Apple on Tuesday responded to the controversy surrounding its handling of location data on the iPhone and denied tracking iPhone users' whereabouts. The company attributed the volume of stored location data to a software bug, and committed to encrypting the data on iPhones while eliminating it from backups in a forthcoming software update.
Apple's explanation arrives following a letter of inquiry sent on Monday by the House Energy and Commerce Committee to Apple CEO Steve Jobs. The letter seeks an explanation of Apple's location data policies in light of press reports about the presence of location data on iPhones. While the initial report last week about the discovery of location data on iPhones was subsequently revealed to be old news in the forensics community, the issue has continued to fester in the absence of a clear and comprehensive response from Apple. A lawsuit accusing Apple of violating privacy and computer fraud laws through its location data practices was filed in Florida last week.
Apple accepts some blame for situation, stating in a note posted on its website on Wednesday that "the creators of this new technology (including Apple) have not provided enough education about these issues to date."
Disavowing any interest in tracking the locations of iPhones, Apple described its data gathering as an attempt to build a crowd-sourced database of Wi-Fi hotspots and cell towers to hasten location calculations, which are useful in apps that utilize location services and in core phone functions.
"Calculating a phone's location using just GPS satellite data can take up to several minutes," Apple explained. "iPhone can reduce this time to just a few seconds by using Wi-Fi hotspot and cell tower data to quickly find GPS satellites, and even triangulate its location using just Wi-Fi hotspot and cell tower data when GPS is not available (such as indoors or in basements)."
Although the location data stored on iPhones corresponds to hotspots and cell towers (some of which may be as many as 100 miles away from the iPhone user), rather than the geographic locations of iPhone users, many location records may still be closely aligned with the user's actual location at the time the data is recorded.
Apple said that when this data is transmitted to the company it is encrypted and anonymous. However, it acknowledged while the cache of hotspot and location data it is not encrypted, but instead is protected through obscurity, which is regarded in the security industry as a dubious security strategy. Nor is the iTunes backup of the cache encrypted, unless specified to be so by the user.
To remedy the situation, Apple has promised to release an iOS update in a few weeks that reduces the crowd-sourced database so that it stores seven days of data instead of a year's worth, stops backing up the database cache in iTunes, and deletes the cache when the Location Services option is disabled. In addition, the hotspot and cell tower database that resides on iPhones will be encrypted in the next major iOS release, which is likely to be several months from now.
Apple also said that it is collecting anonymous crowd-sourced traffic data in order to offer an improved traffic service to iPhone users in the coming years. Presently, iPhone users have access to Google-provided traffic data through the Maps application that comes pre-installed on every iPhone.
Since Apple and Google began viewing each other as competitors in August 2009, when then Google CEO Eric Schmidt resigned from Apple's board of directors, it has been widely assumed that Apple will eventually seek to revise or replace its software and services that depend on Google. Apple's acquisition of mapping companies Placebase and Poly9 have only strengthened such speculation.
Return to security news headlines
View Security News Archive