Chances are you’ve already heard the news about iOS 4-enabled devices secretly recording location data and backing that information up—unencrypted— each time you sync your iPhone or iPad with iTunes. The story has all the right elements to set off a wave of panic among the media and smartphone users (we’re more aware of privacy and security issues than ever, after all), but it appears the situation is a bit more complicated.
The iPad and iPhone’s tracking and recording of location information was reported yesterday by Alasdair Allan and Pete Warden, two researchers at O’Reilly Media. Allan writes, “Ever since iOS 4 arrived, your device has been storing a long list of locations and time stamps. We’re not sure why Apple is gathering this data, but it’s clearly intentional, as the database is being restored across backups, and even device migrations.”
While their blog post draws attention to a potential privacy breach for iOS users, Allan and Warden tempered their finding: “…there is no immediate harm that would seem to come from the availability of this data. Nor is there evidence to suggest this data is leaving your custody. But why this data is stored and how Apple intends to use it — or not — are important questions that need to be explored.”
The other perspective
Following a flood of media attention to the researchers’ findings, Alex Levinson, a forensic computing researcher at the Rochester Institute of Technology, stepped up to add a slightly different perspective to the conversation.
According to Levinson, who works for Katana Forensics, which manufacturers tools for obtaining information from iOS devices, Apple is not harvesting data from these devices. Rather, he says it’s used by apps to determine your location and allow “geolocational data to operate.”
Moreover, he says, the hidden tracking system is nothing new; the location database that tracks which cell phone towers your phone has connected to has been around for a while. Levinson points out that this location database is actually one of the files that makes Apple smartphones “smart,” by allowing your iPhone to detect your location and provide you with relevant information, like Foursquare and other apps that use GPS data.
Levinson also writes that, through his work with law enforcement agencies, he has seen location data be harvested off of phones as part of investigations. So while Allan and Warden may not have discovered something new, the issue of having personal, unencrypted data on your iPhone or iPad (that can be searched without a court order, no less), still remains.
What can you do about it?
While the implications of iOS 4’s handling of location data remain muddy, privacy-conscious iOS users can take steps to protect their data. If you’re wary of having location data stored on your phone, Allan and Warden suggest encrypting your backups via iTunes. (Check “Encrypt iPhone Backup” within the iTunes Options menu.) Additionally, Levinson points out that users can disable Location Services via the Settings menu on their iOS devices.
One thing’s for sure: Allan and Warden certainly hit a nerve with their report. Considering the use of location data in popular apps such as Foursquare, Google Maps, and even the iOS Camera tool, does this recent revelation worry you? Share your opinion in the comments.