Apple Programming Error Raises Privacy Concerns
by George Lawton
A mysterious location database file was on found on the iPhone 4, raising privacy concerns and geek curiosity. At the Where 2.0 Conference last April, Alisdair Allan, senior research fellow at the University of Exeter, and Pete Warden, founder of Data Science Toolkit, reported finding a mysterious unencrypted database file going by the name "consolidated.db" with almost a year's worth of location data. The file was being stored on both iPhone and iPad2 devices.
"The thing that startled me was that this survived through multiple devices," Allan said. It was also backed up unencrypted on the Mac.
Triangulation
Apple said this particular file actually represents data transmitted from Apple to the iPhone relating to cell towers and Wi-Fi hotspots within 100 miles of the phone’s location. It’s used to improve the location-resolution process by using radio data the phone receives.
With GPS alone, an iPhone can take more than a minute to resolve a new location. Using the local Wi-Fi/cell-tower location cache, along with observations about nearby signal strength, the iPhone triangulate its location faster than it can with GPS alone. In some cases, such as inside a building, these other techniques can resolve a location without any GPS assistance.
An Apple update reduced the consolidated.db file size to seven days of data and lets users delete it entirely by turning location services off. The next major iOS operating system upgrade will also encrypt the file on the phone.
The Google Android phone, which uses a similar approach to improve location services, had already implemented the privacy measures that Apple recently made.
The use of mobile devices for gathering and utilizing shared location data represents a relatively new frontier in efforts to automate crowdsourcing. Many online efforts have sprung up to let the masses participate in the search for extraterrestrial life (SETI@home), track earthquakes (Quake-Catcher), or solve problems (Mechanical Turk).
Using cell phones as sensors to automatically gather data about cell networks can lead to better planning and network designs. Apple has announced plans to use similar techniques for automatically and anonymously gathering location data for an upcoming traffic application. However, automatically gathering data raises privacy concerns, even when efforts are made to anonymize the data. This recent programming error has shown that data leaks can show up in the most obscure places.
Privacy by Design
"In Apple's, case, their particular goal of helping users get location faster made sense, but could still create a privacy issue," said Justin Brookman, director of the Center for Democracy and Technology’s Project on Consumer Privacy.
He said the fundamental issue is that organizations need to practice "privacy by design." This requires managers and engineers to think privacy implications through at design time, before they create more costly problems in the future.
In some cases, individuals opt for extended tracking from any application service provider to benefit from more features, such as Foursquare for social sharing. Location Labs works with cell-phone companies to aggregate access to location data from over 300 million phones in North America. Using this service, independent software developers can create applications for families or offices that use ordinary cell phones from different cell-phone providers with no installed software. More sophisticated applications can prevent kids from driving and texting.
The Skyhook Core Engine lets developers add location-tagging features to their applications. Skyhook mines about 300 million location requests per day to predict the density of people in predefined block-by-block areas. Developers can use this anonymous data in location-aware programming frameworks that work across multiple PC and smartphone operating systems.
In other cases, people can inadvertently publish personal data without realizing it. For example, smartphones can automatically record the location where a picture was taken, without the owner realizing it. "A photo-processing application might access the raw data and then spread it in ways you might not expect," Brookman said.
The Value of Anonymity
The concern is that if a big company like Apple can accidentally share your data, what about these smaller companies? And what about a company like a bar locater that might sell your location data to any advertiser that wants to pay? Or a company that might use the data to charge people different prices based on where they've gone. At the moment, there is no legal framework for sharing location information.
"There is a value, a right to anonymity," said Brookman. "I can do things without someone looking over my shoulder and telling me what to do. If I feel a lot of companies are watching me, I might behave differently than if I had true anonymity."
On the flip side, Allan just wants to use the data to learn more. He said he might not upgrade his iPhone OS, if he lost the ability to get a consolidated location file so easily.
To download the application Pete Warden wrote to visualize cell-tower location data, see http://petewarden.github.com/iPhoneTracker.
George Lawton is a freelance technology write based in Guerneville, CA. You can reach him at glawton@glawton.com.
