Apple Testifies on Mobile Privacy, Location Cache Encryption Coming to iOS

As noted last week, Apple vice president Bud Tribble today participated in a U.S. Senate panel discussion of mobile privacy, particularly as it relates to location tracking. Tribble's appearance alongside Google's Alan Davidson and other experts and privacy advocates was supplemented with a new formal letter (PDF) from Apple to concerned legislators reiterating and expanding upon comments made several weeks ago as Apple sought to address public scrutiny of the issue.

During his testimony, Tribble took great pains to make clear that the iOS location database has not been tracking users' devices directly, instead containing information on nearby cell towers and Wi-Fi access points to aid the device itself in quickly determining its location for services relying on that information. Apple of course acknowledged several bugs that had allowed that local cache to grow larger than intended and prevented the information from being deleted when location services were disabled. Those bugs were addressed with last week's release of iOS 4.3.3.

Apple apparently plans to go further, however, noting that it will encrypt the downsized local cache as of the "next major release" of iOS. And Apple has already ceased backing up the cached access point location data to users' computers as part of the device backup process.

The local cache is protected with iOS security features, but it is not encrypted. Beginning with the next major release of iOS, the operating system will encrypt any local cache of the hotspot and cell tower location information.

Prior to the [iOS 4.3.3] update, iTunes backed up the local cache (stored in consolidated.db) as part of the normal device backup if there was a syncing relationship between the device and a computer. The iTunes backup, including consolidated.db, may or may not have been encrypted, depending on the customer's settings in iTunes. After the software update, iTunes does not back up the local cache (now stored in cache.db).

Senators also pressed Apple and Google on third-party applications, inquiring about how the companies address data collection and usage by third-party developers offering software for their platforms, as well as whether those developers should be required to publish explicit privacy policies regarding users' data.

In response, Tribble briefly explained Apple's App Store review process and noted that the company believes that developer privacy policies would not go far enough in informing users, sharing information on Apple's decision to include visual indicators within iOS telling users when their location is being accessed and which applications have accessed that information within the previous 24 hours.

On the topic of how Apple polices developers on what is done with that data after is collected, Tribble pointed to random audits of applications and their network traffic behavior, a reliance on user and blog reports of issues, and a fast response time to pull down apps exhibiting questionable behavior until those issues can be resolved.

Top Rated Comments

(View all)

111 months ago

I hope they use Kleig Lamps at full power on these jokers. Make the searing heat of the lamps force the truth out of their well practiced script designed to give them and their privacy trampling employers plausible deniability.

Can we then turn them on you to finally learn the truth: That you're shorting Apple stock and merely come here to advance your own goals?
Rating: 10 Votes
111 months ago
You can watch it here:
Rating: 8 Votes
111 months ago
Big Deal?

I must live a pretty dull life. I can't think of anyplace I've gone with my iPhone in the past that would warrent concern over someone else knowing where I've been. Cell phone towers have been tracking me for about 5 years now, and I haven't found the need to complain or make a big deal about it. Is everyone else out there involved in covert national security operations, murders, or what?
Rating: 5 Votes
111 months ago
Funny... A lot of people here are worried about non-descript, non user specific location data, but yet, no one is up in arms that organizations like the FBI monitor internet traffic for IP address access to see who's visiting certain web sites. To me, that is more troubling. That is "big brother" watching you, not some computer company trying to give you better service, or better map data.
Rating: 3 Votes
111 months ago

I don't understand this argument.

For one obvious example, if a battered woman's crazy ex-husband was able to find everywhere she's visited in the last year by stealing her iPhone, that's a problem. Extreme example, sure. But it's not always strangers that you have to worry about.

The places where she _might_ have been in the imagination of a crazy ex-husband are surely a much bigger risk. As is the contents of her address book, her e-mails, her browser history. So the risk is: Battered woman, crazy ex-husband locates her, steals her iPhone, doesn't mind what's in her address book, browser history, e-mails, but he actually knows about this cache file, has software to investigate her, and kills her because of some place she has been. Very likely. If she gets rid of her iPhone for another phone, it is more likely that he kills her because she must have something to hide. If she sells her iPhone and buys a gun with the proceeds, she is more likely to shoot herself by accident.

But I asked about the risk compared to things like lightning or snake byte. In the USA, an average of slightly more than hundred persons a year die from lightning. Isn't that something you should worry about a million times more?

Just out: Facebook caught exposing millions of user credentials:

That should keep the crazy ex-husbands busy for a while.
Rating: 3 Votes
111 months ago

I wonder if the changes will cause IOS devices to take longer getting an initial location?

Not really. The cache still holds for 7 days, which is enough for day-to-day operation. It'll get a little befuddled when on a vacation for a bit, but the end result is that when you do need to query Apple, it sends down a bunch of sites nearby so you don't have to query them again for a while. The timestamps in the cache will likely be such that if you commute in the same area most of the time, you populate the cache once and that's it.

The irony is that this caching design (while only sending updates back to the central DB) is a better means of providing privacy from Apple as it cuts down on the traffic between the two and reduces the information they can glean indirectly if they were being malicious.
Rating: 3 Votes
111 months ago
I'm guessing they were not bugs, but instead design flaws because little or no attention was given to the issue. Changing the design ("fixing the bugs") after the fact is better than nothing.
Rating: 3 Votes
111 months ago

If you have nothing to hide, you have nothing to fear.

This is a totally stupid attitude and completely misses the whole point. Everybody has lots of things to hide. If you have nothing to hide, please post your name, address, social security number, your mother's maiden name, and all your bank account details.

The real point is that there are plenty of idiots who get all excited and don't understand risks and don't understand _what_ they should fear. They get excited about data that isn't actually accessible to anyone by themselves, and that couldn't be used to hurt them except in their craziest phantasies if it was accessible, when there are plenty of real dangers.

There are ten million credit card numbers in the hands of some hacker. There is some vague location information that is in the hand of the people who rightfully own it.

For extreme example, consider if such info had been used to help find bin Laden's courier's travels. It wouldn't be necessary to know all his exact coordinates. Just knowing the towns or heck, even the country in this case, is a huge benefit.

You are confusing "privacy concerns" with "forensic evidence".
Rating: 2 Votes
111 months ago

Apple doesn't gather our private information then sell it to advertisers without asking or letting us know the way facebook and google do ...

Remember that free iOS update that included iAd?

Facebook and Google don't sell your information to someone else. They sell the fact that they have it, and use it to place ads more effectively. They are the go between for advertisers and their customers (or users). They hold enormous amounts of demographics and data.

You make an ad campaign, and pick the demographics who you want to target, and google and Facebook take care of the rest. Facebook ads can get scary accurate. Apple would be insane to run an ad network and not do something similar. There would be no reason to advertise with them if they were many times less effective than their competitors.

The privacy concerns are overblown and paranoid.

Don't worry, others will protect your rights for you.

Good to see them fixed, but there are a heck of a lot more things to worry about than some generic and vague data on the iPhone location log.

There is always something bigger to worry about. If people took that viewpoint, nothing small would ever get done.

If you have nothing to hide, you have nothing to fear.

"This is a version of the very popular “The innocent have nothing to fear” argument, which is wheeled out whenever authorities wish to bring in new measures which increase surveillance or limit freedoms in the name of increasing security. For example, someone demands to search your luggage. You object to this intrusion on your privacy, but you are told that if you are innocent, you have no reason to object. After all, what are you trying to hide?

The argument is a particular species of false dichotomy. You are presented with a simple either/or choice. Either you’re guilty, and so should be exposed; or you are innocent, in which case nothing will be exposed, and so you have nothing to worry about. Either way, you have no legitimate reason to be concerned. Like all false dichotomies, the problem is that there is at least one more option than the two offered in the either/or choice. — Julian Baggini
Rating: 2 Votes
111 months ago

Yes, by Federal law, cell phones have to be locatable to a degree. However, the difference, the big difference, that you gloss over is accessibility of the data. There is a layer of protection that surrounds the location data from my iPhone (and iPad) logged in this way with the telco verses none with the logging of location done by Apple that is stored locally on the computer and device. Another point that you seem to not mention is disclosure. It is well know that phones are tracked to a degree as part of E911. However, what Apple did, collecting location data for its own purposes even after location services was turned off, was not disclosed to the user. This was wrong.

LOL! I sooooo disagree. My goodness... do they need to disclose every single cached file for every application? Maybe our government will insist on a 10 page document in 2pt type disclosing all the file structure techniques for every application on your phone, on your computer, etc...

You just love to find something to complain about.

Like I said before... want my file? I'll give it to you. Tell me where I live and send you a $50 gift certificate for dinner. Just mail me a self addressed return envelope and I'll send you the gift card.

This is so freak'n ridiculous.
Rating: 2 Votes

[ Read All Comments ]