Apple responds to the iPhone tracking issue, say they aren’t tracking you


Graphic of iPhone location data displayed on a map. Image courtesy Pete Warden and Alasdair Allan.

Graphic of iPhone location data displayed on a map. Image courtesy Pete Warden and Alasdair Allan.

It’s been a bad few days for privacy in the tech world. First, researchers in the U.S. discover that Apple’s iPhone and iPad 3G have been keeping extensive records on the whereabouts of their users, and then Sony’s 70 million+ member PlayStation Network was hacked, compromising sensitive user data. In both cases, folks are questioning the companies’ responses.

After several days of waiting, Apple has now provided their version of events. The company essentially denies any wrong-doing while acknowledging that some people might be more sensitive to having this data collected than others, so they are planning some changes to how this data collection works. Steve Jobs also provided Mobilized with an exclusive interview on the issue today where he reiterates these points.

How satisfied you are with their answers largely comes down to how much you trust Apple’s good intentions. If you believe – as I do – that there is no invasion of privacy involved in how the data is collected and used, Apple’s response will likely satisfy you and you can now move on with your day.

If on the other hand, you are suspicious of Apple’s motives, their Q&A might raise more questions than it answers. For instance, why were users not told that their iPhones were collecting anonymous and encrypted data about Wi-Fi hotspots and cell towers and then sending that data back to Apple? And why were they not given the ability to opt-out? It seems to be standard practice in the software world to acquire a users permission before transmitting anonymous usage data back to a publisher (Microsoft and Google are just two examples) which makes it hard to believe that Apple simply forgot to include this step. You can see why they might not want to give the option – the data they receive, even in an anonymous and encrypted state is a virtual gold mine.

Time for you to decide…. below is the release in full. If you still have questions, throw them in the comments and we’ll do our best to get some answers, though Apple often refuses to comment on issues such as this beyond their official releases.

April 27, 2011

Apple Q&A on Location Data

Apple would like to respond to the questions we have recently received about the gathering and use of location information by our devices.

1. Why is Apple tracking the location of my iPhone?

Apple is not tracking the location of your iPhone. Apple has never done so and has no plans to ever do so.

2. Then why is everyone so concerned about this?

Providing mobile users with fast and accurate location information while preserving their security and privacy has raised some very complex technical issues which are hard to communicate in a soundbite. Users are confused, partly because the creators of this new technology (including Apple) have not provided enough education about these issues to date.

3. Why is my iPhone logging my location?

The iPhone is not logging your location. Rather, it’s maintaining a database of Wi-Fi hotspots and cell towers around your current location, some of which may be located more than one hundred miles away from your iPhone, to help your iPhone rapidly and accurately calculate its location when requested. Calculating a phone’s location using just GPS satellite data can take up to several minutes. iPhone can reduce this time to just a few seconds by using Wi-Fi hotspot and cell tower data to quickly find GPS satellites, and even triangulate its location using just Wi-Fi hotspot and cell tower data when GPS is not available (such as indoors or in basements). These calculations are performed live on the iPhone using a crowd-sourced database of Wi-Fi hotspot and cell tower data that is generated by tens of millions of iPhones sending the geo-tagged locations of nearby Wi-Fi hotspots and cell towers in an anonymous and encrypted form to Apple.

4. Is this crowd-sourced database stored on the iPhone?

The entire crowd-sourced database is too big to store on an iPhone, so we download an appropriate subset (cache) onto each iPhone. This cache is protected but not encrypted, and is backed up in iTunes whenever you back up your iPhone. The backup is encrypted or not, depending on the user settings in iTunes. The location data that researchers are seeing on the iPhone is not the past or present location of the iPhone, but rather the locations of Wi-Fi hotspots and cell towers surrounding the iPhone’s location, which can be more than one hundred miles away from the iPhone. We plan to cease backing up this cache in a software update coming soon (see Software Update section below).

5. Can Apple locate me based on my geo-tagged Wi-Fi hotspot and cell tower data?

No. This data is sent to Apple in an anonymous and encrypted form. Apple cannot identify the source of this data.

6. People have identified up to a year’s worth of location data being stored on the iPhone. Why does my iPhone need so much data in order to assist it in finding my location today?

This data is not the iPhone’s location data—it is a subset (cache) of the crowd-sourced Wi-Fi hotspot and cell tower database which is downloaded from Apple into the iPhone to assist the iPhone in rapidly and accurately calculating location. The reason the iPhone stores so much data is a bug we uncovered and plan to fix shortly (see Software Update section below). We don’t think the iPhone needs to store more than seven days of this data.

7. When I turn off Location Services, why does my iPhone sometimes continue updating its Wi-Fi and cell tower data from Apple’s crowd-sourced database?

It shouldn’t. This is a bug, which we plan to fix shortly (see Software Update section below).

8. What other location data is Apple collecting from the iPhone besides crowd-sourced Wi-Fi hotspot and cell tower data?

Apple is now collecting anonymous traffic data to build a crowd-sourced traffic database with the goal of providing iPhone users an improved traffic service in the next couple of years.

9. Does Apple currently provide any data collected from iPhones to third parties?

We provide anonymous crash logs from users that have opted in to third-party developers to help them debug their apps. Our iAds advertising system can use location as a factor in targeting ads. Location is not shared with any third party or ad unless the user explicitly approves giving the current location to the current ad (for example, to request the ad locate the Target store nearest them).

10. Does Apple believe that personal information security and privacy are important?

Yes, we strongly do. For example, iPhone was the first to ask users to give their permission for each and every app that wanted to use location. Apple will continue to be one of the leaders in strengthening personal information security and privacy.

Software Update

Sometime in the next few weeks Apple will release a free iOS software update that:

• reduces the size of the crowd-sourced Wi-Fi hotspot and cell tower database cached on the iPhone,

• ceases backing up this cache, and

• deletes this cache entirely when Location Services is turned off.

In the next major iOS software release the cache will also be encrypted on the iPhone.

Advertisements

20 comments

  1. Tony Fortunato

    Wow, this must have hit a nerve with Apple. Or someone over there caught on that this could snowball into a bigger PR issue.

    The realease sounds more like damage control with some unfortunate odd, or conflicting wording.

    For example, they print “it’s maintaining a database of Wi-Fi hotspots and cell towers around your current location, some of which may be located more than one hundred miles away”

    Why would current location include data from points 100 miles away. I’m sure I’m missing something, but logic would dictate that they simply use the signal strength of current cell and Wi-fi signals to determine if they are in range.

    They also mention,”Apple is now collecting anonymous traffic data to build a crowd-sourced traffic database with the goal of providing iPhone users an improved traffic service in the next couple of years.”

    “Our iAds advertising system can use location as a factor in targeting ads.”

    So if it is anonymous, how can they target your phone with these ads?

    Love the part where they dismiss the historical collection as a ‘bug’.

    I’m sure there will be more dialogue as the questions get more attention.

    Like

    • Norm

      I’d like to start by saying, no I’m not a big Apple defender though I do like their iPhone and iPad I don’t own a Mac.

      As to your point cell twers 100 miles away. To triangulate your position you need at least three data points, as I leave my remote community where the next gas station is 120 miles away those remote towers can be used as part of the e-911 should I be in an accident and they need to find me. That use is a guess on my part but the reality of living in a remote community gives me a certain perspective.

      The anonymous traffic data? Your guess is as good as mine. Am I paying for this on my data plan?

      The iAds target your phone as in the closest pizza place is two blocks away, not me as in Apple knows I like pizza.

      The bug part? I’m with you, Apple should have just said “whoops, my bad.” :)

      Like

      • Cory

        100 Miles? Good Gravy…I don’t think the phone has that kind of reach unless I’m reading it wrong…

        Like

  2. Chazz

    I never have, nor, ever will I own a cell phone. I’m just waiting to hear a Wikileaks story on how homeland security, FBI, CIA etc are in bed with Apple to track ‘person’s of interest’.

    Like

  3. TRS

    Why it is so hard to admit that they made mistake?
    i do own an Iphone and other units made by other company but why if this big companies made mistake they having hard time to swallow it and admit it….
    i’m suprise the there is not much reply for those who called themselves Apple die hard Fan… against their favorite toys.

    Like

    • Apple Exposed

      They are having trouble admitting they made a mistake, because the only mistake then made was GETTING CAUGHT.

      They claim it’s a bug; but Sept 2009 they filled a patent application (#20110051665) for this exact feature.

      Like

  4. bigbrother

    not true aple is of course trying to cover its ass!they collect and sell data collected from the apps and from its so called location services!
    look at class action suit in california!!!!
    the app providers ,itunes and apple themselves collect and sell all the information they can get from the,app and itunes user ,look at the itunes agreement!
    its a criminal enterprise technology based under the disguise of improving service !not!!!!!!!
    look up the cse in california !it should be made illegal for any software designer ,cell phone maker to have it in their agreement of usage to forfeit your right to privacy in order to use the device or software.!

    Like

  5. bigbrother

    oh did i forget to mention !you are paying for the upload of the data they are collecting without your permission,.
    thats called theft of service!they use up your data plan to take the data !this includes the use of internet through wifi as well ,if you have a capped bandwith you may find that you may go over your limit and have to pay extra at the end of the month for usage! not to mention the cell [hone service provider is also doing this as well!

    Like

  6. aqif

    so what if they do? what’s the issue here? or just something to make the front page (free advertising)Come on people chill out, you being paranoid. Who cares where you and your iphone are located? (other than your mother, of course)

    Like

    • adolph

      you missing the point aqif, we are such losers that have no life other than wireless applications and it means a lot to us if the guys at apple are watching our meaningless life and laughing their ass off

      Like

  7. Jules

    Hm. This reminds me of another unpublished (non-existant) database….let me think now…..ah yes, FACEBOOK.

    Like

  8. Bob

    Simply because of the basic knowledge reflected in their responses, I have difficulty putting my full trust in the technology folks at Apple. Apple is a huge and complex information technology company presumably staffed by data management and technology experts. How much expertise do they have in data management if they don’t know that the word “data” is plural? Datum is the singular form. I would feel more comfortable about a tech’s response that says “These data are sent to Apple in an anonymous …” rather than “This data is sent to Apple in an anonymous …” No, it’s not a small point. Would you want your brain surgery done by a neurosurgeon or by someone who doesn’t know the names of your brain parts? C’mon, get with the program, Apple.

    Like

    • Simon Cohen

      Bob, I’m genuinely surprised that this use of the English language bothers you so much. You might just be the first person I’ve encountered since leaving university a lifetime ago, who insists that the word “data” must only be used as a plural. Apple is a consumer electronics company, not an economic think-tank. Their use of the word data is entirely appropriate given the audience they are speaking to. I think it’s time to acknowledge that, much like the hyphen in ‘e-mail,’ datum’s time has come and gone, leaving us with data. Lots and lots of data. :-)

      Like

  9. Sam Patwegar

    Apple in its next software upgrade is addressing almost all the problems which appear to be at the root of this controversy.

    1.The size of cache will be modified to store no more than seven days worth of data
    2.Users who turn off Location Services will have their cache deleted/emptied
    3.Data on cache will be encrypted making it harder for anyone to misuse the data
    4.Apple would also cease backing up the cache on iTunes

    Like

  10. mikail

    So the researchers who found this were able to decrypt an Apple encryption which stores users location? wow.
    This also explains why the networks crash every time an Iphone is launched/introduced..its because they collect and send more data!

    Like

    • Simon Cohen

      Actually the file was not encrypted, that’s why the researchers were able to read its contents so easily. You can choose to encrypt it if you want, but you have to select that option in iTunes.

      Like

  11. Pingback: Smart phone data collection: Read the fine print | Sync™ Blog
  12. Pingback: Apple releases iOS 4.3.3, includes location tracking 'bug fix' | Sync™ Blog
  13. Pingback: Wi-Fi location tracking is hard to escape | Sync™ Blog
  14. Pingback: Carrier IQ's invasive tracking software found on smartphones everywhere | Sync™ Blog