Six Lines

Apple Responds to Location Data Concerns

Posted by Aaron Massey on 27 Apr 2011.

Yesterday, I wrote about Apple and Location Data, and I ended that article with a list of questions:

  1. Should there be a master switch that actually prevents location tracking?
  2. Should location data be deleted after a reasonable period of time?
  3. Should users be able to manually wipe location data at will?
  4. As my colleagues point out, we should also ask whether users should be able to provide a slightly randomized bogus location within 10 miles for services that don’t require precise latitude and longitude, like weather.

Several of these questions are answered directly by Apple’s response:

Software Update

Sometime in the next few weeks Apple will release a free iOS software update that:

  • reduces the size of the crowd-sourced Wi-Fi hotspot and cell tower database cached on the iPhone,
  • ceases backing up this cache, and
  • deletes this cache entirely when Location Services is turned off.

In the next major iOS software release the cache will also be encrypted on the iPhone.

Looks like most of my questions will be addressed. Definitely my first and third questions will be addressed. My second question will probably be addressed by the reduced size of the cache, but they didn’t actually word it exactly like I did. My fourth question is based on new research done at NC State, and it could take more than a few weeks to implement in Apple’s Core Location Framework. More interestingly, Apple decided to encrypt the cache on the iPhone. Encrypting the database is probably partly genuine concern for privacy and partly a move to break tools like iPhoneTracker. I’ll leave it to others to figure out which part weighed more heavily. In the meantime, I’m satisfied with this announcement.

I should end by noting that Android systems do the same sort of location tracking. If you’re interested in more and you have a technical bent to you, start here.