is not as simple as they made it sound. In fact, this stuff is not exactly new. In July 2010, Apple replied to a request from Congress about its usage of location-based data. From page 5 of that document, Apple details its use of location-based information and states: “To provide the high quality products and services that its customers demand, Apple must have access to comprehensive location-based information”. It goes on to outline how cell tower and wi-fi information is collected, together with GPS locations, and transmitted to “help Apple update and maintain its database with known location information”. According to that document, however, the information is only sent to Apple if Location Services are turned on, and an application that utilises those services is used.

As someone who’s concerned about privacy, I would object to Apple automatically storing and/or transmitting information about my location if my Location Services were turned off. But if I opt to use Location Services, then I don’t see any problem with some of that information being sent to Apple if it’s properly anonymised. With regards to the storage of long-term location data on one’s computer, one theory posted by John Gruber is that:

“consolidated.db acts as a cache for location data, and that historical data should be getting culled but isn’t, either due to a bug or, more likely, an oversight. I.e. someone wrote the code to cache location data but never wrote code to cull non-recent entries from the cache”

I also like Andy Ihnatko‘s “reality check” on this situation:

• This database isn’t storing GPS data. It’s just making a rough location fix based on nearby cell towers. The database can’t reveal where you were…only that you were in a certain vicinity. Sometimes it’s miles and miles off. This implies that the logfile’s purpose is to track the performance of the phone and the network, and not the movements of the user.
• A third party couldn’t get access to this file without physical access to your computer or your iPhone. Not unless you’ve jailbroken your iPhone and didn’t bother resetting its remote-access password…or there’s an unpatched exploit that would give Random Person On The Internet root access to your phone.
• It’s pretty much a non-issue if you’ve clicked the “Encrypt iPhone Backup” option in iTunes. Even with physical access to your desktop, a no-goodnik wouldn’t be able to access the logfile.

One user sent Steve Jobs an email, asking for an explanation, and Steve replied stating that Apple does not do any tracking:

Q: Steve, Could you please explain the necessity of the passive location-tracking tool embedded in my iPhone? It’s kind of unnerving knowing that my exact location is being recorded at all times. Maybe you could shed some light on this for me before I switch to a Droid. They don’t track me.

A: Oh yes they do. We don’t track anyone. The info circulating around is false.

Conclusion

First off, clearly there is an issue here. Although there are ways to protect the stored location data, one can question whether it should be there if Location Service is turned off, or even if such long-term data needs to be kept if it’s turned on. It’s not really in Apple’s style to track its users, so I think there must be some reason why this data is kept. Due to the amount of attention this issue has been getting, Apple will probably have to give some kind of reaction. As they are naturally tight-lipped, the response may simply be an update to iOS which results in the removal or regular pruning of the stored location file.

For those of you who have been worried about your privacy. There isn’t yet any evidence of Apple doing anything else than collecting information about users’ local environments including cell towers and wifi networks. To protect the location file stored on your computer, all you need to do is encrypt your iPhone backups in iTunes and use a strong passphrase. Lastly, don’t lose your iPhone or iPad, but if you do, at least you can use Find My iPhone to get it back ;)

[Updated 27/04/2011] Apple has posted a clear and concise Q&A on Location Data where they confirm that no tracking of individual users is performed. The location information stored on each iPhone (and backed up by iTunes), is merely a subset of crowd-sourced location information for local cell towers and wifi networks, which is only used to rapidly provide the user with location information. This explains why some locations within the database can be hundreds of kilometers away.

Apple has confirmed that a bug is causing the iPhone to store this cell-tower and wifi database indefinitely, when the intended storage period should only be one week. Another bug causes the location database to still be downloaded by the iPhone when Location Services is turned off. Sometime in the next few weeks Apple will release has released an iOS software update that:

• Reduces the size of the crowd-sourced Wi-Fi hotspot and cell tower database cached on the iPhone,
• Ceases backing up this cache, and
• Deletes this cache entirely when Location Services is turned off.

The answer to this last question is confirmed what I thought about Apple’s stance on privacy, and it’s nice to hear it from them:

10. Does Apple believe that personal information security and privacy are important?
“Yes, we strongly do. For example, iPhone was the first to ask users to give their permission for each and every app that wanted to use location. Apple will continue to be one of the leaders in strengthening personal information security and privacy.”

[Update 5/5/11] iPhone/iPad iOS 4.3.3 Fixes Location Tracking Bugs