Wait, so our mobile phones know where we’ve been!? This is such a shock!

The shock is the jock

I’ve largely refrained from comment on this whole issue until now because everything that could be said probably has. Then again, by definition that’s true for pretty much everything we all blog, and its a lame excuse, so I’m going to write about it anyway ;).

The issue here is the discovery of a location database in iPhone and Android devices, and what privacy concerns it introduces.

Last year the whipping boy in privacy circles was Google for their Street View trucks. After it was uncovered Google engineers had unwittingly captured WiFi data packets from unencrypted WiFi networks on the routes they were photographing, lawmakers demanded Google be reprimanded. In early March I argued the real issue wasn’t that Google was logging data (maliciously or otherwise) but that people were broadcasting their networks without any security, and that it was the fault of networking companies for not making that clear.

In 2011 we have Apple’s logging of phone towers and WiFi locations on people’s iTelephones. Unlike the silly Antennagate issue I do believe Apple does have some real explaining to do and must address these issues, but as usual I also think the mainstream media have blown the story way out of proportion. Its so unlike them ;).

The bad news

Icon from the Tango Desktop Project

First to the bad news. Wait, I already said that. Located on every iTelephone with the iOS 4.0 software or above is a simple, unencrypted, easily readable SQLite database containing the locations of cell towers and WiFi networks that the device has been in proximity to. By using software like iPhoneTracker to visualise it, theses databases paint a chilling picture of where you’ve been.

It gets worse. Unlike Android devices which routinely remove entries from their equivalent location databases over a certain age, it appears the iOS location database… just keeps getting bigger. Privacy experts realise the only thing more dangerous than knowing personally identifiable data is personally identifiable data over a long period of time that can be used to detect trends.

With the increasing sophistication and complexity of these portable devices, its also feasible that at some point an exploit could be developed to download these unencrypted location files from the phone, or from iTunes on the desktop where backups of these location databases are stored.

Lets have a par-tay!

Icon from the Tango Desktop Project

The media have had a field day discussing these real problems, but as with the Google Street View issue their desire for sensationalism to sell their papers blinds them to stark realities.

1. These devices are mobile phones that connect to open (or may as well be with the broken encryption in GSM) wireless networks. These devices are constantly broadcasting their location to phone towers to get the best signal. This is nothing new, which is why those who don’t want to be found don’t carry a mobile phone with them in the first place!

2. If a person also has physical access to your device all bets are off with regards to your privacy, and where you’ve been would be the least of your worries. Encryption would go part of the way to solving this though.

3. Nobody has presented evidence that Apple is remotely downloading data from these devices. We are certain however that Google regularly polls this material from Adrnoid devices, presumably to improve the accuracy of Google Maps but we have no way of knowing for sure. Even if Apple was though, why aren’t the likes of the otherwise awesome Senator Al Franken asking for Google to explain things the way he has with Apple, or Microsoft now that we know Windows Mobile Cell Hand Phone Enterprise Corporate Home Edition Service Pack 7 is doing the same thing.

4. As I eluded to above, this isn’t just an issue with Apple but almost every smartphone maker. It was cute that the media hounded Apple for antenna issues when the same signal degradation could be reproduced on dozens of other phones, but singling out Apple again is getting old. I’d expect this from the Enderle Group and Molly Wood, but not the press in general ;).

5. Perhaps the funniest part of all of this: it’s not a new issue. Forensic analyst Alex Levinson wrote about this in a book months beforehand and already dismissed many of the security concerns that the Mr. Warden and Mr. Allan raised in their O’Reilly presentation. If you have time, his two blog posts about the issue are excellent:

Remedies

Icon from the Tango Desktop Project

From where I stand, these would be the four things Apple would need to do to resolve this issue.

  • Making encrypted backups the default in iTunes
  • Encrypting the location database on the devices
  • Limiting their size and scope based on date/time
  • Making them opt-in, or giving us a way to disable it

I’m on the side of Andy Inhatko and John Gruber than Daniel Eran Dilger on this… I love you Daniel, but what in the heck was that last post!? Apple isn’t the super evil overlord empire the tech media is [predictably] painting them to be, but they have made a serious mistake here and as users of their devices we deserve an explanation and action. Android users deserve the same.

I hope, just as the Street View saga helped to expose just how pervasive unsecured WiFi networks are, that this issue helps to raise awareness of just how much data our phones are logging about us, and we get some affirmative action out of it.

UPDATE

GigaOm is reporting that Apple has responded to tracking concerns with a combination of clarification and promises of a future patch to fix flaws. I’m not entirely appeased, but they took a step in the right direction and addressed my four bullet points.

As far as I know, Google has yet to address concerns with tracking Android, or Microsoft with Windows Phone 7, though the mainstream media and most bloggers didn’t bat an eyelid when it was uncovered they have similar tracking databases.