/ Technology

Apple’s iPhone is tracking you. Yes, you should be worried

iPhone tracking from O-Reilly Radar

Unless you’ve already switched off for Easter, it will have been hard to miss this week’s revelation that iPhones and 3G iPads have been keeping a record of their users’ movements.

A file, made more visible when Apple released iOS 4.0, contains an approximation of where you’ve been, and the date and time you were there. It’s synced to PCs when you connect them, and the data is unencrypted and unprotected.

Depending on when you updated the software, the file could contain up to a year’s worth of information. Anyone with the knowledge to “jailbreak” your iPhone, or access the backups on your PC, would be able to get hold of your precious information about where you’ve been and when.

Should iPhone tracking worry us?

But does this matter? While there’s no evidence that Apple (or anyone else) has been accessing this information, the fact that this data is available and unprotected has massive implications for people’s privacy.

The data, which is derived from phone mast triangulation (not the built-in GPS), has been available to law enforcement agencies and other legitimate organisations for years. However, it’s protected by the Regulation of Investigatory Powers Act, and as such requires a court order to access.

If you use an iPhone, however, merely stealing your phone or PC could give an investigator access to information previously protected by law.

The potential for abuse is massive – anyone with an axe to grind could use the information to their advantage. It’s not exactly hard to extract – the researchers who discovered the exploit have created a tool allowing people to do so and visualise it on a map.

An Apple accident, or entirely deliberate?

Moreover, while we’ve been promised a comment from Apple, they’re still yet to clarify why they collect this information, or why it’s totally unprotected. That means that, for the moment, we can only guess at why this data is being recorded. But it seems unlikely to be an accident, given that the location details recorded are transferred to new devices when customers upgrade.

If it does prove to be the case that this is no accident, then it’s disappointing that Apple deems it acceptable to record the private movements of its customers without encrypting this data.

While Apple does warn its customers that it will collect this data, it’s basically hidden within its terms and conditions. I seriously question whether this can be construed as informed consent.

In my mind, it’s bad enough that they collect the information in the first place – that it’s so open to abuse is nothing short of outrageous.

Comments
Profile photo of gdavidbeck
Member

Why is anyone surprised? It’s Apple and Steve.

Profile photo of colin c
Member

My attention was directed earlier today to this article which tries to cut through some of the current hysteria about this topic in the press :

https://alexlevinson.wordpress.com/2011/04/21/3-major-issues-with-the-latest-iphone-tracking-discovery/

(sorry, can’t work out how to make this a clickable link)

It’s a bit technical but seems to be saying this is nothing to worry about.

Profile photo of sealdriver
Member

Dear me, what a load of paranoia
“If you use an iPhone, however, merely stealing your phone or PC could give an investigator access to information previously protected by law.”
Anyone stealing my car, wallet or breaking into my house will have access to material protected by law.
Get a grip on yourself.

Profile photo of paul daly
Member

Interesting point kelpie.

The bit that many are getting upset about is that they weren’t aware that the phone was keeping tabs of their location, that it backed up to a computer when it synced, transferred across devices, and so on.

The point is this. To intentionally gather location data without openly and expressly informing the user is, to say the least, underhand. To not have an opt out, equally so.

You call the worry of data theft paranoia; considering how people are finding out, they can’t really be blamed for feeling that way.

Profile photo of frugal ways
Member

too much of our information is “out there” – our information is sold on, bought, swapped, used in studies, used to price things that we have to buy or that we may want to buy (demographics)

people should learn to tell any business to mind their own business!

Member
Phil says:
21 April 2011

Are the people most upset by this the same ones who tell everyone on Facebook/Twitter their every move?

Profile photo of dave
Member

To answer Phil’s question…NO, at least not all of them.

Profile photo of dave d
Member

I like Phil’s point just above this – well said Phil.

I also agree very much with Paul Daly’s points, especially about the “openly and expressly” and “opt out” parts.

However, I would point out that whilst I think this is very underhand and reprehensible of Apple (a company that I have a lot of time for normally) it’s no different from what supermarkets have done with your loyalty cards for donkey’s years, nor from what people using Sat Nav’s could well be unwittingly engaging in – in both cases the technology is there and in the supermarkets’ case it is most definitely in use to track which branches you shop at, what time of day you shop, how much you spend, exactly what products you buy (let’s hope the bar codes are right so no one gets accused of buying something slightly embarrassing in the small hours rather than an innocent emergency loo roll), how often you shop, what payment methods you use, etc, etc.
Come to think of it it is also no different at all from what the banks, credit card providers and card reader companies have done ever since the EFT was invented (Wonder if that is another reason the banks want to abolish cheques???).

I think people are completely right to be angry about this and I think Apple needs to eat a very large humble pie whilst it explains to us exactly what it’s playing it, but whether that happens or not, Apple and the iPhone is just the tip of the “big brother” mountain.

Member
Mark Ellam says:
26 April 2011

Are the Mobile Operators doing anything less knowing what cells you are connected to at any point in time ?

Member
Fred says:
26 April 2011

All slightly scary I agree but if you encrypt your backup in iTunes this makes it much harder to extract the relevant file from your laptop. If you were really paranoid, You could delete the relevant file in the backup, replace it with an empty file of the same name, and then restore your phone from the backup. Job done, your record of locations is gone. Perhaps this database file shouldn’t be retained by the phone though….

Member
David Litchfield says:
26 April 2011

Not the sort of ill informed hysteria one expects from the Consumers Association.

Profile photo of chris
Member

There’s bound to be an episode of CSI Vegas/new york/miami where this is the key in tracking down a super bad guy.

Any bets on how long till its aired?
Me, 4 months tops.

Member
Charlotte says:
26 April 2011

I think the thing we need to be worried about is where this technology is going, not where it is now. It’s the innocuous beginnings of something which could be used in the future in a way we do not anticipate. Right now the technology exists to allow this, Apple aren’t doing anything that dangerous or insidious with it, so there is very little real opposition to it. The idea of your every movement being tracked becomes accepted over time, so long as your privacy appears to be maintained. In time a new ‘terror’ law is passed, or there is some other event which allows this information to be used in ways which we did not anticipate and quite probably do not like but by now it is too late to remove the technology, which has become all-pervasive and another dimension of our freedom is lost. Perhaps our employers will be able to track us to prevent absenteeism, they will know whether we are really at home, or enjoying a trip to the shops. It’s impossible to predict. I suppose the main thing for me is, just because it can be done, it doesn’t mean it should be done. Having a record of my movements does not benefit me as a consumer but the idea that products are made to benefit consumers is nothing more than a very powerful illusion.

Profile photo of xrayspex
Member

It’s not just Apple. I believe Android phones are doing the same.

Member
Peter Ford says:
27 April 2011

When considering whether it is “an Apple accident”, you might be interested in this Slashdot article, which points out that Apple actually has a software patent on doing exactly this kind of tracking.
http://apple.slashdot.org/story/11/04/26/1758220/iPhone-Tracking-Ruckus-Ongoing

(But don’t get me started on software patents.)

Member
reptile1 says:
30 April 2011

I can only agree with Charlotte, the greater majority have let the ‘genie’ slither out of the bottle – a little like global warming and have actively embraced it without a thought to the future. Invasion of privacy is now casually accepted as long as ‘it aint mine’ and commerce, industry and goverment will continue to confidently tell us it’s for our benefit – the greater good, the big society etc – take yer pick and good luck trying to stuff it back in the bottle!

Profile photo of Patrick Steen
Member

If you didn’t know, Apple has a released a new update for its iOS-based products in reply to this tracking criticism.

The update reduces the size of cache to just seven days of data, prevents it being transferred to your PC, and allows the function to be turned off when Location Services are turned off in the settings menu.

Apple has promised a future update will make the location file encrypted, making it more. Done and dusted then?

secure.http://www.which.co.uk/news/2011/05/apple-issues-update-to-fix-tracking-bugs-252707/

Profile photo of duncan lucas
Member

I know this is an old convo but the reason I am posting on it is that Andy,s fears after 5 years have been realised- how prophetic ! – give that man a gold watch ! –Latest news – 18-11-2016 . As Apple users think- great company keeping our data safe+secure —uh no ! Russian digital forensic firm Elcomsoft has blown that apart IPhone and other IOS devices have been automatically sending customers data -call histories to iCloud if syncing is turned on –without the users knowledge -you only need to have it enabled -CEO- Vladimir Katalov told the Intercept. Phone numbers, dates, times+call duration-logs of missed/bypassed calls -stored for 4 months -stands to assist US LAW enforcement officials-aka -FBI/CIA /you name it, who can obtain direct access to the logs with a court order +calls which take place on Face Time on IOS also sent to ICloud . This goes back to at least iOS 8.2 + even calls made with Skype=Whats App +Viber get sent to server – Apple ACKNOWLEDGE this happens -stating it is iNTENTIONAL -no opt out unless user disables syncing completely -Apple isnt alone Android phones + Windows mobile do the SAME . There you have it, what have I been shouting about to criticism ? that all your data under the NEW International data transfer introduced rules goes to US servers where US government has FULL control over it -cue the –if you have anything to hide brigade –but thats not the point –and you know it as you have the intelligence to know it. AND as I have been saying and business tech also have –iCloud secure ? — dont make me laugh !