bit-tech.net

Apple promises to fix location data logging

Apple promises to fix location data logging

The iPhone stores data on Wi-Fi hotspots and cell towers to quickly find GPS satellites.

Apple has acknowledged that its iPhone devices have been storing up to a year's worth of location data, and has promised various fixes to resolve the 'bugs.'

In a statement on its website, Apple explained why iPhones had been storing users' location data and, in some cases, sending this information back to Apple.

The data refers to the logging of WiFi hotspot and cell tower data, which aids in the quick acquisition of a GPS location fix, also known as Assisted GPS. Without the data, relying on the GPS signal alone will result in a lengthy wait while your position is fixed.

The method has been used on nearly all mobile phones with position fixing, dating back to early devices such as the Nokia N95.

In the statement, Apple has said that many of the cell tower and WiFi hotspot locations 'may be located more than one hundred miles away from your iPhone'

The statement also went into more detail about a crowd-sourced database, which aids quick position fixing. According to Apple, 'iPhone(s) can reduce this time to just a few seconds by using Wi-Fi hotspot and cell tower data to quickly find GPS satellites, and even triangulate its location using just Wi-Fi hotspot and cell tower data when GPS is not available (such as indoors or in basements).

'These calculations are performed live on the iPhone using a crowd-sourced database of Wi-Fi hotspot and cell tower data that is generated by tens of millions of iPhones sending the geo-tagged locations of nearby Wi-Fi hotspots and cell towers in an anonymous and encrypted form to Apple.'


The company also explained that Apple was unable to use this data to locate iPhone users, claiming that 'this data is sent to Apple in an anonymous and encrypted form. Apple cannot identify the source of this data.'

However, the company has promised reduce the size of the crowd-sourced Wi-Fi hotspot and cell tower database cached on the iPhone in future updates. In the future, the cache will no longer be backed up, and phones will delete the cache entirely when Location Services is turned off. In the next major iOS software release, the cache will also be encrypted on the iPhone.

In what looks like a cross between an apology and a jibe at the consumer outrage following the discovery, Apple also added that 'users are confused, partly because the creators of this new technology (including Apple) have not provided enough education about these issues to date. '

Are you confused about the issue? Would you rather your location data wasn't stored in any way? Maybe you don't give a damn so long as your phone is always able to pinpoint your location quickly? Let us know in the forums.

27 Comments

Discuss in the forums Reply
coolius 28th April 2011, 12:44 Quote
At least with Android, Google have the sense not to store the data they collect unencrypted on the device!
John_T 28th April 2011, 13:24 Quote
Users are confused.

They're confused as to why large companies like Apple, Google, Sony and all the others don't seem to give a damn about the privacy of their customers. They're also confused as to why, when said companies are found out doing something clearly wrong, they then choose to patronisingly talk down to their customers as if we're a bunch of naughty five year olds.

Apple's explanation may describe (in their own best case scenario) why the information was sent, but is does not explain why it was kept for up to a year. Indignantly demanding that we just trust them is a bit rich, especially when this kind of information has to be forcibly dragged out of them kicking and screaming.

We're long overdue appropriate statutory legal rights for technology consumers - governments are decades behind the curve and it's just not good enough.
Xir 28th April 2011, 13:26 Quote
In other words:
"Darn, you found out errr...we'll make sure you don't see the data we collect on you anymore."
Hoorah!
wuyanxu 28th April 2011, 13:28 Quote
it's already fixed by a small install on Cydia store, the day this thing is reported.

Apple 0
Jailbreak 1
NiHiLiST 28th April 2011, 13:46 Quote
So as an iPhone user, if someone steals my phone or my laptop it's backed up to, they can see the rough localities the phone's been in? I'm not sure why there's such a ruckus about this.
steveo_mcg 28th April 2011, 13:56 Quote
I suppose if they also stole your keys it might help them break in but tbh its a bit of a thin argument. Personally can't say icare about this.
BentAnat 28th April 2011, 13:59 Quote
Everyone's overreacting to this, IMHO.
Apple says:
Quote:
7. When I turn off Location Services, why does my iPhone sometimes continue updating its Wi-Fi and cell tower data from Apple’s crowd-sourced database?
It shouldn’t. This is a bug, which we plan to fix shortly (see Software Update section below).

So there's a bug, and they're fixing it.
S*** happens.

As for WHY they would do that in the first place? Technological common sense prevails, combined with market understanding and trying to present the user with the best usability...

Not saying that Apple only had good intentions, but they're handling the situation in a way that takes the head out of the loop... and really - service providers track way more than that at any rate,
warejon9 28th April 2011, 14:34 Quote
I think the argument of why the data is so important is, if this is being stored on the phone, someone could then take it and see where you worked etc etc. Or they could sell the information on the black market. I think the bigger future problem if it was not fixed would be that if you had the "near communication" stuff on your phone, they would know where you could have spent it. Or it could just be a bit of invasion of privacy, would you like someone to have tracked you for over a year?
Woodspoon 28th April 2011, 14:47 Quote
Give us all your data's
Why not it worked for Sony
Oh wait....
John_T 28th April 2011, 14:57 Quote
Here's an interesting read from one of bit-tech's sister publications:

http://www.pcpro.co.uk/news/security/367048/apple-snooping-plot-thickens-iphone-tracker-was-patented

The idea behind this accidental 'bug' was patented by Apple in 2009.

Of course, that still doesn't mean it wasn't a genuine accident now. For example, I'll be having lasagne for my dinner tonight - and the only reason I'm having that is because I don't really have a lot else at home. My having lasagne tonight is not, in anyway shape or form, connected to the fact that I went out yesterday and bought mince, tomatoes, herbs and sheets of pasta.

Those two instances are entirely unconnected, and tonight I'm having lasagne because, purely by chance, those seem to be the only ingredients I have. Anyone who thinks I planned in advance to have my lasagne tonight is a tinfoil-hat wearing conspiracy theory freak who needs to stop seeing plots everywhere and get a life.

Familiar argument anyone...?
TWeaK 28th April 2011, 15:23 Quote
The real problem with all of this is that all of this information is stored unencrypted on the phone itself. Further, if you back up your iPhone, it'll be stored unencrypted on the computer you back up to. So, regardless of whether or not it is sent anonymously or encrypted to Apple, it's a massive breach in privacy and security of the phones' users.
eddtox 28th April 2011, 15:28 Quote
Why do we even care about this?
Xir 28th April 2011, 16:55 Quote
Quote:
Originally Posted by TWeaK
So, regardless of whether or not it is sent anonymously or encrypted to Apple, it's a massive breach in privacy and security of the phones' users.

As long as it's sent at all it's a security breach.
I for one would be even more worried when my computer decides it needs to make encrypted calls "for the greater good" ;)
azazel1024 28th April 2011, 17:20 Quote
The reason to care to greater or lesser degrees is that it is that much more information about yourself that could possibly be revealed. Knowing it is there, the amount and length of data and that is unencryped...don't you think people are going to start demanding it in things like child custody hearings, divorce cases, criminal cases, etc? What about the wife checking the file on your computer and noticing that you aren't at work like you've been claiming when you work late?

Way out on a limb here, but what about a crazy stalker hacking your computer and getting that location file, since it is backed up to any machines you connect your iPhone to. Just what you need, the crazy stalker to know you like to frequent starbucks around 1pm every friday.

Sure some of the "problems" go pretty far out on a limb, but it is still a potential loss of privacy. I think Google, Apple and others collecting the data, annonymously, is not a bad thing in anyway. I see how it has user advantages. Why any of this data would need to be stored on your phone at all, or more than a short term cache before it is sent to Apple/Google/etc is beyond me and I think is what presents the real privacy issues.

PS Telephone companies, at least in the US store where you are no matter the type of phone you have. They track the location of all active cellphones and the location that the last phone call was made to a fairly fine locus. They store that info for a very long time. This can help with 911 calls and search and rescues...but it is also a huge potential privacy issue. Though I think much less of one, and less objectionable then storing ALL you location information, ever just about, on your phone and on all machines that ever touch your phone.
leveller 28th April 2011, 19:12 Quote
Hyperbole.
jrs77 28th April 2011, 19:27 Quote
First of all, people shold get their facts staright.
  • Yes, iOS 4 collected the data and stored it on the phone.
  • No, iOS 4 it didn't sent any of that geodata to Apple.
  • Yes, Android-phones collect data aswell, but don't store it for you to read.
  • Yes, Android sends the geodata to google.
  • Yes, all mobile phones sent geodata to their respective carriers and this data get's stored for atleast 6 month and releases the information to the authorities if asked for.

And now I do question all people who are using any kind of social networks ala facebook or myspace etc why they do suddenly request privacy.

Fixing iOS, so that it doesn't store the geodata anymore does nothing to secure privacy at all, it only makes the data invisible to the customers allthough it's still being tracked by either the carriers or the companies.

And yes, these geodata is cruicial for tons of services, so that they can tell you where to find the next restaurant, theater or gas-station etc.
I allready hear the same people copmplaining currently scream, if those services suddenly are not available anymore when geodata isn't tracked anymore.
digitaldave 28th April 2011, 19:30 Quote
mobile phone operators keep a log of all this data and more and are required by law to keep a record of it for 4 years.

if you tick the encrypt back up tick box in itunes then you are fine.
leveller 28th April 2011, 19:31 Quote
I love that checking-in 'app' on Facebook:

Bob Jones checked-in at McDonalds Tamworth.

Sweet, that means his house is empty ...

disclaimer: in jest. I don't visit 'empty' houses!!
Sloth 28th April 2011, 20:05 Quote
Something I'm hoping for a little clarification on: is it storing actual GPS-esque data on your exact location, or just which cell towers and wi-fi hotspots you've used?

My understanding is that it's the latter, in which case why is it such as massive fuss? The original purpose seems obvious: you go to an area you've been before and it loads up the data so that you can reconnect quickly and experience better service. The only location a person could get is an area where all of the towers and hotspots you were connected to overlapped which may be quite a large area, particularly times when you're just on cell towers. Now, times when you're connected to something like a Starbucks wi-fi hotspot are a little more pinpointed but it's still hard to get paniced over.

Afterall, this is data a person would be getting after already having access to your phone, right? Your typical contacts list is far more damaging. At the very least you've just given away names and numbers to all of your friends, family and coworkers you keep in your phone. Matters just get worse if you use pictures for your contacts, or store addresses/birthdays/etc for them. Whoever stole your phone just has to look for the ones that all have the same last name or no last name entered and they've likely found any family members, finding co-workers is as simple as looking for ones with a number in the work number slot. Get even scarier and look up the names in a phone book and you've given away addresses to anyone who has themselves listed.

Not saying there's a good reason to leave it all unencrypted for a year, just that it's not life or death.
jrs77 28th April 2011, 20:47 Quote
Quote:
Originally Posted by Sloth
Something I'm hoping for a little clarification on: is it storing actual GPS-esque data on your exact location, or just which cell towers and wi-fi hotspots you've used?

Triangulation is the key. With three towers you get very exact coordinates of a mobile-phone, just like with GPS. Let's assume some 100m discrepancy, but that's still exact enough for most purposes.
When there's less then three towers around, then the coordinates can't be told that exactly anymore ofc, but that doesn't apply to well covered areas like cities.
InSanCen 29th April 2011, 08:18 Quote
With 3 towers to triangulate your position, it's going to be far nearer to 10M. Add into that known hotspots etc, and it's easy to pin down your location very accurately. I don't really care that the data is on the phone, but unencrypted, is just downright stupid, and why does apple need the data sent to them (and the article suggests that they did indeed have data sent back to them)? Call me a cynic, but location-based marketing was/is probably in the pipeline.
perplekks45 29th April 2011, 09:52 Quote
Quote:
Originally Posted by John_T
Here's an interesting read from one of bit-tech's sister publications:

http://www.pcpro.co.uk/news/security/367048/apple-snooping-plot-thickens-iphone-tracker-was-patented

The idea behind this accidental 'bug' was patented by Apple in 2009.

Of course, that still doesn't mean it wasn't a genuine accident now. For example, I'll be having lasagne for my dinner tonight - and the only reason I'm having that is because I don't really have a lot else at home. My having lasagne tonight is not, in anyway shape or form, connected to the fact that I went out yesterday and bought mince, tomatoes, herbs and sheets of pasta.

Those two instances are entirely unconnected, and tonight I'm having lasagne because, purely by chance, those seem to be the only ingredients I have. Anyone who thinks I planned in advance to have my lasagne tonight is a tinfoil-hat wearing conspiracy theory freak who needs to stop seeing plots everywhere and get a life.

Familiar argument anyone...?
rep++
Very well put there, mate. ;)
Quote:
Originally Posted by BentAnat
Everyone's overreacting to this, IMHO.
Apple says:


So there's a bug, and they're fixing it.
S*** happens.
Say your bank accidentally gives your account details to a 3rd party and says "oops, sorry, there was a bug... **** happens", what exactly would you say? Yes, I know this is far less serious than my example but the principle remains the same.




Quote:
Originally Posted by jrs77
First of all, people shold get their facts staright.
  • No, iOS 4 it didn't sent any of that geodata to Apple.
Why don't you go ahead and get your own facts straight first?
Quote:
Originally Posted by Apple on their website
5. Can Apple locate me based on my geo-tagged Wi-Fi hotspot and cell tower data?
No. This data is sent to Apple in an anonymous and encrypted form. Apple cannot identify the source of this data.
jrs77 29th April 2011, 15:12 Quote
Quote:
Originally Posted by perplekks45
Why don't you go ahead and get your own facts straight first?
Quote:
Originally Posted by Apple on their website
5. Can Apple locate me based on my geo-tagged Wi-Fi hotspot and cell tower data?
No. This data is sent to Apple in an anonymous and encrypted form. Apple cannot identify the source of this data.

That's not the same, as the data we're talking of here, the personal one that get's stored on your phone isn't sent to Apple.
The data being sent to Apple is hardware-based and not software-based and hence it is anonymous and encrypted by default. Apple, like any other manufacturer does this to see where there might be issues within the networks or to be able tracking down stolen devices based on it's hardware-ID. This is required by law actually, just like the carriers are required to save your personal data for a minimum of 6 month.

On the other side, the geodata sent by Android-phones back to google is tied to your google-account and not anonymous.

People really should investigate all the manufacturers and compare them before they start bashing Apple all over again for something that everyone else does aswell and sometimes even worse.
sub routine 30th April 2011, 16:44 Quote
Quote:
Originally Posted by eddtox
Why do we even care about this?

little by little they chip away at our civil liberties until suddenly they're doing us a favour, when really they should be doing what we tell them and giving us a service.
thehippoz 30th April 2011, 17:24 Quote
I always looked at it like- sheep get what they get xD

if your not doing anything shady, noone cares anyways.. and if you are, your iphone or anything that could track you including google is waiting to buttsecks you.. logs have been kept for quite some time- it's like the guy who strangles his wife, then police find out a month earlier he put in a search for ' how to strangle my wife'

there's a brainiac master villian..

best rule of thumb is always assume you are being tracked when using anything connected.. even how much electricity you use

if your not doing anything shady though nobody cares.. your isp has records of your one handed rodeos and could profile some guys easy- between that and gps alone they could piece together part of your day with your likes/dislikes between your isp and phone carrier

if you have something important or shady you need done.. or you need to brag about something illegal- and your text messaging.. you get what you get and like it!

to come back and say invasion of privacy.. more like your the next george micheal and some irish guy is going to be singing you to bed every night with dirty limericks
tristanperry 30th April 2011, 17:44 Quote
Another holier-than-thou, arrogant Apple act/statement. Sums the company up really.

Anywhoo, I find it amazing that a bug can just randomly happen to store all this data and another bug can just randomly transmit this data back to Apple...

It must be a coincedence though. These sorts of bugs are common. Y'know, the kind that spontaneously appear within the software and spontaneously store relatively complex geographical data and then spontaneously transmit it.

Happens to all programmers really.

(When - y'know - the company they work for tell them to write such code).

</Sarcasm>

Yep, Apple intentionally collected this data and now that they've been caught, they're trying to pass it off in a nonchalent manner. Which is annoying to see, but as I say, it sums up the company really.
soopahfly 4th May 2011, 12:13 Quote
I don't see what the big deal is.
Android does it too, as part of it's assisted GPS.

If it recognises hotspots and mobile cells it can use that to pinpoint you if you don't have GPS coverage.
http://samy.pl/androidmap/

Pop your wifi mac address in that, and see what it says.
Log in

You are not logged in, please login with your forum account below. If you don't already have an account please register to start contributing.



Discuss in the forums