Apple Testifies on Mobile Privacy, Location Cache Encryption Coming to iOS

120742 ios gps location

As noted last week, Apple vice president Bud Tribble today participated in a U.S. Senate panel discussion of mobile privacy, particularly as it relates to location tracking. Tribble's appearance alongside Google's Alan Davidson and other experts and privacy advocates was supplemented with a new formal letter (PDF) from Apple to concerned legislators reiterating and expanding upon comments made several weeks ago as Apple sought to address public scrutiny of the issue.

During his testimony, Tribble took great pains to make clear that the iOS location database has not been tracking users' devices directly, instead containing information on nearby cell towers and Wi-Fi access points to aid the device itself in quickly determining its location for services relying on that information. Apple of course acknowledged several bugs that had allowed that local cache to grow larger than intended and prevented the information from being deleted when location services were disabled. Those bugs were addressed with last week's release of iOS 4.3.3.

Apple apparently plans to go further, however, noting that it will encrypt the downsized local cache as of the "next major release" of iOS. And Apple has already ceased backing up the cached access point location data to users' computers as part of the device backup process.

The local cache is protected with iOS security features, but it is not encrypted. Beginning with the next major release of iOS, the operating system will encrypt any local cache of the hotspot and cell tower location information.

Prior to the [iOS 4.3.3] update, iTunes backed up the local cache (stored in consolidated.db) as part of the normal device backup if there was a syncing relationship between the device and a computer. The iTunes backup, including consolidated.db, may or may not have been encrypted, depending on the customer's settings in iTunes. After the software update, iTunes does not back up the local cache (now stored in cache.db).

Senators also pressed Apple and Google on third-party applications, inquiring about how the companies address data collection and usage by third-party developers offering software for their platforms, as well as whether those developers should be required to publish explicit privacy policies regarding users' data.

In response, Tribble briefly explained Apple's App Store review process and noted that the company believes that developer privacy policies would not go far enough in informing users, sharing information on Apple's decision to include visual indicators within iOS telling users when their location is being accessed and which applications have accessed that information within the previous 24 hours.

On the topic of how Apple polices developers on what is done with that data after is collected, Tribble pointed to random audits of applications and their network traffic behavior, a reliance on user and blog reports of issues, and a fast response time to pull down apps exhibiting questionable behavior until those issues can be resolved.

Top Rated Comments

Small White Car Avatar
133 months ago


I hope they use Kleig Lamps at full power on these jokers. Make the searing heat of the lamps force the truth out of their well practiced script designed to give them and their privacy trampling employers plausible deniability.

Can we then turn them on you to finally learn the truth: That you're shorting Apple stock and merely come here to advance your own goals?
Score: 10 Votes (Like | Disagree)
aiqw9182 Avatar
133 months ago
You can watch it here:
http://cspan.org/Events/Congress-Looks-into-Protecting-Mobile-Privacy/10737421417-1/
Score: 8 Votes (Like | Disagree)
JHankwitz Avatar
133 months ago
Big Deal?

I must live a pretty dull life. I can't think of anyplace I've gone with my iPhone in the past that would warrent concern over someone else knowing where I've been. Cell phone towers have been tracking me for about 5 years now, and I haven't found the need to complain or make a big deal about it. Is everyone else out there involved in covert national security operations, murders, or what?
Score: 5 Votes (Like | Disagree)
Popeye206 Avatar
133 months ago
Funny... A lot of people here are worried about non-descript, non user specific location data, but yet, no one is up in arms that organizations like the FBI monitor internet traffic for IP address access to see who's visiting certain web sites. To me, that is more troubling. That is "big brother" watching you, not some computer company trying to give you better service, or better map data.
Score: 3 Votes (Like | Disagree)
gnasher729 Avatar
133 months ago
I don't understand this argument.

For one obvious example, if a battered woman's crazy ex-husband was able to find everywhere she's visited in the last year by stealing her iPhone, that's a problem. Extreme example, sure. But it's not always strangers that you have to worry about.
The places where she _might_ have been in the imagination of a crazy ex-husband are surely a much bigger risk. As is the contents of her address book, her e-mails, her browser history. So the risk is: Battered woman, crazy ex-husband locates her, steals her iPhone, doesn't mind what's in her address book, browser history, e-mails, but he actually knows about this cache file, has software to investigate her, and kills her because of some place she has been. Very likely. If she gets rid of her iPhone for another phone, it is more likely that he kills her because she must have something to hide. If she sells her iPhone and buys a gun with the proceeds, she is more likely to shoot herself by accident.

But I asked about the risk compared to things like lightning or snake byte. In the USA, an average of slightly more than hundred persons a year die from lightning. Isn't that something you should worry about a million times more?

Just out: Facebook caught exposing millions of user credentials: http://www.theregister.co.uk/2011/05/10/facebook_user_credentials_leaked/

That should keep the crazy ex-husbands busy for a while.
Score: 3 Votes (Like | Disagree)
Krevnik Avatar
133 months ago
I wonder if the changes will cause IOS devices to take longer getting an initial location?

Not really. The cache still holds for 7 days, which is enough for day-to-day operation. It'll get a little befuddled when on a vacation for a bit, but the end result is that when you do need to query Apple, it sends down a bunch of sites nearby so you don't have to query them again for a while. The timestamps in the cache will likely be such that if you commute in the same area most of the time, you populate the cache once and that's it.

The irony is that this caching design (while only sending updates back to the central DB) is a better means of providing privacy from Apple as it cuts down on the traffic between the two and reduces the information they can glean indirectly if they were being malicious.
Score: 3 Votes (Like | Disagree)

Top Stories

iOS 14 on iPhone feature emergency

Apple Releases iOS and iPadOS 14.7.1 With Fix for Touch ID Apple Watch Bug

Monday July 26, 2021 9:48 am PDT by
Apple today released iOS and iPadOS 14.7.1, minor bug fix updates that come just a week after the release of iOS 14.7, software that introduced new Apple Card features and support for the MagSafe Battery Pack. The iOS and iPadOS 14.7.1 updates can be downloaded for free and the software is available on all eligible devices over-the-air in the Settings app. To access the new software, go to...
iPad mini pro feature 2

iPad Mini 6 to Feature 8.3-Inch Display With No Home Button and Narrower Bezels

Monday July 26, 2021 12:26 pm PDT by
The sixth-generation iPad mini that's in the works will have an 8.3-inch display, according to display analyst Ross Young. That will be larger than the current 7.9-inch display, with the larger size due to the removal of the Home button and a narrower bezel design. Rumors about the iPad mini 6 have been picking up in recent weeks ahead of its prospective launch this fall. Apple analyst...
iphone 12 pro gold

Report: iPhone 14 Pro Models to Feature Tough Titanium Alloy Chassis

Monday July 26, 2021 1:12 am PDT by
Next year's "iPhone 14" series is expected to feature high-end models with a new titanium alloy chassis design, claims a new investors report by JP Morgan Chase. According to the report, the use of titanium alloy will be one of the biggest changes to the case design in the 2022 iPhone series, and Foxconn will be the exclusive manufacturer of the titanium frames for the high-end models....
nothing ear 1 buds 1

Nothing 'Ear (1)' True Wireless Earbuds Launch to Take on AirPods Pro With ANC and Unusual Design for $99

Tuesday July 27, 2021 7:57 am PDT by
Nothing, a new brand from OnePlus founder Carl Pei, has today officially launched the "Ear (1)" true wireless earbuds after months of anticipation around the company's AirPods Pro rival. The Ear (1) features an in-ear design, Active Noise Cancelation, Bluetooth 5.2, IPX4 water resistance, and a charging case with Qi-compatible wireless charging and a USB-C port. Fast pairing is supported on...
apple mac business page

Apple Shares 11 Reasons Why Business Users Should Choose Macs

Monday July 26, 2021 11:35 am PDT by
Apple today updated its Apple at Work website with a new section dedicated to the Mac, which offers up 11 reasons why "Mac means business." On the webpage, Apple highlights the M1 chip as the number one reason why business users should choose a Mac, offering up an M1 overview [PDF] that explains the benefits of the M1 chip. The information isn't new, but it does provide a look at all of...
imac with accessories

Larger Redesigned High-End iMac Rumored to Launch Next Year

Monday July 26, 2021 3:45 am PDT by
Apple's larger redesigned iMac will arrive sometime in 2022 rather than later this year, according to the leaker known as "Dylandkt." On Twitter, Dylandkt claimed that Apple's "high end iMac" is not expected to release in the fourth quarter of 2021 alongside Apple's "M1X Macs" – a reference to Apple's redesigned MacBook Pro models – because "Apple simply does not want their devices to...
General iOS 14

iOS 14.7.1 and macOS Big Sur 11.5.1 Patch Security Vulnerability That May Have Been Actively Exploited

Monday July 26, 2021 11:55 am PDT by
Apple today released unexpected iOS 14.7.1 and iPadOS 14.7.1 updates to the public, and according to a newly released support document, the software addresses a serious security vulnerability that may have been exploited in the wild. Apple says that an application may have been able to execute arbitrary code with kernel privileges due to a memory corruption issue. "Apple is aware of a report ...
apple bitcoin hack

Is Apple Really Buying Bitcoin?

Monday July 26, 2021 3:07 am PDT by
A large number of websites and posts on social media are stoking rumors that Apple has purchased $2.5 billion worth of bitcoin in the company's first move into cryptocurrency, but is there any validity to the claims? Many people are citing the fact that Apple was looking for a Business Development Manager with experience in alternative payments, including cryptocurrency, earlier this year as ...
tesla red orange bg feature

Tesla CEO Elon Musk Takes Shots at Apple During Earnings Call

Monday July 26, 2021 4:53 pm PDT by
During a Tesla earnings call that took place today, Tesla CEO Elon Musk spent time sniping at Apple, reports CNBC. Musk criticized Apple's "walled garden" and made comments on the company's cobalt use. In a discussion about plans to allow Tesla competitors to use the Tesla electric vehicle charger network, Musk said that Tesla does not want to create a walled garden to "bludgeon" Tesla...
FaceID iMac REREREREMIX

Gurman: Face ID on the Mac Coming Within a 'Couple of Years'

Sunday July 25, 2021 7:09 am PDT by
Apple plans to bring Face ID to the Mac within the next "couple of years," respected Bloomberg journalist Mark Gurman said today in the latest edition of his Power On newsletter. In the newsletter, Gurman says that he believes Apple's ultimate goal is to shift all of its products to Face ID, including the lower-end iPhones such as the iPhone SE and the iPad Air, which feature Touch ID....