/ Technology

Apple’s iPhone is tracking you. Yes, you should be worried

iPhone tracking from O-Reilly Radar

Unless you’ve already switched off for Easter, it will have been hard to miss this week’s revelation that iPhones and 3G iPads have been keeping a record of their users’ movements.

A file, made more visible when Apple released iOS 4.0, contains an approximation of where you’ve been, and the date and time you were there. It’s synced to PCs when you connect them, and the data is unencrypted and unprotected.

Depending on when you updated the software, the file could contain up to a year’s worth of information. Anyone with the knowledge to “jailbreak” your iPhone, or access the backups on your PC, would be able to get hold of your precious information about where you’ve been and when.

Should iPhone tracking worry us?

But does this matter? While there’s no evidence that Apple (or anyone else) has been accessing this information, the fact that this data is available and unprotected has massive implications for people’s privacy.

The data, which is derived from phone mast triangulation (not the built-in GPS), has been available to law enforcement agencies and other legitimate organisations for years. However, it’s protected by the Regulation of Investigatory Powers Act, and as such requires a court order to access.

If you use an iPhone, however, merely stealing your phone or PC could give an investigator access to information previously protected by law.

The potential for abuse is massive – anyone with an axe to grind could use the information to their advantage. It’s not exactly hard to extract – the researchers who discovered the exploit have created a tool allowing people to do so and visualise it on a map.

An Apple accident, or entirely deliberate?

Moreover, while we’ve been promised a comment from Apple, they’re still yet to clarify why they collect this information, or why it’s totally unprotected. That means that, for the moment, we can only guess at why this data is being recorded. But it seems unlikely to be an accident, given that the location details recorded are transferred to new devices when customers upgrade.

If it does prove to be the case that this is no accident, then it’s disappointing that Apple deems it acceptable to record the private movements of its customers without encrypting this data.

While Apple does warn its customers that it will collect this data, it’s basically hidden within its terms and conditions. I seriously question whether this can be construed as informed consent.

In my mind, it’s bad enough that they collect the information in the first place – that it’s so open to abuse is nothing short of outrageous.


Why is anyone surprised? It’s Apple and Steve.

My attention was directed earlier today to this article which tries to cut through some of the current hysteria about this topic in the press :


(sorry, can’t work out how to make this a clickable link)

It’s a bit technical but seems to be saying this is nothing to worry about.

Dear me, what a load of paranoia
“If you use an iPhone, however, merely stealing your phone or PC could give an investigator access to information previously protected by law.”
Anyone stealing my car, wallet or breaking into my house will have access to material protected by law.
Get a grip on yourself.

Interesting point kelpie.

The bit that many are getting upset about is that they weren’t aware that the phone was keeping tabs of their location, that it backed up to a computer when it synced, transferred across devices, and so on.

The point is this. To intentionally gather location data without openly and expressly informing the user is, to say the least, underhand. To not have an opt out, equally so.

You call the worry of data theft paranoia; considering how people are finding out, they can’t really be blamed for feeling that way.

too much of our information is “out there” – our information is sold on, bought, swapped, used in studies, used to price things that we have to buy or that we may want to buy (demographics)

people should learn to tell any business to mind their own business!

Phil says:
21 April 2011

Are the people most upset by this the same ones who tell everyone on Facebook/Twitter their every move?

To answer Phil’s question…NO, at least not all of them.

I like Phil’s point just above this – well said Phil.

I also agree very much with Paul Daly’s points, especially about the “openly and expressly” and “opt out” parts.

However, I would point out that whilst I think this is very underhand and reprehensible of Apple (a company that I have a lot of time for normally) it’s no different from what supermarkets have done with your loyalty cards for donkey’s years, nor from what people using Sat Nav’s could well be unwittingly engaging in – in both cases the technology is there and in the supermarkets’ case it is most definitely in use to track which branches you shop at, what time of day you shop, how much you spend, exactly what products you buy (let’s hope the bar codes are right so no one gets accused of buying something slightly embarrassing in the small hours rather than an innocent emergency loo roll), how often you shop, what payment methods you use, etc, etc.
Come to think of it it is also no different at all from what the banks, credit card providers and card reader companies have done ever since the EFT was invented (Wonder if that is another reason the banks want to abolish cheques???).

I think people are completely right to be angry about this and I think Apple needs to eat a very large humble pie whilst it explains to us exactly what it’s playing it, but whether that happens or not, Apple and the iPhone is just the tip of the “big brother” mountain.

Mark Ellam says:
26 April 2011

Are the Mobile Operators doing anything less knowing what cells you are connected to at any point in time ?

Fred says:
26 April 2011

All slightly scary I agree but if you encrypt your backup in iTunes this makes it much harder to extract the relevant file from your laptop. If you were really paranoid, You could delete the relevant file in the backup, replace it with an empty file of the same name, and then restore your phone from the backup. Job done, your record of locations is gone. Perhaps this database file shouldn’t be retained by the phone though….

Not the sort of ill informed hysteria one expects from the Consumers Association.

There’s bound to be an episode of CSI Vegas/new york/miami where this is the key in tracking down a super bad guy.

Any bets on how long till its aired?
Me, 4 months tops.

Charlotte says:
26 April 2011

I think the thing we need to be worried about is where this technology is going, not where it is now. It’s the innocuous beginnings of something which could be used in the future in a way we do not anticipate. Right now the technology exists to allow this, Apple aren’t doing anything that dangerous or insidious with it, so there is very little real opposition to it. The idea of your every movement being tracked becomes accepted over time, so long as your privacy appears to be maintained. In time a new ‘terror’ law is passed, or there is some other event which allows this information to be used in ways which we did not anticipate and quite probably do not like but by now it is too late to remove the technology, which has become all-pervasive and another dimension of our freedom is lost. Perhaps our employers will be able to track us to prevent absenteeism, they will know whether we are really at home, or enjoying a trip to the shops. It’s impossible to predict. I suppose the main thing for me is, just because it can be done, it doesn’t mean it should be done. Having a record of my movements does not benefit me as a consumer but the idea that products are made to benefit consumers is nothing more than a very powerful illusion.

It’s not just Apple. I believe Android phones are doing the same.

Peter Ford says:
27 April 2011

When considering whether it is “an Apple accident”, you might be interested in this Slashdot article, which points out that Apple actually has a software patent on doing exactly this kind of tracking.

(But don’t get me started on software patents.)

reptile1 says:
30 April 2011

I can only agree with Charlotte, the greater majority have let the ‘genie’ slither out of the bottle – a little like global warming and have actively embraced it without a thought to the future. Invasion of privacy is now casually accepted as long as ‘it aint mine’ and commerce, industry and goverment will continue to confidently tell us it’s for our benefit – the greater good, the big society etc – take yer pick and good luck trying to stuff it back in the bottle!

If you didn’t know, Apple has a released a new update for its iOS-based products in reply to this tracking criticism.

The update reduces the size of cache to just seven days of data, prevents it being transferred to your PC, and allows the function to be turned off when Location Services are turned off in the settings menu.

Apple has promised a future update will make the location file encrypted, making it more. Done and dusted then?


This comment was removed at the request of the user