A report on The Atlantic today has brought our attention to the investigation carried out by a group of security researchers into secret files held on Apple iPhones. According to the report, researchers have uncovered a hidden application which contains "the latitude and longitude of the phone's recorded coordinates along with a timestamp" of every location a user visits. Anyone who has been using the Apple 4 operating system will have a one-year-long log of their movements stored on their phone already.
iPhone users will rightly be concerned that their movements are being covertly monitored in this way.
It goes without saying that people ought to be able to move around freely without accumulating a digital record of all their movements. There is significant scope for this kind of technology being used for malign purposes. It could, for example, be accessed by jealous spouses or business rivals keen to know someone's location at a particular time.
While it is a disgrace that iPhones were pre-loaded with this software in the first place, it ought to now fall on the company to provide its customers with information about how to either delete or permanently disable the application.
Just tick "Encrypt iPhone backups" on the summary screen for your device in iTunes.
Problem solved.
Posted by: Adrian Short | 20/04/2011 at 04:43 PM
I am sick of reading articles like this. Where has our rights to privacy gone?
Posted by: Account Deleted | 20/04/2011 at 06:19 PM
@Mikefromtheuk: Personally I'm much more sick of people over-reacting and misreporting the facts.
"Researchers" have NOT "uncovered a hidden application" at all. That's completely inaccurate.
What they *have* found is that Location Services (the framework that applications can query to obtain the current location of the device, subject to user approval) keeps a database containing the device's location and a timestamp. This really isn’t that big a deal, particularly as many iPhone users are already advertising their location through services like Twitter, Gowalla, Foursquare and so on, but I suppose it does make great copy on privacy websites (especially if you get the facts wrong a bit and talk about “hidden applications”).
Posted by: alastair | 21/04/2011 at 03:57 PM
Oh dear. Coverage of this "discovery" seems to fall into two camps. People who have looked into what Apple's location cache actually is and people who have read the headlines and make up the story based entirely on the headlines. Sadly this post falls firmly into the latter of the two camps.
What is being stored is not ""the latitude and longitude of the phone's recorded coordinates along with a timestamp" of every location a user visits" ... what is being cached is the location of every cell tower that the phone has been within the vicinity of. That is not the same as the location and most people reading will equate "location" with "GPS position", which is just wrong.
Neither is it "a disgrace that iPhones were pre-loaded with this software in the first place, it ought to now fall on the company to provide its customers with information about how to either delete or permanently disable the application". This isn't an application, it's part of the mobile phone operating system. If you delete this information the phone will be substantially slower with all components that use location, the camera, maps, location apps and so on, either having to make time costly network calls or not working at all.
This cache file isn’t accessible if your iOS device has a passcode lock enabled, which it should be, and while it is backed up to any computer you synch your iOS device with, if your backups are encrypted, which they should be, this cache file isn’t accessible is anyone, especially not “a jealous spouse or private detective” as the researchers claim (http://www.vicchi.org/2011/04/21/ios-location-tracking-gross-invasion-of-privacy-or-media-sensationalism/).
Regardless of what the mobile handset companies do, you’re damned if you do and damned if you don’t. If you do cache information which is perceived, rightly or wrongly, to be sensitive then media outrage will result. If you don’t cache such information, then a mobile device will be reliant on network access every time the un-cached information is needed and that mobile device will be perceived as being “too slow“ (http://www.vicchi.org/2011/04/23/locations-ick-factor-first-ios-and-now-android/)
Sorry BBW, I would have expected this from The Daily Mail but not from you.
Posted by: Vicchi | 23/04/2011 at 03:08 PM
Update: Apple just explained what this file actually contains (and, lo and behold, it isn’t actually your location at all).
http://www.apple.com/pr/library/2011/04/27location_qa.html
It’s actually quite a clever idea (holding a cache of relevant pieces of a much larger database).
Posted by: alastair | 27/04/2011 at 02:06 PM