Security Architecture, Endpoint/Device Security, Endpoint/Device Security, Network Security, Security Strategy, Plan, Budget, Vulnerability Management, Governance, Risk and Compliance, Compliance Management, Privacy, Endpoint/Device Security, Endpoint/Device Security, Endpoint/Device Security

Apple issues iOS update to cool off tracking issue

Apple this week issued an update to its mobile operating system, iOS, to address rampant concerns that iPhone and iPad devices are collecting and storing information about users' locations.

The update, released Wednesday, fixes what Apple described as a “bug” that caused devices to store up to a year's worth of nearby Wi-Fi hotspot and cell tower data, which is used to quickly calculate an iPhone's location when requested for things like location-based applications. In addition, the update will prevent this data from being stored on iTunes when users back up their devices, as was previously the case.

The Cupertino, Calif.-based computing giant has faced widespread criticism after two researchers disclosed that its iPhone and iPad devices contain a file that logs, with a timestamp, users' longitude and latitude coordinates.

Apple has denied logging exact whereabouts but admitted it does record the geo-tagged locations of nearby Wi-Fi hotspots and cell phone towers, which is funneled into a massive database used to pinpoint an iPhone's location when requested.

"Calculating a phone's location using just GPS satellite data can take up to several minutes," Apple said. "iPhone can reduce this time to just a few seconds by using Wi-Fi hotspot and cell tower data to quickly find GPS satellites."

An unencrypted subset of this so-called “crowd-sourced” database is downloaded to each iPhone and iPad to assist with location calculation.

The update from Apple essentially reduces the size of the database cached on these devices, Apple said.

“If you install the update, the location data stored on your iPhone or iPad will reportedly only stretch back seven days,” Graham Cluley, senior security researcher at anti-virus firm Sophos, wrote in a blog post Thursday.

The update also corrects a separate programming error that caused phones to continue receiving this data, even after turning off location services.

Chenxi Wang, principal analyst at Forrester Research, who has criticized Apple over the location tracking issue, told in an email Friday that the update doesn't assuage all of her concerns.

“I find myself wishing that they'd let users eliminate the location logging altogether without the necessity of turning off location-based services,” she said. “They are many location-based services that are extremely useful to consumers. I don't see why the location logging can't be disabled by itself, without users having to sacrifice the other location-based services. “

The update, iOS 4.3.3, is available for the GSM version of the iPhone 4, which is supported by AT&T, as well as the iPhone 3GS, iPad devices and the third and fourth generations of the iPod touch. Apple issued a separate update – iOS 4.2.8 – for the CDMA version of the iPhone 4, which is supported by Verizon Wireless.

Apple also has promised to encrypt the Wi-Fi and cell tower data stored on each iPhone starting with the next major update of its iOS, a date for which was not announced.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.