Skip to main content

Confusion mounts over iPhone tracking data

The revelation that Apple's iDevices track your every move continues to cause concern with some pundits getting all hysterical about conspiracies and others claiming it is much ado about nothing.

Apple fan site iSource has a thorough and sober investigation of the data collected and how it might be used and claims, based on the apparent inaccuracy of the harvested geolocation points, that its use for any nefarious purposes is unlikely.

The article's author has analysed the data gleaned from his personal device and has found that most of the longitude and latitudes captured are way off, sometimes by miles.

"I had a very hard time finding a data point that DID show me exactly where I was - to the degree that someone who didn’t know me could determine where I had been," writes Joe Tomasone. "It never once successfully identified my home, work, or any other location that I frequent. At best, this could be used to show that I was in a given neighbourhood - maybe."

He also discovered that, although the hidden file collects thousands of separate locations points, the vast majority of them are duplicates. In fact, of more than 23,000 points noted since last June, less than 500 of them turn out to be unique.

Tomasone insists that Apple never collects the harvested data, and that is sits quite safely on the computer which hosts you iTunes account, but other reports refute this important point.

F-Secure suggests that Apple collects this data twice a day, but also points out that if your iPhone is snitching your movements to the Cupertino mothership, it's because you gave it permission, even if the request for that permission was somewhat obfuscated.

Do you remember when you first hooked your iPhone or iPad up to iTunes? Does the panel above look familiar? According to F-Secure, it is at this point that you gave Apple permission to log your travel and send that data back to Apple twice a day.

The log-in process is described as "highly misleading" and they may have a point, but those of who take the time to read Apple EULAs word for word before hitting the 'stop nagging already and let me play with my new toy' button will be familiar with the following passage from Apple's T&Cs:

To provide location-based services on Apple products, Apple and our partners and licensees may collect, use, and share precise location data, including the real-time geographic location of your Apple computer or device. This location data is collected anonymously in a form that does not personally identify you and is used by Apple and our partners and licensees to provide and improve location-based products and services.

There's also some useful information in this reply to a request from two members of the US House of Representatives which outlines Apple's policy on privacy and location services.

It states that customers are asked to click an unchecked agreement box stating that they have read and agreed to Apple's terms and conditions before they can use iTunes software or the iTunes Store.

The pertinent bit of those T&Cs reads:

For GPS-enabled devices with location-based services toggled to "on", Apple automatically collects Wi-Fi access point information and GPS coordinates when a device is searching for a cellular network, such as when the device is first turned on or trying to re-establish a dropped connection. The device searches for nearby Wi-Fi access points for approximately 30 seconds. The device collects anonymous Wi-Fi access point information for those that it can "see". This information and the GPS information are stored (or "batched") on the device and added to the information sent to Apple. None of the information transmitted to Apple is associated with a particular user or device.

In short, if Apple is collecting your location data, you gave it permission to, even if that request was couched in harmless-sounding language. Every app which utilises such data asks if you want to to allow it to do so each time it is restarted, and location services can easily be turned off if you are concerned about your movements falling into the wrong hands.

Anyone who has evil intent and intends to stalk you using the collected data would need physical access to your computer and your iTunes account, and the iOS back-up files which contain that data can be encrypted with a single click.

Even if someone did manage to lay their hands on the unencrypted file, the information contained within it is so inaccurate as to be next to useless, unless they needed to know where you were on a given day within a couple of miles. If you're worried about the cops tracking your night-time meanderings, they would need a court order to gain access to the files, and as Apple's harvested information is anonymous in terms of both the device and its owner, they would have to glean that information from your own Mac or PC.

There's something slightly sinister and underhanded about the way Apple has asked people to offer this information, and we have yet to find a simple way, other than starting with a clean install of iTunes and iOS4 to rescind that permission.

The diagnostics permission box used could be more explicit about what information is being gathered, but now the cat's out of the bag it's up to you to decide whether the advantages of location-based services on your iPhone or other Apple device outweigh the risks.