Apple Updating iOS To Address Privacy Concerns

wiredmikey writes "[Apple] said that over the next few weeks it would release a software update for iOS that would reduce the size of the crowd-sourced Wi-Fi hotspot and cell tower database cached on the iPhone, cease backing up the cache, and delete the cache entirely when Location Services is turned off. Additionally, Apple said that in the next major iOS software release the cache would be encrypted on the iPhone, though a timeline for that was not provided."

hmm..

[amalek]

It's been a long week of high-profile fuck-ups.

nice

[calderra]

Apple: We never did anything wrong, but pardon us while we fix it anyway.

Glad this is over

[gabebear]

I'm an iOS developer and am glad this is finally over. I wasn't worried about the security ascpect; I was tired of getting stupid alarmist questions about it.

Timestamps

[Kuukai]

What about the timestamps? Why does a "crowd-sourced Wi-Fi hotspot and cell tower database" still need timestamps?

Fail

[magamiako1]

So apple's going to encrypt the location cache on a phone that is otherwise locked, where other people generally don't have access to it other than the device itself, and lower the battery to deal with encryption routines all because people are idiots?

Sigh...

Moving on

[mudpup]

Sounds like Apple is taking steps to improve their system and give the paranoid users a easy opt out. Now the question is what are the other phone manufactures doing with their location systems? Especially those who log your data to the cloud?

Re:Fail

[Kuukai]

Wouldn't it take less battery power to write less information? I don't think the original timestamped truckload of information was exactly lean. Saving power doesn't seem like it was a goal...

Re:Bug?

[mangino]

Almost all bugs would be caught by a single testcase if you thought about writing it. Most often the problem is that nobody concerned the scenario and though to write a testcase. While it could be mailicious, it could also be just an accident.

Conclusion:

[Lazareth]

A perfectly sane feature has now been curtailed effectively by public outcry against perceived violation of privacy. While I agree that it is a good thing the stuff now gets encrypted locally (yay, more encryption of sensitive information!) the grand result is nearly nothing. The way this thing worked was by having a cache of locations stored locally and for those who worry about invasion of privacy this turn of events doesn't change anything - if Big Brother wants to know where you are and where you've been, he need do nothing more than to store where you connect from on his side - something he has always been able to do.

Re:Good...?

[SvnLyrBrto]

How do you suppose the phone company knows what cell you're in, so they can route calls to your phone? How do you suppose they get their E911 data?

As long as you have the thing powered on, the phone company know where you are. And if the police want to know, they won't go to your house, hack your computer, and read the log backup. They'll just go to the phone company with a subpoena.

This whole controversy was much ado about nothing. The only thing that was different was that the user had access to the data that "the man" had all along.

Re:Bug?

[fuzzyfuzzyfungus]

I'm guessing the "sending the list of nearby cell towers and wifi APs(in a totally-you-guys-can-trust-us-that's-why-we-didn't-bother-to-tell-you) 'anonymized and encrypted' form back to Apple so that they can build their 'crowdsourced database'" behavior was not just a bug...

Maintaining a local cache of recent location references is a common trick to speed up GPS fixes(even dedicated GPS chips commonly have a sliver of cap-backed RAM for the purpose); but the silently sending those data to Apple bit is pretty dodgy by any stretch.

Re:Including the "obsoleted" phones?

[Phleg]

Out of curiosity: why? When the next version of the iPhone comes out, you can sell your existing one on eBay and buy the new one for a net profit of $50. $150 if you unlock it first.

Re:Bug?

[SvnLyrBrto]

Not necessarily a bug... it could have been a simple oversight. Just look at everything that's in /var/log on a vanilla UNIX/Linux installation. Unless you go in to your configurations and specifically dial things down, there's quite a lot in there that some nefarious party could exploit to get a very good idea of what you're doing on that box.

Re:nice

[jessecurry]

Apple: We didn't see anything wrong with the previous implementation, but it seems that our customers do. We'll take steps to make sure that our implementation is in-line with what our customers desire.

Encrypted On The iPhone...

[Anonymous Coward]

"Apple said that in the next major iOS software release the cache would be encrypted on the iPhone...."

Encrypted by Apple, so only Apple can only view & use it...!

Re:Glad this is over

[geekoid]

Alarmist? no, not really.

Look around the world. In a lot of areas, people are rising up against oppressive governments. In these situation, people are being found by the government based on cell phone location. Imagine what happens when a 'dissenter' gets caught and his phones also has the location of where he has been?
That isn't some hypothetical, it stuff that is actually happening. Right now. It may not be happening where you live, but the world is bigger then you.

So, no not alarmist, reasonable.

Re:Glad this is over

[Anonymous Coward]

Um, are you one of those people rising up against oppressive governments? How about the people bringing a class action lawsuit? How about the many blogs screaming about it? No?

Can this data be used in real-time? No. Can it locate you precisely? No. Can an oppressive government that controls the local cell company locate ANY cellphone with greater accuracy and in real time? Yes.

Hmmm... I think "alarmist" is an accurate description.

Re:Good...?

[gutnor]

Yes because the only people who would be interested in this data are those that already posses a legal method of obtaining it...

If you are worried about those that do not posses legal method to access that data - you should really encrypt your data. The log can only be accessed from you home computer or you mobile phone directly (after hacking it) - if somebody you don't like has unrestricted/uncontrolled access to any of those, there is a lot more stuff you need to be worried about.

There is of course the Private Investigator case hired by your wife that could be borderline possible. In real life, that would be far easier for the PI to stick a GPS tracker under your car and that would give him more precise, more discreet data collection service.

Re:Bug?

[Anonymous Coward]

Not if the bug is in the requirements. You can't test for something if there is no requirement for it. One of the biggest failures of how agile/XP methodologies are implemented, they skimp on the requirements documentation.

Why the iTunes sync?

[Posting=!Working]

My favorite answer:

Why is my iPhone logging my location?
The iPhone is not logging your location.

No, they're just logging the location of things you go near and the time you passed by them. This is not a location the same way that "314 Evergreen Street, Pigsknuckle, Arkansas at 2:31:14am on April 17, 2011" is not a location because it doesn't specify if you're inside or outside the house.

And then, two sentences later...

iPhone can reduce this time to just a few seconds by using Wi-Fi hotspot and cell tower data to quickly find GPS satellites, and even triangulate its location using just Wi-Fi hotspot and cell tower data when GPS is not available (such as indoors or in basements).

So they're not tracking your location, just the data needed to triangulate your location. Just like the GPS doesn't track your location, since it also only gives the data needed to triangulate your location.

The location data that researchers are seeing on the iPhone is not the past or present location of the iPhone, but rather the locations of Wi-Fi hotspots and cell towers surrounding the iPhoneâ(TM)s location

The data from the GPS is not the location of the receiver, but rather the locations of the satellites surrounding the receiver's location.

Can Apple locate me based on my geo-tagged Wi-Fi hotspot and cell tower data?
No. This data is sent to Apple in an anonymous and encrypted form. Apple cannot identify the source of this data.

Using the preceding logic, it probably only contains your iTunes logon, phone number, SSN, DOB and profile information. But since it doesn't contain your name, they can't identify the source of this data. Also, I would guess that they replace all spaces with an underline, rendering it unreadable and thus encrypted.

Re:Good...?

[Patch86]

Leave the police and the courts out of the equation for a moment (as we have to assume, these days, that the state is omnipotent in any case).

This whole controversy sprung up because some well-meaning developer released an app that could access the data. By extension, we could assume that all iOS developers- including malware developers- could work a similar trick, to less innocent ends. Malware/adware/spyware developers couldn't subpoena your details from your provider; this is the only method by which they could access this sort of data.

As such, you can look at it as a pretty big security hole that needn't exist.

Re:Reading Comprehension Check

[moronoxyd]

Ah, so if I took pictures from all the houses around your house and send them somewhere without telling them that the pictures were taken from your house, that's no problem?

When I take your bank statement and remove the bits referencing your name and address, I can send that statement wherever I want because it's not your data anymore?

Good to know...

Re:Known Issue Though

[Anonymous Coward]

This log file has been a known issue for at least 6 months. I'll give Apple credit and say that never purging the contents of the file is a bug, but they have know about the problem and did nothing to correct it.

They probably did nothing about it because it didn't seem like a big deal to them. You want an example of a security issue which has real world impact on tens of thousands of users? Insert latest credit card database theft news here. There seems to be at least one every few months, I think the latest was Sony.

By contrast, a phone which logs the locations of cell towers that it's been near causes next to no real harm to its users. The uproar has been essentially emotional: "ZOMG I'm being TRACKED!!!!", even though the information stays on your phone (and computer, if backed up) and isn't terribly useful to anybody likely to get hold of it. Maybe law enforcement might want to use it to pinpoint where you were if they suspect you of a crime, but they're going to have problems using it due to the nature of what's stored: it merely locates cell towers you were near, not where you actually were, and as soon as you return to a location near the tower they're interested in, the information they need (the timestamp of when the phone last asked for an update about the position of that tower) is destroyed.

Also, it's hard to make a case that LEOs lucking into a way of finding some information about the whereabouts of suspects greatly harms society as a whole. Yes, there's a privacy argument to be made, but what I'm getting at is that on the whole, leaks of CC databases cause real harm to innocents, while this problem almost certainly did not.

In short, assuming Apple had a Radar bug filed, it was probably treated as a low priority since they had no idea that it would become the subject of a media feeding frenzy and inflated into an issue of vastly more importance than it really is.