Unless you’ve already switched off for Easter, it will have been hard to miss this week’s revelation that iPhones and 3G iPads have been keeping a record of their users’ movements.
A file, made more visible when Apple released iOS 4.0, contains an approximation of where you’ve been, and the date and time you were there. It’s synced to PCs when you connect them, and the data is unencrypted and unprotected.
Depending on when you updated the software, the file could contain up to a year’s worth of information. Anyone with the knowledge to “jailbreak” your iPhone, or access the backups on your PC, would be able to get hold of your precious information about where you’ve been and when.
Should iPhone tracking worry us?
But does this matter? While there’s no evidence that Apple (or anyone else) has been accessing this information, the fact that this data is available and unprotected has massive implications for people’s privacy.
The data, which is derived from phone mast triangulation (not the built-in GPS), has been available to law enforcement agencies and other legitimate organisations for years. However, it’s protected by the Regulation of Investigatory Powers Act, and as such requires a court order to access.
If you use an iPhone, however, merely stealing your phone or PC could give an investigator access to information previously protected by law.
The potential for abuse is massive – anyone with an axe to grind could use the information to their advantage. It’s not exactly hard to extract – the researchers who discovered the exploit have created a tool allowing people to do so and visualise it on a map.
An Apple accident, or entirely deliberate?
Moreover, while we’ve been promised a comment from Apple, they’re still yet to clarify why they collect this information, or why it’s totally unprotected. That means that, for the moment, we can only guess at why this data is being recorded. But it seems unlikely to be an accident, given that the location details recorded are transferred to new devices when customers upgrade.
If it does prove to be the case that this is no accident, then it’s disappointing that Apple deems it acceptable to record the private movements of its customers without encrypting this data.
While Apple does warn its customers that it will collect this data, it’s basically hidden within its terms and conditions. I seriously question whether this can be construed as informed consent.
In my mind, it’s bad enough that they collect the information in the first place – that it’s so open to abuse is nothing short of outrageous.