Two security researchers discovered a location history database last week that is built into the Apple iOS 4 software, which is currently available on the Apple iPhone and iPad.
The location history information is saved to a file, stored both on the device and on a user’s computer, when they sync or back it up on iTunes. According to a statement released on the Apple website April 27, the information is also sent to Apple in an anonymous, encrypted form.
Issa Araj, a software engineering senior currently enrolled in the iOS development class, said there are GPS receivers on the phone that, even when “Location Services” are turned off, track the user’s location using coordinates from cell triangulation towers.
“There are GPS receivers on the iPhone and on all smart phones for that matter,” Araj said. “When the GPS is turned off (by the user) the location data is still taken but it is not as precise as if the GPS was turned on.”
The statement by Apple said the devices should not be logging year’s worth of locations like they have been; so in recent weeks, iPhone users can expect an update to fix the bug.
Political science associate professor Shelley Hurt is concerned about users being unknowingly tracked by downloading the latest iOS software.
“The troubling thing about this is that even if individuals thought they had turned off the GPS, this file still tracks every movement,” Hurt said. “And what makes this worse is that apparently law enforcement has developed the capacity to get that data from the phone.”
Hurt said the big question is what this means in terms of users being able to protect themselves from incrimination.
“Apple claims that these things are just for commercial purposes but what if the tracking information became available for, let’s say, a victim of domestic violence?” Hurt said. “It opens Pandora’s box.”
With the addition of the new update, the phone will only log locations for up to seven days, according to the statement.
But computer science assistant professor John Bellardo said he agreed that it is not the saving of the data on the phone that is the problem; it is the fact that others could potentially access it that makes the public nervous.
“Apple’s best bet would be to provide better access control without necessarily losing the optimization of the applications,” Bellardo said. “If the data was encrypted and secure so it would not be available to law enforcement or other parties, I think the public would be at ease.”
Many people were not exactly sure why a file that stores more than 1,000 movements a day even exists, Hurt said.
According to Apple, the file was not necessarily logging people’s locations but maintaining a database of Wi-Fi hotspots and cell towers around each phone’s current location to help the iPhone accurately calculate its location when requested in a relatively quick manner.
Regardless of whether or not the intention of the file was to track people, there were cases in which law enforcement did use the file in order to identify the location of a person. Hurt said she believes this technology brings up more than just a technological issue.
“Technology and political science are embedded,” Hurt said. “This deserves more attention not just from engineers but from the political science department as well.”
The attention that Hurt is calling for may elevate in the near future with the news that two people are now suing Apple over what they say was unlawful location tracking, according to an article published in The Washington Post.
Bellardo said people have a reason to be upset but that the location tracking was probably there for performance reasons, which Apple eventually said it was.
“I have a feeling that it is just part of the back-up procedure and the file is just one of the many that gets backed up on your computer,” he said. “I could come up with a lot of scenarios where (the file) could improve performance of applications.”
Bellardo said the iPhone saving user locations is relatable to Web browsers saving past search options.
“Saving data like this is just a common optimization,” Bellardo said. “If this is an invasion of privacy, I think it is extraordinarily minor.”
In the statement, Apple said it uses location as a factor in targeting advertisers, but a user’s location is not shared with any third party or advertiser without the user’s approval.
The new update should delete the cache entirely when “Location Services” is turned off, according to Apple.
But even though people are concerned about privacy as a result of the GPS, they are still sharing personal information as social networks, Araj said.
“Obviously I think that if users don’t want it, the GPS shouldn’t be tracked, but a lot of people give up information on social media any way via Facebook and Foursquare so it’s a really tough subject,” Araj said.
Even with Apple’s recent statement, the jury is out on whether or not the file violated citizens’ rights.
“Right now we are stumbling in the dark to figure out what everything means,” Hurt said. “There are just so many implications of this data being used against us and we need to be able to find a way to protect ourselves from incrimination if this data were to ever be used.”
According to Apple, the new free update coming next week will do just that by reducing the size of the location database cached on the iPhone, cease backing up this cache and delete it when “Location Services” is turned off.