Amid a brewing controversy over a tracking feature in Apple’s iOS 4, several members of the US government have called on Apple to explain why the information is being gathered.
Edward Markey, a member of the House of Representatives, wrote to Apple CEO Steve Jobs on April 21 requesting information and suggesting that the practice may violate the Federal Communications Act. Markey asked Apple to confirm that the collection feature exists, explain why it was developed, describe how customer information is collected and verify whether users can disable the collection.
“Apple needs to safeguard the personal location information of its users to ensure that an iPhone doesn’t become an iTrack,” wrote Markey.
Apple’s iPhone and the 3G iPad running iOS 4 are regularly recording the device’s location position into a hidden database file, Alasdair Allan, one of the researchers who discovered the file, wrote April 20 on the O’Reilly Radar blog. Location data is being saved to the file and is regularly backed up when the device is synced to the PC, according to Allan.
The data saved in consolidated.db appears to contain cell-tower triangulation information and names of WiFi access points, not actual GPS data from the phone.
“What makes this issue worse is that the file is unencrypted and unprotected, and it’s on any machine you’ve synced with your iOS device,” Allan wrote. Anyone can look at the file to know where the user – or at least, the device – has been over the past year since the iOS was released in June, said Allan.
It is not clear if the data is being sent on to Apple, and Apple is not saying anything at this point. However, in a letter to Markey last July, Apple said it may “collect and transmit cell tower and WiFi Access point information”, which it would then use to build a cell tower and WiFi access-point database. The data is “batched and then encrypted and transmitted to Apple over a secure WiFi Internet connection every 12 hours”, Apple said in that letter.
Apple used to build the location database by licensing the data from Skyhook, which collected the information by sending cars to “drive around the world”, F-Secure’s researchers wrote on the News from the Lab blog. Apple started replacing the Skyhook database with its own iPhone OS 3.2, which was released in April 2010. Apple asked user permission via a highly misleading prompt shown during the initial iTunes installation, according to F-Secure.
Google also maintains its own global database of the locations of WiFi networks, based on information collected when the Google Maps Street View cars were going around the globe.
Allan and his co-researcher, Pete Warden, have released an open-source iPhone Tracker application that can plot the collected information on a map.
This is the second such unprotected file containing user information found on mobile devices this month. Skype recently fixed a security flaw that would have allowed a third-party application to view user data stored in a Skype database on Android phones.
Markey is not the only concerned voice in Congress. Senator Al Franken penned his own note to Jobs asking for details on why it is collecting the data, on what devices, how frequently it is being collected, what Apple does with it, why it is not encrypted, and why Apple did not notify its users, among other things.
It is also possible that this is a bug, and Apple will fix it immediately. “My little-birdie-informed understanding is that consolidated.db acts as a cache” for recent location data, and historical data is supposed to be removed, wrote John Gruber on the Daring Fireball blog.
San Francisco jury finds Nima Momeni guilty of second-degree murder of Cash App founder Bob…
US Supreme Court says it will hear appeal of TikTok and parent ByteDance against ban…
Japanese start-up Space One destroys Kairos rocket for second time shortly after launch, as country…
World's biggest EV battery maker CATL aims to build 1,000 battery-swap stations next year, rising…
Facebook has 'severely restricted' news content from Palestinian outlets since October 2023 amidst bias concerns,…
Amazon faces strike actions at facilities across US days before Christmas as union members authorise…