Apple Testifies on Mobile Privacy, Location Cache Encryption Coming to iOS
During his testimony, Tribble took great pains to make clear that the iOS location database has not been tracking users' devices directly, instead containing information on nearby cell towers and Wi-Fi access points to aid the device itself in quickly determining its location for services relying on that information. Apple of course acknowledged several bugs that had allowed that local cache to grow larger than intended and prevented the information from being deleted when location services were disabled. Those bugs were addressed with last week's release of iOS 4.3.3.
Apple apparently plans to go further, however, noting that it will encrypt the downsized local cache as of the "next major release" of iOS. And Apple has already ceased backing up the cached access point location data to users' computers as part of the device backup process.
The local cache is protected with iOS security features, but it is not encrypted. Beginning with the next major release of iOS, the operating system will encrypt any local cache of the hotspot and cell tower location information.
Prior to the [iOS 4.3.3] update, iTunes backed up the local cache (stored in consolidated.db) as part of the normal device backup if there was a syncing relationship between the device and a computer. The iTunes backup, including consolidated.db, may or may not have been encrypted, depending on the customer's settings in iTunes. After the software update, iTunes does not back up the local cache (now stored in cache.db).
In response, Tribble briefly explained Apple's App Store review process and noted that the company believes that developer privacy policies would not go far enough in informing users, sharing information on Apple's decision to include visual indicators within iOS telling users when their location is being accessed and which applications have accessed that information within the previous 24 hours.
On the topic of how Apple polices developers on what is done with that data after is collected, Tribble pointed to random audits of applications and their network traffic behavior, a reliance on user and blog reports of issues, and a fast response time to pull down apps exhibiting questionable behavior until those issues can be resolved.
Top Rated Comments
(View all)
I hope they use Kleig Lamps at full power on these jokers. Make the searing heat of the lamps force the truth out of their well practiced script designed to give them and their privacy trampling employers plausible deniability.
Can we then turn them on you to finally learn the truth: That you're shorting Apple stock and merely come here to advance your own goals?
http://cspan.org/Events/Congress-Looks-into-Protecting-Mobile-Privacy/10737421417-1/
Google uses user location as cash cow.
I wonder if the changes will cause IOS devices to take longer getting an initial location?
Not really. The cache still holds for 7 days, which is enough for day-to-day operation. It'll get a little befuddled when on a vacation for a bit, but the end result is that when you do need to query Apple, it sends down a bunch of sites nearby so you don't have to query them again for a while. The timestamps in the cache will likely be such that if you commute in the same area most of the time, you populate the cache once and that's it.
The irony is that this caching design (while only sending updates back to the central DB) is a better means of providing privacy from Apple as it cuts down on the traffic between the two and reduces the information they can glean indirectly if they were being malicious.
Honest question(s) here:
I have a 2nd generation ipod touch does not support iOS 4.3. Does my iPod touch still have the "location tracking" databse in it, and will an update become available for my old iPod touch to remove this database? When I plug my iPod into itunes, it does not show that an iOS update is available.
Or is this whole thing only centered around iPhones, with their cellphone radios? Obviously, my ipod touch cannot track cell towers...
The honest answer: Why do you care? Do you intend letting anyone steal your iPod Touch? And if they steal it, what are the chances that anyone actually bothers checking what is in that cache? And if they actually bother checking, what are the chances that they could find anything that could be used against you?
I wonder if the changes will cause IOS devices to take longer getting an initial location?
Yes, if you turn on GPS in a location where you haven't been for a week or however long the cache lasts. I'd make the cache last 8 days so if you go to some place every week on the same day, it will be in the cache. I mean this is all damage limitation now, how to get the best possible performance while mollifying the clueless idiots who are afraid of non-existing dangers.
The irony is that this caching design (while only sending updates back to the central DB) is a better means of providing privacy from Apple as it cuts down on the traffic between the two and reduces the information they can glean indirectly if they were being malicious.
Well, plenty of clueless idiots who don't understand these things. I'd pick two random points up to three miles from your home and your place of work, then add all the information in a twenty mile radius, so there is plenty of information with no clue about your actual location, and your phone would never ask Apple for information.
Many years ago, I was one of the US Army's top direction finders. An exact location isn't necessary to extract lots of helpful data. Sometimes just the general vicinity will do.
For extreme example, consider if such info had been used to help find bin Laden's courier's travels. It wouldn't be necessary to know all his exact coordinates. Just knowing the towns or heck, even the country in this case, is a huge benefit.
More down to earth, knowing the town where a battered wife goes, knowing that a suspected undercover agent goes to DC, knowing that a spouse visits their ex's city, knowing where your employees were at any hour... any such general location tracking can be powerful info.
Yes, I think it was pretty innocent data collection. No, it's not entirely without possible harmful side effects, albeit for only a small portion of the population.
No, but Apple under Jobs is highly prone to misdirection, which is why they kept the spotlight on that file, not on other collection files.
That's correct. Apple's not tracking people exactly. However, they do keep a record of the zip codes you've done location based requests from, in order to better serve ads to you.
As for that particular database file, the info came from Apple, so there was no reason to send it back.
However, the phone does at times record its exact GPS location and any nearby hotspots or cells, for later transmission to Apple. We are where the later downloaded crowd-sourced info comes from, after all.
This is absolute paranoid delusions, and has been since the first story broke a week ago or whenever. Absolutely crazy, just read Full of Win's posts in this thread. Can't believe he's willing to post on the internet at all with his conspiracy paranoia. It's like you're all in a Bond film, let's find the hardest way to kill (track) someone instead of just picking up a gun (actual location data from Maps and other apps) and shooting them.
And APPARENTLY, no one can seem to remember that theft or 4th Amendment searches are the only way to get ACCESS to the file in the first place. Every paranoid post makes it sound like this file is emailed to every person on the planet every day.
The illogic is running beyond rampant this week. It's insane.
[ Read All Comments ]
A few times a year, MacRumors partners with MacUpdate to promote their Mac application bundle deal.
Their latest bundle delivers 10 Mac applications for $39.99 (a $360 value if all...
Google Wallet for iOS today received its first update following its initial September release. Version 2.0 of the app adds a new feature that allows people to use the iPhone's camera to snap...
Apple started offering free apps, books, and music via its Apple Store app back in August and today the company has updated the app in the U.S. with a list of holiday songs that can be downloaded for...
Olloclip has released a new 3-in-1 quick-connect macro photo lens for the iPhone 5s and iPhone 5, giving users the ability to shoot subjects up close with 7x, 14x, and 21x macro modes. The lens...
FireCore -- the company behind the Apple TV jailbreak apps aTV Flash and Seas0nPass -- has released a new version of Infuse, its iOS video playing app. The update adds a new iOS 7-inspired interface,...
Apple today released an updated version of OS X 10.9.1 for developers, which has a build number of 13B40 . Today's release comes nearly two weeks after the second 10.9.1 beta, which had a build...
Yesterday, Apple began offering refurbished models of the current 27-inch iMac in its online store for the first time, and while two of the three available models quickly sold out, the company is...
Realmac Software has released an iOS companion app for its digital scrapbooking app Ember. Ember is an app to help designers and developers organize images into easily navigated collections with...
