With mounting concerns regarding the privacy of mobile data, two researchers from the United Kingdom stumbled upon a potentially-scary cache of coordinates in the backup archives of their iOS devices earlier this week. Shortly thereafter, many began to look for a similar data collection system in Google’s Android operating system, which was also evident in backup archives. In the few days that have passed between these discoveries and now, misinformation and accusations have dominated the blogosphere, muddling whatever useless information there is regarding the collection of geolocation information. After taking a step back and observing the situation, let’s dive in and distinguish fact from fiction.
Apple’s Location Logs
As previously mentioned, two British researchers uncovered evidence that Apple has been caching coordinates in the backup archives of phones around the world. Since this “discovery” earlier this week, many have accused the duo of plagiarizing information from a previously published book on the topic of secret geolocation caching. Regardless of who found the information originally, Alasdair Allan and Pete Warden of O’Reilly Media provided the most intuitive way to view the content.
Releasing an open-source application that displays hidden files, the coordinates are decrypted quickly and provide one with an intuitive map, like the one that appears below. For simplicity’s sake, we won’t bother you with the boring details regarding how to view the points without opening the program, but rest assured that it gives the best visual diagram of locations over time.
Above, I have posted the map of my movements. I do this, only because they are so varied that it is relatively pointless for anybody to try to gain information regarding my whereabouts considering the fact there are over one hundred points on the map. I recently took a trip to Florida by car, meaning that I was sticking to the highway for some time. What becomes extremely evident is the inaccurate nature of Apple’s data points. It is obvious that my iPhone was pinging off of cell towers, which triangulate a source signal, as opposed to utilizing the iPhone 4′s GPS.
What has Apple been doing with this information? As of now, it is not clear if the information is even being transferred off of devices at all. If Apple is taking information, they are legally allowed to do so. In a statement to concerned members of the House of Representatives, Apple reaffirmed its legal right to possess anonymous information to better represent its audience to advertising agencies.
We may collect information such as occupation, language, zip code, area code, unique device identifier, location, and the time zone where an Apple product is used so that we can better understand customer behavior and improve our products, services, and advertising.
They later went on to specifically address the issue of location-based services later in the letter:
To provide location-based services on Apple products, Apple and our partners and licensees may collect, use, and share precise location data, including the real-time geographic location of your Apple computer or device. This location data is collected anonymously in a form that does not personally identify you and is used by Apple and our partners and licensees to provide and improve location-based products and services. For example, we may share geographic location with application providers when you opt in to their location services.
It is unclear as to whether or not Apple will address the situation any time in the near future, but as of now it appears as if the company will continue to collect the information of users without any express consent.
Google’s Coordinate Cache
After the two British researchers exposed iOS’ secret tracking log to the public, Magnus Erikkson decided to look for a similar issue in Google’s Android operating system. While difficult for average users to uncover, any experienced forensic scientist can easily uncover the hidden coordinates.
Like iOS, the Android exploit is only accessible by root. The vast majority of Android devices are never connected to a computer, which means that many of the security features of the smartphones must be completely disabled and the information must be directly extracted from the device’s archives.
Google’s location gathering activities and Apple’s secret caching are very different. Google only records the fifty latest coordinates and up to two hundred Wi-Fi hotspot locations. Apple, however, records every move that users make.
Completely denying all claims of hidden location caching, a Google representative reached out to Ars Technica and stated that all location services are permitted by users.
All location sharing on Android is opt-in by the user. We provide users with notice and control over the collection, sharing and use of location in order to provide a better mobile experience on Android devices
He went on to explain that the device identifier given to third-party developers is in no way associated with the manufacturer’s unique identifier and that all information is given at random.
Any location data that is sent back to Google location servers is anonymized and is not tied or traceable to a specific user.
In the past, there have been numerous studies that have indicated that anonymized data can ultimately be traced back to a specific user with surprising accuracy. With the large pool of Android users utilizing location services, however, it is unlikely that both Google and its third-party developers would spend the time and money necessary to do so.
What You Can Do About It
For iOS devices, there is a simple solution to Apple’s secret location caching. GeekSugar brought forth the solution of encrypting your smartphone or tablet’s backup archives, a step that will make your location only accessible by password. This can be done simply through iTunes.
At this time, there is no easy way to do the same for Android devices for lack of an intuitive computer platform to encrypt data. This should not be a cause for concern as programmers are sure to find a way to block Google’s ability to anonymously collect coordinates from its users.
Should You Care?
To echo Emily’s sentiments from earlier this week, there is no reason that any smartphone user should be alarmed by secret location caching. The likelihood that a thief would attempt to lift location data off somebody’s device is slim. In fact, if somebody wanted to figure out where you’ve been, it would be easy enough to do so through Foursquare or Twitter.
To address some of the hypothetical situations that many have posed in the comments of that article, neither Apple nor Google have been tracking users accurately enough that it is a overt breach of security. All of the tracking is done by cell tower triangulation as opposed to GPS. It is not like Apple or Google predict where you will be going in the future.
But that is just one person’s opinion and the blogosphere has been polarized by this topic. What do you believe? Can Apple and Google collect anonymous data from users without any written consent? Do you care if they are looking into where you’ve been? Sound off in the comments below.