Wednesday, April 20, 2011

iPhone and iPad can track a user's location history

Security researchers discover tracking files in apple devices.
Security Researchers have found hidden data files in the Apple Devices that contain details records of user whereabouts.

Privacy advocates are SCREAMING FOUL!!!

The discovery comes as many technology companies are coming under fire for the ways in which they collect, store and share personal information gleaned from consumers' use of digital devices.

Apple, Google Inc. and Facebook Inc., they of the most popular consumer technology companies have attracted intense interest from regulators and privacy advocates as of late.


Apple raised eyebrows last year when it added a phrase to its privacy policy disclosing that it would "collect, use and share precise location data, including the real-time geographic location of your Apple computer or device." The company said that the data were anonymous and could not be used to identify the original user.


But Allan of Exeter University and Warden, a former Apple engineer, said the cache of location information on a user's iPhone or iPad can be linked easily to the user and is not protected by any security.

Cellphone location data have long been collected by wireless providers to help route calls to mobile users. Law enforcement officials can get access to that data, but it generally requires a court order.

"Now this information is sitting in plain view, unprotected from the world," Warden and Allen wrote in an online post on the O'Reilly Radar technology site. The data are "available to anyone who can get their hands on your phone or computer," they said.

Also in recent days Apple has come under fire over kids' in-app purchases.  It is facing a lawsuit from a Pennsylvania man whose 9-year old  daughter racked up $200 in charge buying "Zombie Toxin" and other game items on her iPod.

Apple did not return requests for comment.

What can you do in the meantime? Allan and Warden advise Apple users to encrypt their iTunes backups by selecting your device within iTunes, then checking "Encrypt iPhone Backup" under "Options."

Update: 04/21/2011

Government officials want answers to secret iPhone tracking-MSNBC

While iPhone and iPad owners waffled between Skynet jokes and genuine concern over the confirmation that the devices are mapping their every move in accessible files for up to a year, Sen. Al Franken, D-Minn., got down to business, firing off nine pointed questions in a two-page open letter to Apple CEO Steve Jobs.


Update 4/22/2011
Police use Apple iOS tracking data for investigations- DigitalTrends

According to a company called Katana Forensics, however, the unencrypted data is also used by law enforcement for their own purposes.

“The information on the phone is useful in a forensics context,” said Alex Levinson of Katana. The company’s iOS data extracting software, Lantern 2, is often used by “small-town local police all the way up to state and federal police, different agencies in the government that have forensics units.”

While the collection of cell phone data by law enforcement remains a controversial topic, the practice has so far been upheld as constitutional by the courts.

Update 08:25am 04/25/2011
Apple: We 'must have' comprehensive user location data on you - International Business Times
Iphone Stored Location in Test even if disabled - The Wall Street Journal

Discovery this week that it's not just the iPhones that are keeping track of their users.  But the Mac computers running Snow Leopard and even Windows computers running Safari 5 are being watched.  The report by Internation Business Times went on to talk more about  Apple's general counsel, answering a June 2010
 congressional letter to CEO Steve Jobs inquiring about the company's privacy policy and location-based services, wrote Apple "must have access to the comprehensive location-based information" to help it better serve customer.

In their article The Wall Street Journal ran tests on the iPhone 4 even after turning off the location services that phone still continued to collect and store data.  The locations data appeared to be collected using cellphone towers and Wi-Fi access points near the user's phone.  In their article they also stated that not only is Apple doing this, Google is as well.  Last week the Journal reported that cellphones powered by Google Inc.'s Android software transmitted their locations back to Google as well.

Update 10:45am 04/25/2011
Apple's Location Data Collection Probed in South Korea  - Bloomberg 
iOS location data prompts investigation of Apple in South Korea, Europe - AppleInsider
 

AppleInsider and Bloomberg are reporting that investigations into iOS location data are now opening up in South Korea, France, Germany and Italy.  Were privacy regulators will be determining if Apple is breaking the law.  Apple will also be required to explain why such data is saved on devices and if it's stored on company's servers.

Update 7:45am 04/282011
Apple Denies iPhones store user location - Bloomberg
Bloomberg reported this morning with a Statement from Apple that the information found by researchers it's tracking information and isn't anything that they are attempting to store.  It is the result of a bug that is causing phones to keep data longer than intended.  This is the first response from Apple to the allegations that the Phones are storing up to a year's worth of user location data.  The log they went on to day isn't a log of the phone's location but a list of Wi-Fi hotspots and cell towers nearby.  That helps the phone figure out it's location without having to listen for Faint GPS satellites.

Update 1:52PM 05/04/2001
iOS4.3.3 out with location tracking fixes for iPhone and iPad - Arstechnica, Appleinsider

Apple has released an expected iOS update that addresses a number of issues related to the iPhone location tracking controversy. iOS 4.3.3 is available via iTunes for the GSM iPhone 4, iPhone 3GS, all iPads, and the fourth-generation iPod touch. (Another update, iOS 4.2.8, is available for CDMA iPhone users.)

According to the release notes, iOS 4.3.3 reduces the size of the location database cache, stops backing the cache up to iTunes when you connect your device to a computer, and deletes the cache entirely when you turn Location Services off. There are no other notes attached to the update, though it's possible (as always) that Apple may have slipped some other bug fixes into it as well. (We hear there are bug fixes for the iPod touch, but we're not sure what those fixes are yet.)


Update 8:29am 05/11/2011
Google and Apple testify in front of congress regarding privacy and tracking data.


Source: LATimes, Bloomberg, O'Reilly Radar. MSNBC, Ars Technica, DigitalTrends,
International Business Times, The Wall Street Journal, Bloomberg, AppleInsider

No comments:

Post a Comment