Apple Testifies on Mobile Privacy, Location Cache Encryption Coming to iOS

[MacRumors]

As noted last week, Apple vice president Bud Tribble today participated in a U.S. Senate panel discussion of mobile privacy, particularly as it relates to location tracking. Tribble's appearance alongside Google's Alan Davidson and other experts and privacy advocates was supplemented with a new formal letter (PDF) from Apple to concerned legislators reiterating and expanding upon comments made several weeks ago as Apple sought to address public scrutiny of the issue.

During his testimony, Tribble took great pains to make clear that the iOS location database has not been tracking users' devices directly, instead containing information on nearby cell towers and Wi-Fi access points to aid the device itself in quickly determining its location for services relying on that information. Apple of course acknowledged several bugs that had allowed that local cache to grow larger than intended and prevented the information from being deleted when location services were disabled. Those bugs were addressed with last week's release of iOS 4.3.3.

Apple apparently plans to go further, however, noting that it will encrypt the downsized local cache as of the "next major release" of iOS. And Apple has already ceased backing up the cached access point location data to users' computers as part of the device backup process.

The local cache is protected with iOS security features, but it is not encrypted. Beginning with the next major release of iOS, the operating system will encrypt any local cache of the hotspot and cell tower location information.

Prior to the [iOS 4.3.3] update, iTunes backed up the local cache (stored in consolidated.db) as part of the normal device backup if there was a syncing relationship between the device and a computer. The iTunes backup, including consolidated.db, may or may not have been encrypted, depending on the customer's settings in iTunes. After the software update, iTunes does not back up the local cache (now stored in cache.db).

Senators also pressed Apple and Google on third-party applications, inquiring about how the companies address data collection and usage by third-party developers offering software for their platforms, as well as whether those developers should be required to publish explicit privacy policies regarding users' data.

In response, Tribble briefly explained Apple's App Store review process and noted that the company believes that developer privacy policies would not go far enough in informing users, sharing information on Apple's decision to include visual indicators within iOS telling users when their location is being accessed and which applications have accessed that information within the previous 24 hours.

On the topic of how Apple polices developers on what is done with that data after is collected, Tribble pointed to random audits of applications and their network traffic behavior, a reliance on user and blog reports of issues, and a fast response time to pull down apps exhibiting questionable behavior until those issues can be resolved.

Article Link: Apple Testifies on Mobile Privacy, Location Cache Encryption Coming to iOS

 

[aiqw9182]

You can watch it here:
http://cspan.org/Events/Congress-Looks-into-Protecting-Mobile-Privacy/10737421417-1/

 

[Ruahrc]

Honest question(s) here:

I have a 2nd generation ipod touch does not support iOS 4.3. Does my iPod touch still have the "location tracking" databse in it, and will an update become available for my old iPod touch to remove this database? When I plug my iPod into itunes, it does not show that an iOS update is available.

Or is this whole thing only centered around iPhones, with their cellphone radios? Obviously, my ipod touch cannot track cell towers...

ruahrc

 

[diamond.g]

It was an interesting hearing. I am curious to see the outcome of it. It kinda sounds like the gov wants Apple to adopt the Google Installation window to notify users of what data the app will want access to.

 

[42streetsdown]

i wonder if the "bugs" they talk about are actual bugs or if apple just didn't think those were a big deal.

 

[Doctor Q]

I'm guessing they were not bugs, but instead design flaws because little or no attention was given to the issue. Changing the design ("fixing the bugs") after the fact is better than nothing.

 

[Full of Win]

Wirelessly posted (Mozilla/5.0 (iPad; U; CPU OS 4_3_2 like Mac OS X; en-us) AppleWebKit/533.17.9 (KHTML, like Gecko) Version/5.0.2 Mobile/8H7 Safari/6533.18.5)

I hope they use Kleig Lamps at full power on these jokers. Make the searing heat of the lamps force the truth out of their well practiced script designed to give them and their privacy trampling employers plausible deniability.

 

[LegendKillerUK]

Honest question(s) here:

I have a 2nd generation ipod touch does not support iOS 4.3. Does my iPod touch still have the "location tracking" databse in it, and will an update become available for my old iPod touch to remove this database? When I plug my iPod into itunes, it does not show that an iOS update is available.

Or is this whole thing only centered around iPhones, with their cellphone radios? Obviously, my ipod touch cannot track cell towers...

ruahrc

It's only centred on devices with cellphone radios. So you are fine.

 

[dethmaShine]

To be honest, the Google guy had practically nothing to say.

 

[RalfTheDog]

I wonder if the changes will cause IOS devices to take longer getting an initial location?

 

[Full of Win]

Wirelessly posted (Mozilla/5.0 (iPad; U; CPU OS 4_3_2 like Mac OS X; en-us) AppleWebKit/533.17.9 (KHTML, like Gecko) Version/5.0.2 Mobile/8H7 Safari/6533.18.5)

Honest question(s) here:

I have a 2nd generation ipod touch does not support iOS 4.3. Does my iPod touch still have the "location tracking" databse in it, and will an update become available for my old iPod touch to remove this database? When I plug my iPod into itunes, it does not show that an iOS update is available.

Or is this whole thing only centered around iPhones, with their cellphone radios? Obviously, my ipod touch cannot track cell towers...

ruahrc

It's only centred on devices with cellphone radios. So you are fine.

Devices with cell radios, e.g. iPhone 3G, 3GS, 4 as well as the iPad 3G.

 

[kirky29]

I watched it all live earlier, it was interesting to see how Tribble handled the questions. Seems they would like both Google & Apple to ask Devs to have their own Privacy Policy, don't think many Devs would like that really.. It would be nice to get away from the 100 page agreements and more to the small 'every now and again' popups.

Mr Davidson got a little nervous talking about the patents! ;-)
But so would I, probably

 

[gnasher729]

Honest question(s) here:

I have a 2nd generation ipod touch does not support iOS 4.3. Does my iPod touch still have the "location tracking" databse in it, and will an update become available for my old iPod touch to remove this database? When I plug my iPod into itunes, it does not show that an iOS update is available.

Or is this whole thing only centered around iPhones, with their cellphone radios? Obviously, my ipod touch cannot track cell towers...

The honest answer: Why do you care? Do you intend letting anyone steal your iPod Touch? And if they steal it, what are the chances that anyone actually bothers checking what is in that cache? And if they actually bother checking, what are the chances that they could find anything that could be used against you?

I wonder if the changes will cause IOS devices to take longer getting an initial location?

Yes, if you turn on GPS in a location where you haven't been for a week or however long the cache lasts. I'd make the cache last 8 days so if you go to some place every week on the same day, it will be in the cache. I mean this is all damage limitation now, how to get the best possible performance while mollifying the clueless idiots who are afraid of non-existing dangers.

The irony is that this caching design (while only sending updates back to the central DB) is a better means of providing privacy from Apple as it cuts down on the traffic between the two and reduces the information they can glean indirectly if they were being malicious.

Well, plenty of clueless idiots who don't understand these things. I'd pick two random points up to three miles from your home and your place of work, then add all the information in a twenty mile radius, so there is plenty of information with no clue about your actual location, and your phone would never ask Apple for information.

 

[Krevnik]

I wonder if the changes will cause IOS devices to take longer getting an initial location?

Not really. The cache still holds for 7 days, which is enough for day-to-day operation. It'll get a little befuddled when on a vacation for a bit, but the end result is that when you do need to query Apple, it sends down a bunch of sites nearby so you don't have to query them again for a while. The timestamps in the cache will likely be such that if you commute in the same area most of the time, you populate the cache once and that's it.

The irony is that this caching design (while only sending updates back to the central DB) is a better means of providing privacy from Apple as it cuts down on the traffic between the two and reduces the information they can glean indirectly if they were being malicious.

 

[Consultant]

Apple uses user location to provide better experience.

Google uses user location as cash cow.

 

[Small White Car]

Wirelessly posted (Mozilla/5.0 (iPad; U; CPU OS 4_3_2 like Mac OS X; en-us) AppleWebKit/533.17.9 (KHTML, like Gecko) Version/5.0.2 Mobile/8H7 Safari/6533.18.5)

I hope they use Kleig Lamps at full power on these jokers. Make the searing heat of the lamps force the truth out of their well practiced script designed to give them and their privacy trampling employers plausible deniability.

Can we then turn them on you to finally learn the truth: That you're shorting Apple stock and merely come here to advance your own goals?

 

[bearcatrp]

I like how apple states it's a bug. BS. If you believe it's a bug, ihave some ocean front property in Iowa I can sell you, real cheap. The federal government should get a warrant and go into apple and see first hand exactly what apple is storing on users. Only way to make sure. But. Of course, they will just take their word on it. Similar to the tobacco company stating nicotine is not addicting. What a joke!

 

[rmwebs]

I watched it all live earlier, it was interesting to see how Tribble handled the questions. Seems they would like both Google & Apple to ask Devs to have their own Privacy Policy, don't think many Devs would like that really.. It would be nice to get away from the 100 page agreements and more to the small 'every now and again' popups.

Mr Davidson got a little nervous talking about the patents! ;-)
But so would I, probably

There is actually already an option to link to your own privacy policy for apps. The same goes for the EULA. You can upload your own. Its just that many developers including myself choose not to do so I guess.

 

[BaldiMac]

Yes, if you turn on GPS in a location where you haven't been for a week or however long the cache lasts. I'd make the cache last 8 days so if you go to some place every week on the same day, it will be in the cache.

The 8 day thing doesn't really matter. Unless you teleport into a location, your iPhone will likely already have cached the local access points before you actually open an app that requests your location.

 

[Cheerwino]

Wirelessly posted (Mozilla/5.0 (iPad; U; CPU OS 4_3_2 like Mac OS X; en-us) AppleWebKit/533.17.9 (KHTML, like Gecko) Version/5.0.2 Mobile/8H7 Safari/6533.18.5)

I hope they use Kleig Lamps at full power on these jokers. Make the searing heat of the lamps force the truth out of their well practiced script designed to give them and their privacy trampling employers plausible deniability.

Yeah, the politicians need a taste of their own medicine.

 

[ghostface147]

So I thought that 4.3.3 meant that the consolidated.db file was going to be shrunk to hold just 7 days of data from here on out. Yet when I run the program to look at it, it still shows my entire year's worth of travel???

 

[JHankwitz]

Big Deal?

I must live a pretty dull life. I can't think of anyplace I've gone with my iPhone in the past that would warrent concern over someone else knowing where I've been. Cell phone towers have been tracking me for about 5 years now, and I haven't found the need to complain or make a big deal about it. Is everyone else out there involved in covert national security operations, murders, or what?

 

[gnasher729]

So I thought that 4.3.3 meant that the consolidated.db file was going to be shrunk to hold just 7 days of data from here on out. Yet when I run the program to look at it, it still shows my entire year's worth of travel???

Why do you care? What are you afraid of? What is more likely, that you are struck by lightning, bitten by a poisonous snake, or that someone steals your iPhone, extracts this data, and manages to use it in a way that hurts you more than the first two risks?

I mean if someone gave me _exact_ locations where you have been for every second in the last year, how would I be able to use that against you?

 

[eastercat]

Nobody goes, "hey, steal my ipod!" It's normally the case that the thief is sneaky and catches us when we get distracted by life. Not everyone can do a Mad-Eye Moody and practice "constant vigilance." Also, it's usually not the person who steals your ipod that's interested in looking at your location data.
In California, the police can search your phone without your permission. If they are determined to railroad you, they can use your location information against you. With the precedent of CA, you can bet other police departments will try to commit the same illegal intrusions on your privacy.
The government does warrantless searches under the PATRIOT ACT. It's not just the usual Al Qaeda terrorists either that they're searching. If you protest the government (whether you're on the right or the left), you're considered a terrorist.
It's bad enough the government is trying to invade our privacy. We don't need companies like Apple to help them out.

The honest answer: Why do you care? Do you intend letting anyone steal your iPod Touch? And if they steal it, what are the chances that anyone actually bothers checking what is in that cache? And if they actually bother checking, what are the chances that they could find anything that could be used against you?

 

[BaldiMac]

Why do you care? What are you afraid of? What is more likely, that you are struck by lightning, bitten by a poisonous snake, or that someone steals your iPhone, extracts this data, and manages to use it in a way that hurts you more than the first two risks?

I mean if someone gave me _exact_ locations where you have been for every second in the last year, how would I be able to use that against you?

I don't understand this argument.

For one obvious example, if a battered woman's crazy ex-husband was able to find everywhere she's visited in the last year by stealing her iPhone, that's a problem. Extreme example, sure. But it's not always strangers that you have to worry about.

How about a simpler example. I take the iPhone given to me by my current employer and synced to my work computer to a job interview. Nothing wrong with that. But I don't want my current employer to know where I've been, but IT would have direct access to the location cache backed up on my computer.