iPhone keeps record of everywhere you go
Privacy fears raised as researchers reveal file on iPhone that stores location coordinates and timestamps of owner's movements
Security researchers have discovered that Apple's iPhone keeps track of where you go – and saves every detail of it to a secret file on the device which is then copied to the owner's computer when the two are synchronised. The file contains the latitude and longitude of the phone's recorded coordinates along with a timestamp, meaning that anyone who stole the phone or the computer could discover details about the owner's movements using a simple program. For some phones, there could be almost a year's worth of data stored, as the recording of data seems to have started with Apple's iOS 4 update to the phone's operating system, released in June 2010. "Apple has made it possible for almost anybody – a jealous spouse, a private detective – with access to your phone or computer to get detailed information about where you've been," said Pete Warden, one of the researchers. Only the iPhone records the user's location in this way, say Warden and Alasdair Allan, the data scientists who discovered the file and are presenting their findings at the Where 2.0 conference in San Francisco on Wednesday. "Alasdair has looked for similar tracking code in [Google's] Android phones and couldn't find any," said Warden. "We haven't come across any instances of other phone manufacturers doing this." Simon Davies, director of the pressure group Privacy International, said: "This is a worrying discovery. Location is one of the most sensitive elements in anyone's life – just think where people go in the evening. The existence of that data creates a real threat to privacy. The absence of notice to users or any control option can only stem from an ignorance about privacy at the design stage." Warden and Allan point out that the file is moved onto new devices when an old one is replaced: "Apple might have new features in mind that require a history of your location, but that's our specualtion. The fact that [the file] is transferred across [to a new iPhone or iPad] when you migrate is evidence that the data-gathering isn't accidental." But they said it does not seem to be transmitted to Apple itself. Although mobile networks already record phones' locations, it is only available to the police and other recognised organisations following a court order under the Regulation of Investigatory Power Act. Standard phones do not record location data. MPs in 2009 criticised the search engine giant Google for its "Latitude" system, which allowed people to enable their mobile to give out details of their location to trusted contacts. At the time MPs said that Latitude "could substantially endanger user privacy", but Google pointed out that users had to specifically choose to make their data available. The iPhone system, by contrast, appears to record the data whether or not the user agrees. Apple declined to comment on why the file is created or whether it can be disabled. Warden and Allan have set up a web page which answers questions about the file, and created a simple downloadable application to let Apple users check for themselves what location data the phone is retaining. The Guardian has confirmed that 3G-enabled devices including the iPad also retain the data and copy it to the owner's computer. If someone were to steal an iPhone and "jailbreak" it, giving them direct access to the files it contains, they could extract the location database directly. Alternatively, anyone with direct access to a user's computer could run the application and see a visualisation of their movements. Encrypting data on the computer is one way to protect against it, though that still leaves the file on the phone. Graham Cluley, senior technology consultant at the security company Sophos, said: "If the data isn't required for anything, then it shouldn't store the location. And it doesn't need to keep an archive on your machine of where you've been." He suggested that Apple might be hoping that it would yield data for future mobile advertising targeted by location, although he added: "I tend to subscribe to cockup rather than conspiracy on things like this – I don't think Apple is really trying to monitor where users are."
The location file came to light when Warden and Allan were looking for a source of mobile data. "We'd been discussing doing a visualisation of mobile data, and while Alasdair was researching into what was available, he discovered this file. At first we weren't sure how much data was there, but after we dug further and visualised the extracted data, it became clear that there was a scary amount of detail on our movements," Warden said. They have blogged about their discovery at O'Reilly's Radar site, noting that "why this data is stored and how Apple intends to use it — or not — are important questions that need to be explored." The pair of data scientists have collaborated on a number of data visualisations, including a map of radiation levels in Japan for The Guardian. They are developing a Data Science Toolkit for dealing with location data. Davies said that the discovery of the file indicated that Apple had failed to take users' privacy seriously. Apple can legitimately claim that it has permission to collect the data: near the end of the 15,200-word terms and conditions for its iTunes program, used to synchronise with iPhones, iPods and iPads, is an 86-word paragraph about "location-based services". It says that "Apple and our partners and licensees may collect, use, and share precise location data, including the real-time geographic location of your Apple computer or device. This location data is collected anonymously in a form that does not personally identify you and is used by Apple and our partners and licensees to provide and improve location-based products and services. For example, we may share geographic location with application providers when you opt in to their location services."
Privacy invasions via technology
April 2011: iPhone location British researchers on Wednesday revealed that iPhones (and 3G-enabled iPads) keep track of where you go, including timestamps, on a file that is backed up on your computer and shifted onto any new iPhone or iPad you get. Apple hasn't said why the file is created or whether the tracking can be prevented. October 2010: US Transportation Security Agency's X-ray scanners The "porno scanners" (as they quickly became known) offered a clothes-free vision of people passing through the backscatter machines (whose level of X-ray exposure was also questioned). People who objected to going through those were obliged to go through remarkably intimate examinations – none of which endeared the TSA to air travellers. April 2010: Google captures Wi-Fi data In a series of increasingly embarrassed blogposts over the course of April, May and June, Google admitted that while its cars were driving around to capture its (already slightly controversial) Street View pictures of locations around the world, it had also captured Wi-Fi network names – and data from the open ones, potentially including passwords and usernames. The dispute over whether Google should delete the data, and whether it had broken the law in various countries, rumbled on for months. December 2009: Eric Schmidt In a speech, Google's then-chief executive Eric Schmidt suggested that: "If you have something that you don't want anyone to know, maybe you shouldn't be doing it in the first place. If you really need that kind of privacy, the reality is that search engines – including Google – do retain this information for some time and it's important, for example, that we are all subject in the United States to the Patriot Act and it is possible that all that information could be made available to the authorities." His words provoked an outcry from privacy rights campaigners, who pointed out that privacy is a right, and that it protects every citizen from abuses by those in power.
|
English.news.cn 2011-04-25 12:26:53 |
SAN FRANCISCO, April 24 (Xinhua) -- Apple Inc's iPhone is collecting and storing user's location data even when location services are turned off, the Wall Street Journal reported on Sunday after analyzing data and documents.
According to a test conducted by the newspaper, the location data appear to be collected using cellphone towers and Wi-Fi access points near a user's phone and don't appear to be transmitted back to Apple, said the report.
It noted that the new finding is likely to renew questions about how well users are informed about the data being gathered by their cellphones.
In the Journal's test on an iPhone4, analysts first turned off the location services and recorded the data that had initially been gathered by the phone, and then carried the phone to new locations and observed the data. "Over the span of several hours as the phone was moved, it continued to collect location data from new places," said the report.
The data included coordinates and time stamps; however, the coordinated were not from the exact locations that the phone traveled, and some of them were several miles away, it added.
On Friday, the Wall Street Journal reported its security analysts had found that Apple's iPhone and smartphones running Google's Android operating system regularly transmit users' locations back to the two companies respectively, which is part of their race to build databases capable of pinpointing people's locations via smartphones.
Worries on the iPhone tracking issue surfaced on Wednesday after two British researchers announced at a technology conference in California that iPhone has been collecting users' location information and storing the data for extended periods of time.
The researchers said starting on June 21 2010, after the release of iOS 4 mobile operating system, iPhones began logging and storing location information in a file, which shows the users' latitude and longitude and is timestamped to the second. They noted the information is not encrypted on the phone or on the iPhone backups made by iTunes and the file is also persistent, transferring itself to a new iOS device when the old one is replaced.
They added they had no evidence that the file was being transmitted to Apple.
On Thursday, U.S. congressman Edward Markey reacted angrily to the news in a letter to Apple CEO Steve Jobs, asking Jobs to make a response within 15 business days or no later than May 12.
On Saturday, Markey called for a congressional investigation into the privacy practices of Apple and Google. In a statement, he made clear that he thinks the data collection is potentially dangerous, saying predators could have hacked into an iPhone or Android to find out children' s location information.
Apple has made no comment on the issue so far, but a letter it sent to U.S. Congress last July came under spotlight. In the letter, Apple said it collects Wi-Fi and GPS information when the phone is searching for a cellular connection and gathers the data to help build a "database with known location information." It said the data it receives is anonymous and users can turn it off by disabling location services.
No comments:
Post a Comment