Apple Updating iOS To Address Privacy Concerns 318
wiredmikey writes "[Apple] said that over the next few weeks it would release a software update for iOS that would reduce the size of the crowd-sourced Wi-Fi hotspot and cell tower database cached on the iPhone, cease backing up the cache, and delete the cache entirely when Location Services is turned off. Additionally, Apple said that in the next major iOS software release the cache would be encrypted on the iPhone, though a timeline for that was not provided."
direct link (Score:5, Informative)
Why not use the direct link [apple.com] as nothing was added and some was cut?
Re:direct link (Score:5, Informative)
Just a wild, unscientific guess, but I'd say it's because linking to Apple's press release directly means that SecurityWeek doesn't get ad impressions from the slashdotting. The link goes to a SecurityWeek Article by Mike Lennon; TFS submitted by "wiredmikey," whose profile identifies him as "SecurityWeek Editor", and links to SecurityWeek.
Connecting the dots is left as an exercise for the reader.
damn, i liked this feature (Score:2, Informative)
it's the reason why my wifi only ipad knows exactly where it is just by the wifi access point it's connected to and nearby wifi access points. i thought it was very nice when i opened up the weather channel app for the first time on it and it knew where i was without me putting in a zip code. and it does this whenever i take it with me
Re:Bug? (Score:2, Informative)
Pay attention now, that's a different set of data. On one hand we have the "consolidated.db" file which Apple now has stated is a sub-set of the full database of network access points they have. On the other hand we have data of new network access points (or updated data of old ones) that is collected by the phone and sent anonymously to Apple.
Why would Apple send themselves a file that they sent you in the first place?
Moreover, they are not sending this data back silently. A year ago they explained in detail which data the phone sends, under what circumstances it sends it, and how to stop it from sending it. Notice that updating the local "consolidated.db" file when Locations Services was off is identified as a bug, while sending collected data anonymously is in fact disabled when you turn off Locations Services.
-dZ.
Re:Bug? (Score:3, Informative)
The oversight wasn't that they were collecting. The oversight was that the phone didn't erase the file when the user turned off Location Services, which Apple admitted and said they intend to correct.
Re:Bug? (Score:5, Informative)
I don't know that I agree with this. I've worked building software for more than 15 years and I can tell you that the likelihood of somebody accurately capturing something like this in a requirements document is very close to zero. After all, this isn't a feature we're talking about, it's an implementation detail of a performance optimization. The requirement would likely be something like
"Must be able to detect a location within 0.2s if wifi is active or can locate at least 3 cell tower ids"
the rest is how the programmer chose to make it work. If you are creating requirements to the level of detail needed to fully specify purge behavior of a cache database, you're never going to finish your requirements document.
Reading Comprehension Check (Score:4, Informative)
No one? Apple says that they do is items # 3,4,5,8. 5.
From TFA:
Can Apple locate me based on my geo-tagged Wi-Fi hotspot and cell tower data?
No. This data is sent to Apple in an anonymous and encrypted form. Apple cannot identify the source of this data.
Hi there. reality calling. If they can't tell it's from you, it's not YOUR DATA they are sending.
Bloody tinfoil-hat Apple Haters...
Re:Why the iTunes sync? (Score:4, Informative)
Okay, some people are slow.
"their own explanation describes that they're storing all the data needed to get your location except the final calculation"
As long as that "final calculation" includes fetching additional information. Maybe you're weak on the concept, but triangulation works like this: take three known points and for each of them measure the distance to an unknown point. That distance measurement allows a circle to be drawn around each known point. The unknown point lies at an intersection of the three circles. Due to limitations in accuracy, this intersection is going to be larger than a point -- and may in fact cover a sizeable region.
Here's the thing: the cache only included the crowd-sourced information, that is the locations for the known points. The "final calculation" involves collecting *additional* data, the distance from those three known points. So, no, the cache does *not* have all the data needed. It is missing the distance calculations. Which only makes sense because it changes constantly -- and is supported by what the third party individuals who have looked into it have found. No need to trust Apple.
"Which is exactly what the researchers did."
Really! Amazing, can you point a link to that because I've read what the researchers (original and others) have said and that is *not* what they did. The application that was written does not magically triangulate past locations (how could it, without distance data), it just displays the locations of towers and hot spots. That you may or may not have been near to at the logged time. Apple says up to 100 miles. Someone who checked his database found even larger discrepancies.
"Michigan's recent purchase of equipment to download all your cell phone's data during traffic stops"
Okay, you read the headlines and never the article. The "purchase" was not recent, the fact that they buy the forensic devices just got brought up again. It isn't a recent phenomena at all and should come as a surprise to no one. (The ACLU's interest isn't that they were purchased, but what and how they are being used for.) Further, "download all your cell phone's data during traffic stops" -- there is no reasonable belief that this is happening, but if it /is/ happening they won't get "all" of *my* cell phone's data. Okay, let's assume for a minute that it was routine to hand over my cell phone at a traffic stop and that they imaged it. All that they get for their trouble is SIM data (problematic) and an encrypted blob. Why? Because my cell phone runs iOS 4 and I have set a password. But don't take my word for it, google iphone forensics, pay attention to iOS4 and read more than the front page or a quick marketing blurb. Or, even better, learn how to image an iPhone and demonstrate to yourself the difference.
Now, I do wish all the data were encrypted, but it isn't (and isn't on any phone I know of) -- but they won't get my email, SMS messages, notes, voice recordings, etc. There is no evidence that cache data is on the unencrypted data store of an otherwise encrypted iPhone.
Lesson 1: if you wish to do *something* to protect sensitive data on an iPhone -- which for most people is much more than geolocation data, and more serious -- then get it to iOS4 and set a passcode, or even better use a password (iOS4 allows that). And set it to wipe after 10 failed attempts. Wish I could set it to 3 (or fewer, even).
Lesson 2: it helps to know what the heck it is you are talking about.
Re:Why the iTunes sync? (Score:4, Informative)
Your characterization is way off.
So they're not tracking your location, just the data needed to triangulate your location. Just like the GPS doesn't track your location, since it also only gives the data needed to triangulate your location.
Incorrect; what they are doing is using the known location of one cell tower, WiFi hotspot, or GPS to make a wild guess as to your current location, then going to Apple's servers and downloading a chunk of data that contains all the known cell towers and WiFi points anywhere within up to 100 miles of the WiFi hotspot/cell tower the device originally saw a signal from. This info is written to the cache.
*IF* an application requests location services, it uses this database to quickly triangulate an approximate current position to help it get a GPS lock extremely quickly (Go read up on GPS - if you have a half-way decent idea of where you are, it makes acquiring a more exact fix much faster - somewhat like turning your TomTom off then back on immediately vs turning it off, flying across the country, then turning it back on... in the latter case it will take a lot longer to get a location). If there is no GPS signal, it can at least give an approximate location to the application that requested it. Location services on iOS allow the app to specify the desired level of accuracy as well as receive the instantaneous accuracy level. If the app only wants to know what zip code you are in the device might not even need to bother turning GPS on - the cache might be enough to get that information.
In any case, all the database tells you is that of the entire list of cell towers and WiFi hotspots in the database for a given time period, you were near *one* of them somewhere vaguely around that time.
No, they're just logging the location of things you go near and the time you passed by them. This is not a location the same way that "314 Evergreen Street, Pigsknuckle, Arkansas at 2:31:14am on April 17, 2011" is not a location because it doesn't specify if you're inside or outside the house.
More like that address just means you were in the city of Pugsknuckle sometime on April 17; you might have been at 314 Evergreen, maybe 325 Evergreen... maybe across town at another address entirely. Maybe you just drove through town on your way to Texas. There is literally no way to know because the chunk of cache you get back can cover a wide area and depends on what the server decides to send you. Two people at the same location at the same time might get different lists back from the server that cover a different geographical area.
Short version: This is no different then looking at a laptop's recently seen WiFi access point list and trying to claim the laptop is tracking you. All it means is that you were within some distance X (depending on conditions) of that access point sometime in the past.