This week’s report that iOS devices contain a secret file storing users’ locations and movements for up to a year has raised a lot of eyebrows. Reactions have ranged from sky-is-falling freakouts by privacy advocates to shrugs of the shoulders by those who have come to expect that they are never truly off-the-grid.
If you aren’t aware, earlier the week two data scientists reported on a hidden file found in the iPhone and iPad called “consolidated.db.” This file contains location information like latitudes and longitudes coupled with timestamps that make it incredibly easy to map out a chart of everywhere a user has been in the past year. This file exists on the device itself as well as any computer with which the device has been synched. Oh yeah, the file is also unencrypted.
This obviously raised many concerns about privacy and some people are understandably upset. Many are upset that they did not know about this file and don’t feel as though they ever voluntarily opted-in to the location data storage. These are valid points, and people have a right to be concerned by the implications.
The fact that Apple and other companies are able to track your location is no shock to anyone. Apple has even admitted that it collects anonymous location data at random intervals from its clients from GPS coordinates to any wi-fi or cell towers that the device is near. The purpose of this is most likely to help Apple improve upon a giant location database for use in diagnostics and geo-location apps. This is old news, per say.
All of this data is supposedly anonymous and not logged, however, according to Apple. The fact that a specific file exists that holds location information for such a long period of time is what worries people. If that file fell into devious hands, then the implications are a tad frightening. Or, God forbid, the stored information data specific to users past movement is being sent to Apple or other parties. Though speculated as a possibility by some, nobody has been able to turn up any evidence that this is actually happening.
In the past, Google has also admitted to collecting random, anonymous location data from Android users. They have said that the information is used for building wi-fi hotspot databases as well as improving traffic maps.
The Wall Street Journal has reported, however, that Google may be collecting location data much more frequently and without total anonymity.
According to research by security analyst Samy Kamkar, his HTC Android device collected location data every few seconds and submitted it to Google multiple times an hour. It also submitted the name and location of any nearby wi-fi network as well as a “unique phone identifier,” which admittedly sounds pretty ominous.
Kamkar has a speckled past, according to the WSJ, so they checked his findings through an independent consultant:
Mr. Kamkar, 25 years old, has a controversial past. In 2005, when he was 19, he created a computer worm that caused MySpace to crash. He pled guilty to a felony charge of computer hacking in Los Angeles Superior Court, and agreed to not use a computer for three years. Since 2008, he has been doing independent computer security research and consulting. Last year, he developed the “evercookie”—a type of tracking file that is difficult to be removed from computers—as a way to highlight the privacy vulnerabilities in Web-browsing software.
The Journal hired an independent consultant, Ashkan Soltani, to review Mr. Kamkar’s findings regarding the Android device and its use of location data. Mr. Soltani confirmed Mr. Kamkar’s conclusions.
Transmission of location data raises questions about who has access to what could be sensitive information about location and movement of a phone user.
Although the collection of random location data by these companies is not breaking news, these recent developments about Apple and Google are significant because they suggest that the tracking might not be as anonymous and intermittent as previously thought.
Some people are able to reconcile the fact that they live in a world where off-the-grid is becoming an obsolete term. Others are scared by the implications of such accessible data about their whereabouts. Where do you land?