Apple Testifies on Mobile Privacy, Location Cache Encryption Coming to iOS

[Popeye206]

"If [you] remember right" - then why is there a file in my back-up? iOS 4.2
I suppose you're wrong

If nothing is transmitted, then why is the data accumulated and why have Apple-executives lied about it along the way?

if you can run 4.2, then you can run 4.3. So I don't get your point.

They have explained it why it exists. It was there so that your iPhone could anticipate the next tower location by knowing where they are.

Apple has only lied in your eyes because you expected a different answer. I'm sure you think they're up to something diabolical evil plan.

 

[Becordial]

"consumers want and expect their mobile devices to be able to quickly and reliably determine their current locations"

OK, so how doesn't that track people's locations?

 

[diamond.g]

Does the same in iOS....

It's not about that.... it's about the data that is sent to Google and Apple in the background that's sends general information for mapping and traffic updates. Opting out on an app does not stop this data from being sent. You have to shut off all location services to not send this data. But, keep in mind, this data is not ID'd to your phone. They just know that a Android or iPhone is in a general area. Google actually was more precise by sending GPS data and they sent info evert 15 minuets or so. Apple only sent evert few hours.

Also, on the iPhone, a local file that is not shared was being kept that tracked towers so it could anticipate where towers are when you're out and about. But people are upset because this file existed and by some outlandish turn of events someone could get this info and use it to see where you've been.

That's what all this is about. Silly... and it's going to hurt us now that the government is involved and wants to regulate it.

Actually when you install an application on an Android device the application is supposed to tell you upfront what personal data the app will access. If you decide that you don't want the app to have access to say your contacts list then you do not install the app. This was disclosed during the hearing. It is the feature they implied they wanted Apple to adopt. That was why Tribble mentioned a long popup window that was inelegant.
The location information is crowd sourced. Again it was said during the hearing by Tribble, that is how the phone is able to get a quick location without using the GPS. Think SkyHook. The only way to get that information, to be able to send it to the phones in the first place, is to get it from every iPhone.

I like how they tried bringing up the PSN breach.

if you can run 4.2, then you can run 4.3. So I don't get your point.

Odd, no one I know with a 3g can run 4.3...

 

[Popeye206]

Actually when you install an application on an Android device the application is supposed to tell you upfront what personal data the app will access. If you decide that you don't want the app to have access to say your contacts list then you do not install the app. This was disclosed during the hearing. It is the feature they implied they wanted Apple to adopt. That was why Tribble mentioned a long popup window that was inelegant.
The location information is crowd sourced. Again it was said during the hearing by Tribble, that is how the phone is able to get a quick location without using the GPS. Think SkyHook. The only way to get that information, to be able to send it to the phones in the first place, is to get it from every iPhone.

I like how they tried bringing up the PSN breach.

Odd, no one I know with a 3g can run 4.3...

Point one... I don't get your response? Again, if an App wants to use your location, you are asked if you want to give it. So... it's opt in or opt out. Your choice. As for when you use maps and want to pin-point your location, again, you're opting in for that because you're asking for it. Of course, your location has to be shared at that point. So... your point?

Point two... that's my point. A 3G iPhone should not have the log. It was stated by Apple it was a file introduced in 4.X to improve tower switching.

 

[Thunderhawks]

LOL! I sooooo disagree. My goodness... do they need to disclose every single cached file for every application? Maybe our government will insist on a 10 page document in 2pt type disclosing all the file structure techniques for every application on your phone, on your computer, etc...

You just love to find something to complain about.

Like I said before... want my file? I'll give it to you. Tell me where I live and send you a $50 gift certificate for dinner. Just mail me a self addressed return envelope and I'll send you the gift card.

This is so freak'n ridiculous.

+1 and YAWN!

What a non issue blown out of proportion.

What is funny is that without some kind of tracking none of the cell phones work.

While none of us has a proof, my theory is that Apple didn't consider it important enough to tinker with and until pointed out probably estimated how big the cache should be not realizing that it would be able to store years of locations.
As for "bug" I don't think they were up to an evil plan, but I maintain that when I switch something OFF , I have to be able to trust that it is OFF.

That in itself is disappointing and why that is possible is something Apple should look into..

 

[Popeye206]

"consumers want and expect their mobile devices to be able to quickly and reliably determine their current locations"

OK, so how doesn't that track people's locations?

You know, we should just disable all mapping capabilities from all phones. This way we can all be safe.

Oh... wait... that's right, your location is tracked by the phone companies with ALL PHONES... hummm... let's get rid of cell phones all together.

I wish someone could present a real world scenario where all this information is hurting us or puts us in danger.

Given it's been there for years, the only people I know that have had issues with it is criminals that get their location data from the cell companies used against them in court to show they were in the area of a crime at a certain time.

 

[diamond.g]

Point one... I don't get your response? Again, if an App wants to use your location, you are asked if you want to give it. So... it's opt in or opt out. Your choice. As for when you use maps and want to pin-point your location, again, you're opting in for that because you're asking for it. Of course, your location has to be shared at that point. So... your point?

Point two... that's my point. A 3G iPhone should not have the log. It was stated by Apple it was a file introduced in 4.X to improve tower switching.

You are saying what Apple does and what Google does is the same and I am saying it isn't (in reference to how they let a user know what data is being sent back to the app dev). I then also mentioned that the location data that was in that file come from Apple, who actually gets it from us. Hence Tribbles use of the term Crowd Sourced.

An iPhone 3G owner will have the file since they can run 4.2. You don't remember the fallout over Apple "slowing down" 3G's with the 4.0/4.1 update?

 

[Popeye206]

+1 and YAWN!

What a non issue blown out of proportion.

What is funny is that without some kind of tracking none of the cell phones work.

While none of us has a proof, my theory is that Apple didn't consider it important enough to tinker with and until pointed out probably estimated how big the cache should be not realizing that it would be able to store years of locations.
As for "bug" I don't think they were up to an evil plan, but I maintain that when I switch something OFF , I have to be able to trust that it is OFF.

That in itself is disappointing and why that is possible is something Apple should look into..

If what Apple said is true... that the local log file was used by the phone to remember and anticipate your next cell tower to help with cell performance... then I could see why they would not disable it, or even consider this to be harmful. They saw it as just a cache of data that was helpful for the phone's performance.

Having been a product manager for several large software products, I could see how this file probably didn't even go under consideration as being an issue. But, now that they see people don't like it, they've changed it. Personally... it does not both me. The data is worthless as to how it could be harmful to me.

But of course... the conspiracy theory people want to turn this into some diabolical scheme by Apple to control everything.

 

[gnasher729]

Anyone who supports this nazi idea to monitor people, companies and politicians is totally a criminal minded character becuase it allows them to know where who ever they want to murder, assassin or rob is.

Ok, so someone steals my phone out of my pocket, and then they extract this data from my phone to find out roughly where I have been, in order to find me. Don't be stupid, if they pick my phone, they _know_ where I am.

This data cannot possibly tell anyone where I am. Think about it: They need my phone to access the data. Either I am where my phone is, then they know where I am already. Or I am not with my phone, then the phone doesn't know my current location.

And you think anyone who disagrees with you is a "criminal minded character"?

 

[Popeye206]

You are saying what Apple does and what Google does is the same and I am saying it isn't (in reference to how they let a user know what data is being sent back to the app dev). I then also mentioned that the location data that was in that file come from Apple, who actually gets it from us. Hence Tribbles use of the term Crowd Sourced.

An iPhone 3G owner will have the file since they can run 4.2. You don't remember the fallout over Apple "slowing down" 3G's with the 4.0/4.1 update?

LOL! have you looked at the location file? It does NOT come from Apple. It's cell tower pings recorded locally. No one is sending you that info, the phone is making it. It's like your web browser cache.

And again... point 2... if they can run 4.1, 4.2 now you're telling me they can't run 4.X with the change? What is your point????

 

[scoobydoo99]

The real point is that there are plenty of idiots who get all excited and don't understand risks and don't understand _what_ they should fear. They get excited about data that isn't actually accessible to anyone by themselves, and that couldn't be used to hurt them except in their craziest phantasies if it was accessible, when there are plenty of real dangers.

There are ten million credit card numbers in the hands of some hacker. There is some vague location information that is in the hand of the people who rightfully own it.




You are confusing "privacy concerns" with "forensic evidence".

Amusing that you have a complete lack of understanding of the privacy concerns here. My credit card number and it's security are of NO concern to me! What is the worst that can come of someone stealing my CC number? Citi or Chase eats some fraud losses! I won't ever pay a cent of that. So my total exposure there is the inconvenience of having to wait 5 days for a new card in the mail. You probably believe it when Chase declines a large purchase and makes you call them because their "fraud detection unit" thought the charge was suspicious and they locked your card to "protect you." What a crock. This propaganda that CC security is for YOUR protection was concocted by corporations to convince you to acquiesce in ever more draconian restrictions and limitations on CC use, ultimately to improve the corporate bottom line.

Now, an electronic record of my movements is the very definition of a "privacy concern." You may believe that it is a phantasy [sic], but there are millions of people who suddenly find themselves being scrutinized by the government (law enforcement or otherwise.) One cannot wait until the information has been used against them - then it's too late! The point is, if the information is recorded and maintained, it is a potential threat. It is easy to allow a surveillance infrastructure to be built up with the justification "They aren't using this against me, it is just for (such and such) benign purposes." Once the infrastructure is in place, it will be quite easy for those controlling it to use it for any purpose they desire.

BTW, I don't think this trend, and the overall direction we are heading, can possibly be changed, so the cell phone tracking issue really doesn't matter much in the overall picture. I just think it's interesting to see people's mental processes that allow them to justify the actions of those who would exploit them.

 

[dethmaShine]

LOL! have you looked at the location file? It does NOT come from Apple. It's cell tower pings recorded locally. No one is sending you that info, the phone is making it. It's like your web browser cache.

And again... point 2... if they can run 4.1, 4.2 now you're telling me they can't run 4.X with the change? What is your point????

I don't understand that.

iPhone 3G is stuck on iOS 4.2.

If I was using my old 3G with iOS 4.2, how would Apple patch that? Is there something I'm missing?

 

[diamond.g]

LOL! have you looked at the location file? It does NOT come from Apple. It's cell tower pings recorded locally. No one is sending you that info, the phone is making it. It's like your web browser cache.

And again... point 2... if they can run 4.1, 4.2 now you're telling me they can't run 4.X with the change? What is your point????

Then Tribble misstated, because I am just repeating what he said.

Point 2: If Apple said they fixed the issue for iPhone users but left out all the people that can run 4.0, 4.1, and 4.2 but not 4.3 then they didn't fix the issue for all affected users. It was an affirmation of permols statement about 4.2 users (which would include 3G ppl) having the file as well, but no fix.

 

[BaldiMac]

How is your boss going to get the file on your iPhone or on your back-up???

It's a work phone that syncs with a work computer. IT would have complete access to the file without needing the phone at all.

You are assuming that the iPhone tracks your exact location witch it does not. All the IT department would see is that you where in an area of the city where you where registered with several Cell towers. So unless you are trying to get a job at McDonalds or Starbucks, witch is the only business with several locations within a few miles of each other. Your employer would never now what building, what floor or how long you were there for.

Wow. Of course you can figure out an "exact" location, probably within less than 50 feet. Each entry in the cache has a time stamp. At 5:04pm if you were in range of three cell towers and a couple wifi networks, it would be pretty simple to triangulate your location. And I've already mentioned that WiFi networks already put your location within 100-150ft by themselves.

If you go to your largest competitor for an interview leave your phone in your desk, at home, turn it off, drain the battery so it shuts down before you leave work.

These are some of the ideas generated by a ten year old to solve the theoretical question of not being tracked by your cellphone. Seems some people want to find a bogeyman to the exclusion of all reason and commonsense.

That would be another way to deal with the problem. I prefer Apple's response.

 

[pleasebleed]

Remind me again where Senator Franken, et. al. feel that they have the authority and/or expertise to intervene in business relationships that I willingly got involved in with both a mobile service provider and a phone manufacturer?

If I don't like what apple and/or google is doing, I DO retain the option NOT to purchase their products or use their services.

I think it is utter BS that I can go to congress to force these companies to make products that may or may not like better than what I currently have.

I feel much better with Apple tracking my location than the US federal government. At least I can quit Apple.

 

[bikemonkey]

But the privacy concerns were real and appropriate.

Not really, because this so called 'tracking' data is only sent from the iPhone, to the tower/hotspot and back to the iPhone again. It doesn't go anywhere else or to anyone else.

If people are so worried about their spouse getting hold the of the cache then they could encrypt the backup. Much like privacy mode in browsers. And for almost four years it was a non-existent issue, so you can't argue Apple should have warned you. Since it became public knowledge Apple have responded promptly and appropriately. Unfortunately, some people are still caught up in the sensationalism and false 'hype'. There is nothing incriminating in this data unless you are deliberately doing something untrustworthy (and even then it's not definitive proof), and that's not Apple's responsibility.

Unless there is irrefutable proof that this information was able to be, or simply obtained by Apple and/or third party companies then the the only real concern is for those who are insecure in their relationships - and that has nothing to do with iPhones at all.

 

[scoobydoo99]

No warrant needed. The information is on your iPhone, not Apple servers. Just do an unencrypted backup, then use a hex editor to view the file.

I think he meant we have no way of knowing what's on Apple's servers. Yes, we know how to view the information that is stored on the phone. How much of the location data is recorded/stored by Apple is certainly up for debate.

Just use a lock code on your phone. you may not have a reasonable expectation of privacy when your phone is open, If it is password protected, you do.

Really?? If you think that your iPhone password cannot be defeated, you are quite naive. Certainly, any government agency that is interested could easily do so. I don't know how you think that constitutes an expectation of privacy. The issue is NOT about some sort of routine access to our locations, the issue is that such data is even STORED in the first place. Once stored, it becomes basically a warrantless search just waiting to be accessed anytime law enforcement wants.

Retrieves the data? I was under the impression the data is only stored on your phone and never transmitted.

See above.

 

[PhantomPumpkin]

Wirelessly posted (Mozilla/5.0 (iPad; U; CPU OS 4_3_2 like Mac OS X; en-us) AppleWebKit/533.17.9 (KHTML, like Gecko) Version/5.0.2 Mobile/8H7 Safari/6533.18.5)

I hope they use Kleig Lamps at full power on these jokers. Make the searing heat of the lamps force the truth out of their well practiced script designed to give them and their privacy trampling employers plausible deniability.

You're just a regular ball o' sunshine aren't ya?

Show me how Apple has violated my privacy. Please, enlighten me. Having towers mapped to a file does not violate my privacy in any way. If you can show me Apple having this data, specifically relating to me, being sent to them and used, I'm all ears.

Until then, please shut up about it.

 

[PeterQVenkman]

LOL! have you looked at the location file? It does NOT come from Apple. It's cell tower pings recorded locally.

You keep leaving out wireless networks.

I am confused about googles involvement here... It pops up a warning when you turn on location services telling you "Allow Google's location service to collect anonymous location data. Collection will occur even when no applications are running." Isn't that enough of a disclaimer? Thats why i always leave it off... and just use gps. Any apps that use your location in android tell you so when you install it. Am I missing something here??

Yes. Turning off location services didn't stop this from happening on the iPhone due to a "bug."

As for "bug" I don't think they were up to an evil plan, but I maintain that when I switch something OFF , I have to be able to trust that it is OFF..

+1 for agreement. I don't think it was nefarious, simply a way to help heighten their experience and their ad network (due to their recent patents). At the end of the day I don't believe Apple intended any harm other than enhancing ad networks and ecommerce. While that is not bad, I like to be able to opt out of that. Especially when they say I have the choice to do so in my system settings.

If you can show me Apple having this data, specifically relating to me, being sent to them and used, I'm all ears.

Until then, please shut up about it.

That was their plan in the future.


A patent in 2009:

http://www.cultofmac.com/apple-applied-for-a-patent-on-location-tracking-in-2009/92839


Also try googling Patent application 12/553,554 (I think this is from March of this year)

http://www.google.com/search?client...=1&bav=on.2,or.r_gc.r_pw.&fp=1d235a6140172b6d

 

[ciTiger]

I see a new set of rules to emerge on the following months... I hope the end user get's something Useful out of this!

 

[Popeye206]

It's a work phone that syncs with a work computer. IT would have complete access to the file without needing the phone at all.

If it's a work phone and a work computer, they have every right to see anything on your device. If you're doing things with company equipment you're not suppose to be doing, then shame on who? Apple or yourself?

 

[BaldiMac]

Not really, because this so called 'tracking' data is only sent from the iPhone, to the tower/hotspot and back to the iPhone again. It doesn't go anywhere else or to anyone else.

Actually, the data comes from Apple, but that's not the problem.

If people are so worried about their spouse getting hold the of the cache then they could encrypt the backup.

Sure. But i prefer Apple's solution.

And people weren't aware of the cache before this issue was brought to light, so they wouldn't have known to encrypt the file.

Much like privacy mode in browsers. And for almost four years it was a non-existent issue, so you can't argue Apple should have warned you.

The issue was introducted with iOS 4.0, so it's been less than a year.

Since it became public knowledge Apple have responded promptly and appropriately. Unfortunately, some people are still caught up in the sensationalism and false 'hype'.

I agree with you completely. I don't think Apple did anything nefarious. I just think it was a privacy concern. Apple agreed and addressed the bugs that were the real issue.

There is nothing incriminating in this data unless you are deliberately doing something untrustworthy (and even then it's not definitive proof), and that's not Apple's responsibility.

That's a BS argument. There are plenty of legal and appropriate things to do that you don't want certain people to know about. Despite Google's position, it isn't only bad things we do that we would like to keep private.

Unless there is irrefutable proof that this information was able to be, or simply obtained by Apple and/or third party companies then the the only real concern is for those who are insecure in their relationships - and that has nothing to do with iPhones at all.

Luckily, Apple disagreed with you since they took steps to address the privacy issues and referred to them as bugs.

If it's a work phone and a work computer, they have every right to see anything on your device. If you're doing things with company equipment you're not suppose to be doing, then shame on who? Apple or yourself?

What is with these petty arguments? In the example I used, an employee takes his current work iPhone with him to interview for a job at another company. Completely appropriate. He is supposed to carry his work iPhone with him everywhere. That's why it was issued. He's not doing anything wrong.

If location services is off, doesn't he have a reasonable expectation that his trip would not be stored on the device and accessible to the company through his backup? Obviously, Apple though so. That's why they corrected the problem.

 

[Popeye206]

You keep leaving out wireless networks.

I'm leaving it out because it's not a factor in the local file. The local file that has everyone "up in arms" only shows towers. Here's proof.

The image below is a screen shot from the iPhone tracker app. It's a years worth of data showing. Note the blue circle. I live there. Note the red dot. That is the closest point to my house that was recorded - 5 to 6 blocks away. No dot on my house showing my wifi connection. It's not tracking that. It's for cell tower switching as Apple has stated.

People are lumping in what happens with location services and what this local files is. They are not the same. Location services will use your wifi to help pin point you better. But that you have to ask for.

 

[BaldiMac]

I'm leaving it out because it's not a factor in the local file. The local file that has everyone "up in arms" only shows towers. Here's proof.

The image below is a screen shot from the iPhone tracker app. It's a years worth of data showing. Note the blue circle. I live there. Note the red dot. That is the closest point to my house that was recorded - 5 to 6 blocks away. No dot on my house showing my wifi connection. It's not tracking that. It's for cell tower switching as Apple has stated.

People are lumping in what happens with location services and what this local files is. They are not the same. Location services will use your wifi to help pin point you better. But that you have to ask for.

http://www.apple.com/pr/library/2011/04/27location_qa.html

"it’s maintaining a database of Wi-Fi hotspots and cell towers around your current location."

"The location data that researchers are seeing on the iPhone is not the past or present location of the iPhone, but rather the locations of Wi-Fi hotspots and cell towers surrounding the iPhone’s location"

 

[redAPPLE]

To be honest, the Google guy had practically nothing to say.

as the saying goes, if you don't have nothing good to say, don't say anything (or to that effect).