Security Architecture, Endpoint/Device Security, Endpoint/Device Security, Network Security, Security Strategy, Plan, Budget, Vulnerability Management, Governance, Risk and Compliance, Compliance Management, Privacy, Endpoint/Device Security, Endpoint/Device Security, Endpoint/Device Security

Apple responds to data collection concerns

After remaining silent for a week following criticism that its iPad and iPhone devices are collecting and storing information about users' locations, Apple has opened up about its procedures.

The Cupertino, Calif.-based computing giant denied logging users' locations but said it does record the geo-tagged locations of nearby Wi-Fi hotspots and cell phone towers, which is funneled into a massive database used to quickly calculate an iPhone's location when requested for things like location-based applications.

"Calculating a phone's location using just GPS satellite data can take up to several minutes," Apple said. "iPhone can reduce this time to just a few seconds by using Wi-Fi hotspot and cell tower data to quickly find GPS satellites."

The company has faced heat in recent days from concerned consumers, privacy advocates and lawmakers after two researchers disclosed that Apple devices running iOS version 4, the company's mobile operating system, contain a file that logs, with a timestamp, users' longitude and latitude coordinates.

“Apple is not tracking the location of your iPhone,” the company said in its statement. “Apple has never done so and has no plans to ever do so.”

“The iPhone is not logging your location.”

– Apple
But Apple has promised to release a software update within the next few weeks to change the way it stores the data on iPhones. The company discovered what it described as a “bug” that caused devices to store up to a year's worth of this information, and promised to provide a fix for the issue in a future update.

“We don't think the iPhone needs to store more than seven days of this data,” the company said.

The Wi-Fi and cell tower data stored on each iPhone also will be encrypted starting with the next major update of its iOS, for which a timeframe was not provided. Additionally, Apple said the update will fix another programming error that caused phones to continue receiving this data, even after turning off location services.

But Chenxi Wang, principal analyst at Forrester Research, told in an email Wednesday that she wasn't satisfied by Apple's response.

Specifically, it failed to disclose how the company accesses the file on users' phones, whether there is authentication involved and how it prevents other apps on the phone from accessing the data.

“I do believe that some of the public outrage is due to the fact that there wasn't ample explanation on Apple's part as to why the logging is happening, or the fact that it is happening in the first place,” Wang wrote. “What I'd like to see is how soon they release a fix to correct the bugs.”

How Apple uses the data

Confirming several security researchers' suspicions, Apple said the data gleaned from tens of millions of iPhones enhances the functionality of its smartphones by decreasing the amount of time it takes to find a phone's location from several minutes, using GPS satellite data alone, to a few seconds, using the Wi-Fi hotspot and cell tower information, Apple said.

The data is transmitted to Apple anonymously and in encrypted form. Consequently, Apple cannot locate a user based on the data sent from their phone, the company said. An unencrypted subset of this so-called “crowd-sourced” database is then downloaded to each iPhone to assist with location calculation.

“The location data that researchers are seeing on the iPhone is not the past or present location of the iPhone but rather the locations of Wi-Fi hotspots and cell towers surrounding the iPhone's location, which can be more than one hundred miles away from the iPhone,” Apple said.

Meanwhile, last week researchers revealed that Google also regularly transmits the location data of Android smartphones back to a central server. The search giant has said any location data sent back to the company is anonymized and not traceable to users.

Both Google and Apple have drawn the attention of U.S. and foreign lawmakers over the data collection issue. Representatives from both companies have been summoned to appear before the Senate Judiciary Subcommittee on Privacy, Technology and the Law for a hearing to discuss mobile privacy, scheduled for May 10.

Responding to the furor over the iPhone disclosures, Apple CEO Steve Jobs told the technology website All Things Digital in a phone interview on Wednesday that with its rapid pace of innovation, the technology industry has made some mistakes on the user education side.

“As new technology comes into the society, there is a period of adjustment and education,” Jobs told the website. “We haven't, as an industry, done a very good job educating people, I think, as to some of the more subtle things going on here. As such, [people] jumped to a lot of wrong conclusions in the last week.”

Jobs added that Apple representatives plan to testify before Congress to further clarify the issue.

Forrester's Wang said she believes companies are “gradually losing the grip on consumer privacy.”

Going forward, this issue will amplify as even more innovative devices are developed that promise to offer advanced features, but perhaps at the expense of privacy, she added. In the long run, consumers may have to decide between better services or more privacy.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.