MacTech.com

iOS security issue giving Apple a big, black eye

Apple once blasted Big Brother. Now some folks think it’s becoming Big Brother with concerns over the company’s “spying” features in iOS 4, a matter that’s giving the company a big black eye. Maybe two.

Security researchers at Privacy International (https://www.privacyinternational.org) says that iOS 4 keeps track of where you go and saves every detail of it to a secret file on the device which is then copied to the owner’s computer when the two are synchronized, according to “The Guardian” (http://macte.ch/RcpCR).

Like many others, US Senator Al Franken isn’t happy with the situation, which he says raises “serious privacy concerns.” He’s sent a letter — which you can read in its entirety at http://www.franken.senate.gov/files/letter/110420_Apple_Letter.pdf– to Apple CEO Steve Jobs. Franken asks the following questions:

° Why does Apple collect and compile this location data?

° Why did Apple choose to initiate tracking this data in its iOS 4 operating system?

° Does Apple collect and compile this location data for laptops?

° How is this data generated (GPS, cell tower triangulation, WiFi triangulation, etc.)?

° How frequently is a user’s location recorded? What triggers the creation of a record of someone’s location?

° How precise is this location data? Can it track a user’s location to 50 meters, 100 meters, etc.?

° Why is this data not encrypted? What steps will Apple take to encrypt this data?

° Why were Apple consumers never affirmatively informed of the collection and retention of their location data in this manner? Why did Apple not seek affirmative consent before doing so?

° Does Apple believe that this conduct is permissible under the terms of its privacy policy?

° To whom, if anyone, including Apple, has this data been disclosed? When and why were these disclosures made?

On a personal note, I find Apple’s conduct extremely disturbing. I certainly won’t be purchasing that Verizon iPhone until Apple answers these questions and gets its act together on its privacy policies.

The company has always boasted about its dedication to protecting its customers’ privacy. Heck, with Apple’s digital subscription policy for the iPad, Apple has ensured a publisher can learn the name, e-mail address and zip code of in-app subscribers only if the user agrees to share that information. Evidently, Apple isn’t applying those concerns over our privacy to its own conduct and policies.

Some background info: the file found by Privacy International contains the latitude and longitude of the phone’s recorded coordinates along with a timestamp, meaning that anyone who stole the phone or the computer could discover details about the owner’s movements using a simple program, the article adds.

“Apple has made it possible for almost anybody — a jealous spouse, a private detective — with access to your phone or computer to get detailed information about where you’ve been,” says Pete Warden, one of the researchers.

Only the iPhone records the user’s location in this way, say Warden and Alasdair Allan, the data scientists who discovered the file and are presenting their findings at the Where 2.0 conference in San Francisco on Wednesday, says “The Guardian.”

“Ever since iOS 4 arrived, your device has been storing a long list of locations and time stamps. We’re not sure why Apple is gathering this data, but it’s clearly intentional, as the database is being restored across backups, and even device migrations,” says Allan (http://macte.ch/lRqW2). “The presence of this data on your iPhone, your iPad, and your backups has security and privacy implications. We’ve contacted Apple’s Product Security team, but we haven’t heard back. What makes this issue worse is that the file is unencrypted and unprotected, and it’s on any machine you’ve synched with your iOS device. It can also be easily accessed on the device itself if it falls into the wrong hands. Anybody with access to this file knows where you’ve been over the last year, since iOS 4 was released.

Alasdair has looked for similar tracking code in [Google’s] Android phones and couldn’t find any, says Warden. They haven’t come across any instances of other phone manufacturers doing this, he adds.

“This is a worrying discovery,” says Simon Davies, director of Privacy International. “Location is one of the most sensitive elements in anyone’s life — just think where people go in the evening. The existence of that data creates a real threat to privacy. The absence of notice to users or any control option can only stem from an ignorance about privacy at the design stage.”

— Dennis Sellers

Exit mobile version