Chris Roberts

Apple iPhone Location Debacle - A Quick Guide

• Posted in Technology

There has been a lot of talk in the media over the last couple of days surrounding the Apple iPhone and iPad. Here's a quick guide to the facts of the situation...

What Happens?

  1. It has been discovered that the iPhone and iPad both store a log of their location at various points throughout the day. It has been demonstrated that the devices may log their location around 100 times per day.
  2. When you synchronise your device with iTunes, the file containing the dates, times and locations are also synchronised to iTunes through the backup.
  3. The location data appears in some cases to be a little in-precise. It is assumed that the location is being determined by triangulation of the mobile signal rather than by using GPS. This is presumably done in order to save battery power.
  4. No evidence has been found to suggest that this information is being transmitted to, or stored by Apple.

What's the problem?

The information is being stored in an insecure, unencrypted fashion. It is a relatively simple task for anyone with access to your device (or any device you have synchronised with) to retrieve this file and use the data in it.

If you want to see what your phone has stored about you, take a look at http://www.iphonebackupextractor.com/ and http://petewarden.github.com/iPhoneTracker/

What's the worst that could happen?

There are a few potential horror scenarios ranging from the data being used in divorce settlements to stalkers being able to work out where you live and work based on your movements.

What can I do about it?

There are currently three things that every iPhone and iPad user should do:

  1. Ensure the physical security of your mobile devices and of the devices they synchronise with. In the case of your desktop, make sure it is well protected by a firewall and anti-virus software. It is not unreasonable to assume that producers of mal-ware may produce software which attempts to harvest this data (although there is no evidence that this has happened yet).
  2. Make sure your mobile device has a passcode on it, and that any device you synchronise with has a password. Remember that this information can only be used if someone can gain access to the insecure data file.
  3. Enable the ‘Encrypted Backups' option in iTunes. This will ensure that any backups which are stored will be more secure.

What happens next?

Personally, I'm amazed that information such as this is stored in such an insecure manner. I suspect Apple will respond to the situation by releasing an update in the near future which will change the way this information is stored.

Whether it will be possible to prevent it being stored at all remains to be seen. I suspect the device uses the information to contribute to some of the ‘magic' it appears to be capable of – something which Apple will be keen to preserve!

What's the legal position?

This remains to be seen.  The Terms and Conditions (which I'm sure you all read, right?) do quite clearly state that this information will be recorded...

"Apple and our partners and licensees may collect, use, and share precise location data, including the real-time geographic location of your Apple computer or device. This location data is collected anonymously in a form that does not personally identify you and is used by Apple and our partners and licensees to provide and improve location-based products and services. For example, we may share geographic location with application providers when you opt in to their location services."

... Although that doesn't excuse the careless manner in which it is being stored.

Apple have, so far, been very quiet on the issue. I suspect their legal position is solid – but that's one for the lawyers to sort out!