It turns out that all our iPhones are keeping a record of everywhere you’ve been since June. This data is stored on your phone (or iPad) and computer, easily available to anyone who gets their hands on it.
And now, we’re wondering whether the same goes for our other smartphones. The opt-in wording of phone location service agreements is pretty nebulous (as agreements tend to be). When starting up a fresh Android, you’re prompted to agree to the following: “Allow Google’s location service to collect anonymous data. Collection will occur even when no applications are running.” We asked Google what exactly this meant, and they refused to answer on the record whether this “anonymous” location data is logged persistently, a la iPhone. But, importantly, unlike the iPhone, it appears to be totally opt-in for users. We’ve also reached out to Apple, BlackBerry-maker RIM, and Microsoft for similar clarifications, but haven’t gotten a response yet.
We know that AT&T and other mobile phone providers can always store this data, for any mobile phone. And law enforcement can get to it when they need to. But I don’t want this information bouncing around on my computer and in pocket, too, for no good reason, with no way to opt out. That’s just not right.
The privacy startle, apparently enabled by this winter’s iOS 4 release, was discovered by two security researchers, one of whom claims he was an Apple employee for five years. They’re equally puzzled and disturbed by the location collection: “By passively logging your location without your permission, Apple have made it possible for anyone from a jealous spouse to a private investigator to get a detailed picture of your movements,” they explain. All it would take to crack the information out of your iOS device is an easy jailbreak. On your computer, the information can be opened as easily as JPEG using the mapping software that the security experts have made for download – try it yourself.
The data itself is jarringly accurate. Even though it appears to rely on tower triangulation rather than GPS pinpointing (meaning you’re not safe with location services switched off), the map I was able to generate with mapping software the security duo released visualises my life since the day I bought my iPhone 4 in July. Everywhere I’ve been. Bus trips home. Train trips to visit family. Holidays. Places I’d forgotten I’d even gone. Zoom in on that giant blotch over New York, and you can see my travels, block by block. My entire personal and professional life – documented by a phone I didn’t know was also a full-time location logging device. It’s all accessible – where I’ve been, and when. (The animated software doesn’t show location linked to any duration of less than a week, so it can’t be used to snoop that closely. But the actual underlying database is timed to the second.) I don’t really have anything to hide, which is why I don’t mind sharing my map above. But at least let me turn this tracker off.
For now, there is no fix. The only way to remove it from your computer is to wipe your back up files from your computer. But then you have no back ups to restore your phone in case you lose it. And every time you sync your computer, though, it’ll create a new file. And if you do lose your phone, all your tracking data goes with it, right into the hands of whoever found it. And if you upgrade your phone to the next iPhone, the location tracking history goes with it.
Until Apple stops doing this, or explains why they are doing it, I don’t feel safe. I feel weird having all this data that I don’t want recorded on my iPhone, and so do others. Maybe they’re doing it for the government. Maybe they’re doing it because they’re forced to. So far, the researchers have found no proof that the information is being transmitted to remote servers hosted by Apple or the feds. Right now There’s no evidence of that at all – that’s the good news. But that’s still a lot of information on our phones about where we’ve been, whether or not we want it. [Pete Warden via The Guardian]
Update: Security expert Kevin Mitnick says he’s “Quite shocked and disturbed” by the revelation, noting that the logged data could be of great interest to a variety of entities – prying spouses, private investigators, and, he reckons, the government. He speculates that the existence of the log itself “could have been at the request of the government”, as such data “can’t be used for advertisements. It seems to me more to be a governmental request.” He added, “I like to know what my device is doing.” And, that the phone’s logging of data was in this case like “carrying around a bug and a tracker at the same time”.
Update 2: Google has declined to comment on the regard as to the exact nature of their locational data collection.