The AppleEye controversy and the need for educating users

Monday, April 25th, 2011 by

Ever since Pete Warden and Alasdair Allan published their discovery in the Where 2.0 conference, the popular press has been abuzz with sensational articles on how iPhones and iPads are recording your location in a secret file. The article itself misstates some key technical details. For one thing, the database is “hidden” because all the internal files in iOS are hidden and only visible in a jail broken phone; the file itself is only accessible to the root user. For users who make unencrypted backups of their iPhones using iTunes, this location data is exposed on their desktops. One hopes that users do not make unencrypted backups of their iPhone contents on a stranger’s desktop. If, on the other hand, an intruder had control over my account, they could access far more private data than just my location history.

Besides, it appears that iPhones are only logging the GPS coordinates of the cell towers and WiFi access points. In densely populated locations, it is easy to triangulate your location using just these cell tower readings. On the other hand, during my trip through Nebraska, my cellphone apparently accessed most of the cell towers in the state even though we just drove through Interstate 80. Also, it turns out that this “discovery” was not new, the purported file was not secret and was well known to the forensics community. Alex Levinson had published the details of this database in a peer reviewed conference and offers an excellent article detailing the technical issues involved.  It turns out that this logging wasn’t restricted to iOS either; Magnus Eriksson showed a similar mechanism used in Android.

However, lost in all these details is a discussion on what information is being collected and its privacy implications. Many mobile applications exploit location information in order to provide more useful service. GPS provides good location accuracy. However, GPS requires a clear view to the sky and is slow. Various schemes such as assisted GPS, WiFi positioning and cell-site triangulation have been used to improve location capture. Both the WiFi positioning and cell-site triangulation require the phone to know something about the cell-sites and WiFi access points that it is sensing in order to calculate its own location.

So, is reporting our current GPS location along with the cell-sites and WiFi access points seen from this location to Apple/Google in order to assist another user who might see some of these same cell-sites an invasion of one’s privacy? As long as I am not being tracked, I do not consider such data collection to assist others as a violation of my privacy. However, educating users and having an informed discussion could help us in the long term. Judging from the hysterical responses about how Apple/Google is tracking us, one hopes that we did not miss this opportunity for a useful dialog. On that count, I wonder why Apple did not (yet) address these concerns in a forceful manner rather than let all the conspiracy theories flourish. Personally, I think that Apple should prune those logs!!

Finally, there is the irony of uploading these private location data to visualize them via Google Earth.

Tags: , . Categories: privacy.
Both comments and pings are currently closed.

Comments are closed.