Six Lines

▶ Apple and Location Data

Posted by Aaron Massey on 26 Apr 2011.

The NY Times reports that some European governments believe Apple may have violated privacy laws by collecting and storing location data. From the article:

“This data that was supposedly discovered yesterday has existed in earlier iPhones,” said Alex Levinson of Katana Forensics, a company that specializes in extracting data from electronic devices for legal cases. Mr. Levinson said that he and colleagues had explained Apple’s practices at conferences and in research papers, and that his firm has helped law enforcement agencies “harvest geolocational evidence from iOS devices,” a reference to the Apple operating system.

The article goes on to mention that the data collection isn’t entirely new, and was discussed in a letter delivered to Congress last July from Apple. If you want to read the letter in its entirety, it’s online here (PDF). Ars Technica has more coverage of why this is suddenly news again and what Congress wants Apple to tell them now.

Jacqui Cheng makes an important point in that first Ars Technica article:

From the end-user point of view, Apple only does one kind of location tracking, and it happens via GPS. The company makes sure to notify you on your iPhone or iPad every time you use an app that will grab your GPS location so that you’re always informed of when you’re being tracked. However, that’s not all that’s going on behind the scenes. Apple also triangulates your location from cell phone towers and logs that information in order to help get a faster GPS lock (or to find your location without GPS if you’re getting bad GPS signal).

[…snip…]

Users don’t get to decide whether their locations are tracked via cell towers or not—unlike GPS, there is no setting that lets users turn it off, there’s no explicit consent every time it happens, and there’s no way to block the logging. (Nitpickers will point out that you do give your consent to iTunes when you download and install iOS 4, but this is not treated the same way as the consent given to the iPhone every time an app wants to use GPS.) So, whether or not you’re using GPS, if you’re using your iPhone as a cell phone, you are being tracked and logged constantly without your knowledge. This is why my trip to Hong Kong wasn’t logged (because I had all cell connections turned off while GPS was on), but my stop-over in Tokyo Narita on the same trip was logged (I had turned on my phone to make a quick call, but did not use GPS).

In short, simply turning Location Services to the “off” position doesn’t actually prevent you from having your location tracked.

I’m not convinced this is a uniquely Apple problem. Location is a killer feature for everything from getting driving directions to finding a place to eat to knowing what the weather will be like. It’s worth pointing out work that some of my colleagues at North Carolina State have done on Android-based phones:

Jiang says TISSA could be easily modified to incorporate additional settings that would allow more fine-grained control of access to personal information. “These settings may be further specialized for different types of information, such as your contact list or your location,” Jiang says. “The settings can also be specialized for different applications.”

For example, a user may install a weather application that requires location data in order to provide the user with the local weather forecast. Rather than telling the application exactly where the user is, TISSA could be programmed to give the application generalized location data – such as a random location within a 10-mile radius of the user. This would allow the weather application to provide the local weather forecast information, but would ensure that the application couldn’t be used to track the user’s movements.

Any smartphone worth the extra expense is going to have to track location some of the time, so we’re really talking about what level of control to give to users over that data. Should there be a master switch that actually prevents location tracking? Should location data be deleted after a reasonable period of time? Should users be able to manually wipe location data at will? As my colleagues point out, we should also ask whether users should be able to provide a slightly randomized bogus location within 10 miles for services that don’t require precise latitude and longitude, like weather. There’s a lot of room for innovation here.