Support NeoGAF

[numble]

From Gruber himself (he's been scrambling around looking for different angles to explain this away), sandwiching the post you linked to:


and

Some jailbreak exploits, which are much more widely known in the world, also take months for Apple to patch. Wasn't greenp0ison available for about 6 months for iOS 4? Why are only 4.0 GSM devices doing this, but not CDMA iPhones/iPads?

If he is "scrambling to explain away" the issue, what is the clear reason that Apple has been doing this?

 

[nVidiot_Whore]

Why are you people giving someone physical access to your phone and/or PC?

Why would anyone with major privacy concerns walk around with a "smart phone" in the first place?

That reminds me of this:

Cops Use Cell Phone Rippers?

I agree that Apple should make this something to opt in.. but as long as the general public knows this functionality exists.. I don't see any "wrongdoing" on their part aside from offering a device that people may not want because of this "feature" of the software.

Stop giving all your info away to everyone.. stop walking around with min-computers that track your every movement and store every detail of your personal life...

 

[Blackhead]

I do love your projection of his dastardly intentions.

from his very post that numble linked to:



what do you expect him to publish, exactly? fear mongering articles supposing that Apple is using this to track all its users? or to ignore this problem entirely because it's a security black eye for Apple?

I'm not projecting anything, I quoted different reasons he's tried to explain it with and Gruber himself wrote:

but my little-birdie-informed understanding is that

implying obviously that he's been asking around Apple about this. Yesterday Gruber only linked to the story about the tool not the security implications (which he described as sensationalized) *shrug* The chronology of his actions and thought process can be seen from the patterns of his posting

 

[Riddick]

Why are you people giving someone physical access to your phone and/or PC?

Why would anyone with major privacy concerns walk around with a "smart phone" in the first place?

That reminds me of this:

Cops Use Cell Phone Rippers?

I agree that Apple should make this something to opt in.. but as long as the general public knows this functionality exists.. I don't see any "wrongdoing" on their part aside from offering a device that people may not want because of this "feature" of the software.

Stop giving all your info away to everyone.. stop walking around with min-computers that track your every movement and store every detail of your personal life...

I like how people are trying to present this as a feature instead of the gross invasion of privacy that it actually is.

 

[SimleuqiR]

Untrackerd Wipes Location Tracking File on Jailbroken iPhones

 

[kehs]

Why are you people giving someone physical access to your phone and/or PC?

Why would anyone with major privacy concerns walk around with a "smart phone" in the first place?

That reminds me of this:

Cops Use Cell Phone Rippers?

I agree that Apple should make this something to opt in.. but as long as the general public knows this functionality exists.. I don't see any "wrongdoing" on their part aside from offering a device that people may not want because of this "feature" of the software.

Stop giving all your info away to everyone.. stop walking around with min-computers that track your every movement and store every detail of your personal life...

yes lets not have choices on what we do

dur dur dur

 

[nVidiot_Whore]

I like how people are trying to present this as a feature instead of the gross invasion of privacy that it actually is.

An invasion of privacy would be for someone to take this data from you. Just like they could take your e-mails or your text messages or your photos if you have them access to your PC or your phone.

My point is that if the iPhone does this.. it is your CHOICE to buy it or not.. your CHOICE to walk around with it or not.. your CHOICE to leave your GPS on or off.

People go buy a GPS, put it in their pocket.. walk around with it.. it's essentially a tracking device, that you opted to carry with you. If that is something that creeps you out, then as a consumer you should do your best to either avoid such devices, or ensure the device you carry around isn't doing something you disprove of.

If that's how the general public feels, and this news is widely known.. then it is their choice to continue to be a customer of Apple's.. complain to Apple and request the software be changed, etc.

I'm not saying this is a good practice.. I'm not saying all GPS devices should do this by default, etc.. I'm saying people don't take enough of a pro-active approach to thinking about their personal data.. instead they just freak out any time someone points out to them how easy it is for someone else to obtain all of this personal data.

I'm sorry, but my GPS data would be the LEAST of my concerns if I lost my phone.. the photos.. the e-mails.. my browsing history.. my call logs, etc. are far more important to me. And it's MY CHOICE to enable someone to so easily take this information.. and it's up to me to secure it. Ensure I keep track of my phone, lock my personal computers down, change passwords often, etc.

This is a total non-issue for me. If it was? I'd simply turn my GPS off. I don't even use it anyways.. would save me a little battery life.. or?

I'd go get a different phone.

yes lets not have choices on what we do

dur dur dur

That's right.. I forgot about the law that requires you buy an iPhone and carry it around you at all times with the GPS enabled.. you are also required by law to keep the battery charged.. they have checkpoints set up on highways to make sure everyone is carrying their phone with them.. as soon as your battery dies or the phone is turned off an electronic monitoring station is alerted, and you are given 30 minutes to get your phone turned back on or go to the nearest Apple store to replace your phone before law enforcement is dispatched to your location.

edit: Turns out I was wrong!! It is in fact optional to own an iPhone in the US.. and Apple discloses all of this in their privacy policy!

http://www.apple.com/privacy/

PHEW!!

False alarm right guys?

 

[AstroLad]

gruber?

 

[Wes]

Android phones record user-locations according to research

Smartphones running Google's Android software collect data about the user's movements in almost exactly the same way as the iPhone, according to an examination of files they contain. The discovery, made by a Swedish researcher, comes as the Democratic senator Al Franken has written to Apple's chief executive Steve Jobs demanding to know why iPhones keep a secret file recording the location of their users as they move around, as the Guardian revealed this week. Magnus Eriksson, a Swedish programmer, has shown that Android phones – now the bestselling smartphones – do the same, though for a shorter period. According to files discovered by Android devices keep a record of the locations and unique IDs of the last 50 mobile masts that it has communicated with, and the last 200 Wi-Fi networks that it has "seen". These are overwritten, oldest first, when the relevant list is full. It is not yet known whether the lists are sent to Google. That differs from Apple, where the data is stored for up to a year.

In addition, the file is not easily accessible to users: it requires some computer skills to extract the data. By contrast, the Apple file is easily extracted directly from the computer or phone.

More at the link, including follow up on the original iPhone story.

 

[kehs]

can i respond or are you still working on finalizing your post?

 

[nVidiot_Whore]

gruber?

Haha.. no.

For the record: I'm an iPhone owner.

I read about this.. turned my location services off.

Now the once or twice a year I actually use that feature, a message pops up, says "You need to enable location services" or whatnot.. gives me the option to go right to the settings screen... then I do what I need to do.. and just have to remember to turn it off.

File this under "minor pain in the ass".. not that I really care THAT MUCH about the GPS data..

Hell.. I'll enable the feature and publish my .db file online or something.. really.. who gives a shit? I completely understand privacy concerns.. but I also wonder what people think this data is going to be used for.. as if anyone really cares about where they've been.

 

[nVidiot_Whore]

can i respond or are you still working on finalizing your post?

Go for it.. and I'll be more constructive and less of an ass.

Was in a terrible mood earlier.. I just wanted to destroy something beautiful.

 

[gcubed]

Android phones record user-locations according to research



More at the link, including follow up on the original iPhone story.

So in other words not the same thing at all... good to know

 

[kehs]

ill give it another three hours maybe youll find another link

 

[nVidiot_Whore]

Yeah that's not even close, lol.

 

[nVidiot_Whore]

ill give it another three hours maybe youll find another link

Dude.. I made 1 edit as a joke after finding the privacy link.. lighten up Copernicus.. we've accepted your view of a heliocentric universe for centuries now.

 

[giga]

Best overview I've found regarding the issue: https://alexlevinson.wordpress.com/...es-with-the-latest-iphone-tracking-discovery/

1) Apple is not collecting this data.

Apple is not harvesting this data from your device. This is data on the device that you as the customer purchased and unless they can show concrete evidence supporting this claim – network traffic analysis of connections to Apple servers – I rebut this claim in full. Through my research in this field and all traffic analysis I have performed, not once have I seen this data traverse a network. As rich of data as this might be, it’s actually illegal under California state law:

I don’t think that’s a legal battle Apple wants to face considering the sale of over 100 million iDevices worldwide. That raises the question – how is this data used? It’s used all the time by software running on the phone. Built-In applications such as Maps and Camera use this geolocational data to operate. Apple provides an API for access to location awareness called Core Location. Here is Apple’s description of this softare library:

2) This hidden file is neither new nor secret.

It’s just moved. Location services have been available to the Apple device for some time. Understand what this file is – a log generated by the various radios and sensors located within the device. This file is utilized by several operations on the device that actually is what makes this device pretty “smart”. This file existed in a different form prior to iOS 4, but not in form it is today.

And lot's more technical specifics at the source! That said, the main problem that I have with this is that the OS stores the information for far too long. (1 year?)

 

[nVidiot_Whore]

About the only thing that article states that is interesting is the claim that they have monitored data and that the file isn't actually ever sent to Apple.

Otherwise nothing else he says makes up any excuse why the data needs to be stored for a year.

And Apple's own privacy policy states that they do collect this data, and tells you to turn your location services off if you don't want them to.

 

[JonathanEx]

If people didn't know about this and are upset by it, surely that shows just mentioning it in the privacy policy isn't enough to take reasonable measures to inform their users?

Privacy is important, and this file, while it's not Apple tracking you everywhere secretly!!!! there are issues with it and how its done.

 

[nVidiot_Whore]

If people didn't know about this and are upset by it, surely that shows just mentioning it in the privacy policy isn't enough to take reasonable measures to inform their users?

Privacy is important, and this file, while it's not Apple tracking you everywhere secretly!!!! there are issues with it and how its done.

I think it's a good reminder that if you are going to carry around such a powerful device you should probably educate yourself a little bit about how it works... especially if that device is designed to be connected to networks and whatnot.

But from Apple's perspective, if this upsets their customers, they should certainly change it. They'll lose business otherwise.

I'm also still curious why this particular data is so important to people.. or such a privacy concern. Or why if their location, or where they've been, is such a concern for them.. why they SPECIFICALLY wouldn't be looking at the functionality of their GPS devices they chose to carry in their pockets?

 

[giga]

Otherwise nothing else he says makes up any excuse why the data needs to be stored for a year.

And Apple's own privacy policy states that they do collect this data, and tells you to turn your location services off if you don't want them to.

Why would he try to make an excuse for Apple? It's a technical overview. Storing historical data (instead of just recent) is the problem, not that the OS collects the data in the first place. That's the problem that people should have an issue with.

Apple's collection of location data looks different though. That location data can be managed through Location Services. This is data that's stored regardless if you disable Location Services or not and forensic researchers didn't find any evidence of it being transmitted anywhere.

 

[akira28]

If you keep location services turned off, does that squelch this? Anyway fuck Steve Jobs has been my SOP since the Apple 2e. It was the Commodore that deserved to live. Not the Apple.

 

[nVidiot_Whore]

Why would he try to make an excuse for Apple?

I don't know? It just sounds like he is.

It's a technical overview. Storing historical data (instead of just recent) is the problem, not that the OS collects the data in the first place. That's the problem that people should have an issue with.

And he doesn't address the problem people are having.

He quotes Apple about the API, and what it does (which doesn't require more than a few seconds of historical data to fully function, since the only use for such data in the API is for 'heading') and says "Seems pretty clear" as if that explains why this data is being stored historically for so long.

This is data that's stored regardless if you disable Location Services or not

I don't think that's true, I believe if you completely disable location services it won't store this data. The article you posted mentions disabling it for specific apps, not disabling the entire thing.

Apple makes the claim that it IS disabled here.. in a letter to the gubbament:

http://markey.house.gov/docs/applemarkeybarton7-12-10.pdf

Several times in the letter Apple claims turning off location based services turns off storage of the data.

But they also claim they DO collect the data.. and use it.

So I'm still unclear about that..

 

[giga]

I don't know? It just sounds like he is.



And he doesn't address the problem people are having.

He quotes Apple about the API, and what it does (which doesn't require more than a few seconds of historical data to fully function, since the only use for such data in the API is for 'heading') and says "Seems pretty clear" as if that explains why this data is being stored historically for so long.



I don't think that's true, I believe if you completely disable location services it won't store this data. The article you posted mentions disabling it for specific apps, not disabling the entire thing.

Apple makes the claim that it IS disabled here.. in a letter to the gubbament:

http://markey.house.gov/docs/applemarkeybarton7-12-10.pdf

Several times in the letter Apple claims turning off location based services turns off storage of the data.

But they also claim they DO collect the data.. and use it.

So I'm still unclear about that..

You know, I'm not going to argue with you about the intentions of an article. Think what you want to think. I just posted it because it had useful technical information about what was happening behind the scenes.

I don't get the impression that logging is completely disabled from what he wrote:

Users still have to approve location access to any application and have the ability to instantly turn off location services to applications inside the Settings menu on their device. That does not stop the generation of these logs, however, it simply prevents applications from utilizing the APIs to access the data.

But I haven't tested it (perhaps I should do a restore and try) and would take the word of Apple if that letter is honest.

 

[nVidiot_Whore]

You know, I'm not going to argue with you about the intentions of an article. Think what you want to think. I just posted it because it had useful technical information about what was happening behind the scenes.

You are right, the intention doesn't really matter. But he makes the claim, as you posted:

how is this data used? It’s used all the time by software running on the phone.

By "this data" I'm assuming he is talking about the topic at hand, the db file indicated, which stores a years worth of data. He doesn't bother to point out that only a few seconds of data would need to be stored for any of the functionality apps need. This omission made me personally suspect, but it doesn't really matter. He's not presenting this as a technical overview, he's presenting it as "3 problems" he has with the research and how it's being presented. The statement on it's own that Apple isn't collecting the data is very interesting, and is something that I'm SURE we will get independent verification of soon. Apple's own privacy policy practically states that they ARE collecting the information. The rest of his discussion of the API came across as making excuses and ignoring the real problem, the length of the data stored. But that's just my opinion, and really.. matters not.

I don't get the impression that logging is completely disabled from what he wrote:

Yeah.. it's hard to tell for sure if he is referring to the entire setting, or just the per-application settings. If you read that PDF, Apple states fairly explicitly that logging still occurs if specific applications are turned off, but if the entire setting is turned off that collection is halted. I'd load the PDF into adobe and OCR it or screencap it if I wasn't feeling so lazy

But I haven't tested it (perhaps I should do a restore and try) and would take the word of Apple if that letter is honest.

Well.. the letter was sent a year ago.. so aside from trusting Apple wasn't lying, that doesn't mean things couldn't have changed.

It's still interesting to me that he claims Apple doesn't send the file.. when it appears that Apple is explicitly admitting to that in this letter to the government, as well as in their own privacy statements. Again.. things could have changed.

 

[giga]

From the PDF:

Seems like there are four different types:

1. Location services from Wi-Fi, cell towers, and GPS
2. Anonymous Wi-Fi info and GPS coordinates during regular operation (searching for cell network)
3. Diagnostic data with consent
4. iAd with consent

 

[nVidiot_Whore]

OK.. feeling slightly less lazy.

Here's Apple, in that letter to the government, in July '10, stating that turning off location services disables collection of the data.

 

[giga]

Alright, I'm just confused if the Off switch for location services encompasses the all different types of collection I showed in my previous post. If so, I'd assume that the researchers had location services turned off and that's why they didn't record any network transmissions?

 

[nVidiot_Whore]

Alright, I'm just confused if the Off switch for location services encompasses the all different types of collection I showed in my previous post. If so, I'd assume that the researchers had location services turned off and that's why they didn't record any network transmissions?

That could be true. Collection could mean multiple things.

Considering the context of that letter, if Apple is still recording the data with location services off, I'd say that's pretty shady of them to make such a claim without specifying.

 

[Dead Man]

While not catastrophic by any means, poorly communicated information leads to a lack of perceived consent from consumers, which will not help a company be trusted in future. It seems pretty dodgy to keep the records for a year, and have them not be encrypted by default.

 

[nVidiot_Whore]

According to that PDF, Apple collects:

1) GPS and other co-ordinates any time you are searching for a cell tower or wi-fi access point
2) GPS and other co-ordinates any time an application is asking for GPS data.

So according to them, they don't constantly record the data. And the data is used for diagnostics purposes.. which to me, sounds like the only use would be something AT&T would want.

And they do explicitly state later in the PDF they do NOT collect this data if location services is set to off.

BUT.. here is them explicitly stating they DO send this data:

Interesting wording though.. "secure wireless network".. and only if location services are on. But they send the data every 12 hours? Interesting.

 

[Phoenix]

April 27, 2011 08:30 AM Eastern Daylight Time
Apple Q&A on Location Data

CUPERTINO, Calif.--(BUSINESS WIRE)--Apple would like to respond to the questions we have recently received about the gathering and use of location information by our devices.

1. Why is Apple tracking the location of my iPhone?
Apple is not tracking the location of your iPhone. Apple has never done so and has no plans to ever do so.

2. Then why is everyone so concerned about this?
Providing mobile users with fast and accurate location information while preserving their security and privacy has raised some very complex technical issues which are hard to communicate in a soundbite. Users are confused, partly because the creators of this new technology (including Apple) have not provided enough education about these issues to date.

3. Why is my iPhone logging my location?
The iPhone is not logging your location. Rather, it's maintaining a database of Wi-Fi hotspots and cell towers around your current location, some of which may be located more than one hundred miles away from your iPhone, to help your iPhone rapidly and accurately calculate its location when requested. Calculating a phone's location using just GPS satellite data can take up to several minutes. iPhone can reduce this time to just a few seconds by using Wi-Fi hotspot and cell tower data to quickly find GPS satellites, and even triangulate its location using just Wi-Fi hotspot and cell tower data when GPS is not available (such as indoors or in basements). These calculations are performed live on the iPhone using a crowd-sourced database of Wi-Fi hotspot and cell tower data that is generated by tens of millions of iPhones sending the geo-tagged locations of nearby Wi-Fi hotspots and cell towers in an anonymous and encrypted form to Apple.

4. Is this crowd-sourced database stored on the iPhone?
The entire crowd-sourced database is too big to store on an iPhone, so we download an appropriate subset (cache) onto each iPhone. This cache is protected but not encrypted, and is backed up in iTunes whenever you back up your iPhone. The backup is encrypted or not, depending on the user settings in iTunes. The location data that researchers are seeing on the iPhone is not the past or present location of the iPhone, but rather the locations of Wi-Fi hotspots and cell towers surrounding the iPhone's location, which can be more than one hundred miles away from the iPhone. We plan to cease backing up this cache in a software update coming soon (see Software Update section below).

5. Can Apple locate me based on my geo-tagged Wi-Fi hotspot and cell tower data?
No. This data is sent to Apple in an anonymous and encrypted form. Apple cannot identify the source of this data.

6. People have identified up to a year's worth of location data being stored on the iPhone. Why does my iPhone need so much data in order to assist it in finding my location today?
This data is not the iPhone's location data-it is a subset (cache) of the crowd-sourced Wi-Fi hotspot and cell tower database which is downloaded from Apple into the iPhone to assist the iPhone in rapidly and accurately calculating location. The reason the iPhone stores so much data is a bug we uncovered and plan to fix shortly (see Software Update section below). We don't think the iPhone needs to store more than seven days of this data.

7. When I turn off Location Services, why does my iPhone sometimes continue updating its Wi-Fi and cell tower data from Apple's crowd-sourced database?
It shouldn't. This is a bug, which we plan to fix shortly (see Software Update section below).

8. What other location data is Apple collecting from the iPhone besides crowd-sourced Wi-Fi hotspot and cell tower data?
Apple is now collecting anonymous traffic data to build a crowd-sourced traffic database with the goal of providing iPhone users an improved traffic service in the next couple of years.

9. Does Apple currently provide any data collected from iPhones to third parties?
We provide anonymous crash logs from users that have opted in to third-party developers to help them debug their apps. Our iAds advertising system can use location as a factor in targeting ads. Location is not shared with any third party or ad unless the user explicitly approves giving the current location to the current ad (for example, to request the ad locate the Target store nearest them).

10. Does Apple believe that personal information security and privacy are important?
Yes, we strongly do. For example, iPhone was the first to ask users to give their permission for each and every app that wanted to use location. Apple will continue to be one of the leaders in strengthening personal information security and privacy.

Software Update

Sometime in the next few weeks Apple will release a free iOS software update that:

reduces the size of the crowd-sourced Wi-Fi hotspot and cell tower database cached on the iPhone,
ceases backing up this cache, and
deletes this cache entirely when Location Services is turned off.
In the next major iOS software release the cache will also be encrypted on the iPhone.

NOTE TO EDITORS: For additional information visit Apple's PR website (www.apple.com/pr), or call Apple's Media Helpline at (408) 974-2042.

© 2011 Apple Inc. All rights reserved. Apple, the Apple logo, Mac, Mac OS, Macintosh, iPhone and iTunes are trademarks of Apple. Other company and product names may be trademarks of their respective owners.

Apple has issued a press release on the subject.