Coverage of the iPhone tracking "feature" has ranged from concern to outrage. "I don't know about you, but the fact that this feature exists on an iPhone is a deal-killer," wrote PCMag Columnist John Dvorak, shortly after news broke. PCMag Executive Editor Dan Costa drew a softer line, writing, "Apple may not be actively tracking you, but it did turn your phone into a tracking device without telling you."
As frustrating as it is to learn that your iPhone has been spying on you, collecting an unencrypted treasure trove of your travels, the truth is we knew this was happening. Last June we reported that Apple updated its privacy policy, stating that it could, "collect, use, and share precise location data, including real-time geographic location of your Apple computer or device." How precise that location data is remains in question. What is clear, however, is that the update arrived alongside the release of iOS 4—the OS affected by the tracking feature—and identified the four devices (iPhone 3G, iPhone 3GS, iPhone 4, and iPad with 3G) affected by the tracking feature.
I'm not about to give Apple a pass on disclosure or execution. Who combs through an Apple privacy statement when the latest iOS software awaits? And, to "collect" and "share" user data is one thing; to retain it in an unprotected file is quite another.
However, I think it's important that, with a few days' hindsight, we move beyond the bombast, pin down the facts, and see what's actually there. To do this, I've taken a close look at what's at risk and, in empirical spirit, borrowed fellow PCMag software analyst Jeff Wilson's iPhone 3GS to see what I could learn of the man and the travels using Pete Warden's iPhoneTracker app.
UPDATE: While I tested the tracking feature using the OS X-based iPhoneTracker, Windows users can access their data using iPhoneTrackerWin.
What and Who Is At Risk?
First, the bad news: if you're running iOS 4, your location-based data—latitude and longitude coordinates, coupled with timestamps—is stored on your phone in a file called "consolidated.db;" that file is automatically transferred to any machines with which you sync (and back up), and it's probably flowing back to Apple in some form or another. The worse news: if you haven't encrypted your backups, that data is unprotected.
Now, for the not-so-bad news. There's no confirmation that that data is leaving your custody and no evidence that Apple's harvesting it towards nefarious ends. More likely, it's being used for two things: Apple's reportedly tapping location information to build a database, which may actually be for your own good; and other apps, such as Maps, require geo-locational data to play. To halt both in their tracks, you can disable Location Services.
World
Furthermore, the data is far from "precise." In fact, Apple's data collection is both inconsistent and imprecise. Rather than using GPS, location information logged in consolidated.db is determined by triangulation via cell-phone towers, a notoriously loose method. Update times run the gamut, left to the whims of cell-phone towers and phone activity. Finally, the location data available on your phone is limited by several variables:
* it dates back to the release of iOS 4, less than one year;
* only affects iPads with 3G or the iPhone 3G, 3GS, and 4;
* while data is timed to the second on your iPhone, you can only browse within a single week of activity using Pete Warden's iPhoneTracker application
The final point is important: let me show you why. (Click "Next" below to keep reading.)
No comments:
Post a Comment