News that certain mobile phone manufacturers have embedded technology in their devices that tracks owners’ movements has raised alarms among privacy rights advocates even though it has been somewhat of an open secret since last year.
The controversy flared up this week when technology bloggers started commenting on a report by two security technology researchers that was presented at a conference in Santa Clara, Calif.
Alasdair Allan, a senior research fellow at the University of Exeter, and Pete Warden, founder of Data Science Toolkit, an open-source software website, reported that starting a year ago, when Apple updated its mobile operating system, the iPhone and the 3G version of the iPad started storing user location data.
The data are collected whenever the device connects with cell-phone towers or Wi-Fi networks. The collected data becomes vulnerable to hackers if the device is later synced to a computer.
“We’re not sure why Apple is gathering this data, but it’s clearly intentional,” Allan and Warden wrote on their website.
Apple has not yet commented publicly on the issue. A call to an Apple spokesperson representing the company’s iPhone division was not returned at press time.
Android reportedly collecting data, too
It is also becoming clear that concern over the tracking software is not limited to Apple devices. On Friday, the Wall Street Journal reported that Google has also been collecting location data from users of its Android OS system, although on a more limited basis than Apple.
Speculation varies about why the manufacturers are allowing their devices to log the users’ physical coordinates. One theory is that advertisers would benefit from knowing what locations users frequent most and in what pattern, in order to target marketing messages their way.
Many companies already offer training to computer forensic experts at law enforcement agencies on extracting location data from mobile devices and software, to help them track suspects in criminal cases.
One such company, Micro Systemation, located in Solna, Sweden, posted on its website Thursday that “the findings … will come as a surprise to most iPhone users, as their devices do not give any visual indication that such data is being recorded. But they are no surprise to the developers here at [the company] who have been recovering this data … for some considerable time.”
The company offers a course on “iPhone Forensics” it says will teach participants “how to recover stored and deleted data.” According to its website, it is targeted to “law enforcement,” “military intelligence operatives” and “corporate fraud investigators,” among others.
The revelation about the phone systems is part of a larger trend regarding mobile devices and privacy, says Catherine Crump, a staff attorney at the American Civil Liberties Union in New York City.
“This is not just about Apple,” she says, “it’s about the broader question about how electronic devices have become integrated in our daily lives. That’s fantastic, but at the same time, it’s a new reality for the rest of us who didn’t grow up with them and are struggling to understand what the privacy trade-offs are in using them.”
Crump adds that even though “we’ve all become heavily reliant” on the devices, it is becoming evident they are designed to “collect or share new information in ways that we don’t’ completely understand.”
What happens next is likely government scrutiny. Several members of Congress have already sent letters to Apple. Democratic Sen. Al Franken of Minnesota wrote that “anyone who gains access to this single file could likely determine the location of a user’s home, the businesses he frequents, the doctors he visits, the schools his children attend, and the trips he has taken.”
Consent by users
Last July, Apple responded to an inquiry from Democratic Rep. Ed Markey of Massachusetts and Republican Rep. Joe Barton of Texas with a letter stating that the “latitude and longitude coordinates are not kept or otherwise associated with an individual,” an assertion contradicted by the research findings this week.
The company also wrote that “by using any location-based services on your iPhone,” users “agree and consent to Apple’s and its partners’ and licensees’ transmission, collection, maintenance, processing and use of your location data to provide products and services.”
Jacqui Cheng, the senior Apple editor at Ars Technica, a technology news website, says the revelations this week will not likely affect sales of either the Apple or Google devices, however she does predict that, in the case of Apple, a software fix will likely take place.
“They might change so it only tracks recent [physical movements], but I can’t see [Apple] getting rid of it altogether because they use the data to improve location tracking to figure out where the Wi-Fi hotspots are,” she says.