By ANDY IHNATKO
Apr 30, 2011 12:44AM
A Verizon iPhone is shown the first day it was available at Verizon Wireless stores Thursday, Feb. 10, 2011, in Beachwood, Ohio. (AP Photo/Amy Sancetta)
1It turns out that everyone who expressed a half-baked interpretation of The Great iPhone Location Kerfuffle of 2011 was right: pundits, security experts, even Apple itself.
To recap, if you didn’t read my posting from last week or any of the miles of other available commentary: your iPhone has been building a database of where that phone has been, dating back to the release of iOS 4.0 last summer. It definitely contains your location info, but it’s clearly not the sort of info that’s useful for tracking someone. The coordinates are very loose, sometimes off by miles, and appear to be calculated guesses based on nearby cell towers and WiFi hotspots . . . not the phone’s highly-precise GPS receiver.
Apple’s terms of service specifically allows the hardware to keep track of its location and use that information. But Apple had also promised, in a fashion certain to bring down legal repercussions if they ever broke that promise, not to collect personalized location information without the user’s consent.
Overall, the signs seemed to point to “this is something the OS is doing to improve the performance of the hardware or the network” as opposed to “Apple is ready to move on to Phase 7 of its inexorable slog towards the subjugation of the Humans.”
The only real risk all of this presented to consumers was the fact that the existence of this file was well known in forensic circles . . . which meant that the baddies know about it as well. Anyone with access to the PC or Mac that backs up your iPhone to its hard drive could copy that file and examine it at their leisure, and get at least a rough idea of your movements since June.
Clicking the “Encrypt iPhone Backup” checkbox in iTunes (dock your iPhone and look inside the “Summary” tab) closes the vulnerability.
On Wednesday, Apple sensed that the Kerfuffle would escalate into a genuine Rhubarb if left unchecked. So they issued a press release and consented to an interview with The Wall Street Journal to explain the sitch.
The points in the database were actually downloaded into the iPhone from Apple and weren’t recorded by the user’s device. It’s a system for optimizing location services. Apple maintains its own huge crowdsourced database of the fixed locations of cellphone towers and WiFi hotspots. When the phone’s Location Services feature is active but it can’t receive GPS coordinates (such as when you’re roaming among skyscrapers or inside a big building), the iPhone can still give you an accurate calculated fix based on this constantly-updated map of nearby terrestrial locations.
This database also means that if you turn your phone back on after flying cross-country, the iPhone won’t waste several minutes looking for GPS satellites that are thousands of miles away. A query of the database will quickly tell the iPhone which birds it should try to to listen for. This shortcut can cut minutes off the time required for a GPS lock.
Your iPhone is contributing to this database (that’s the definition of “crowdsourced”), but the phone strips this data of anything that could be connected to you and encrypts it before sending it to Apple.
The on-phone database was supposed to just contain tower and hotspot locations relevant to the past week of your movements . . . not forever. It was also supposed to be deactivated if you switched your iPhone’s Location Services feature off.
Apple promises to fix these bugs in the next few weeks, and that this database will be encrypted on the phone itself after a further OS update.
So everyone was right. Apple wasn’t collecting personalized information (I could split hairs on that point, I suppose), the database was related to system performance, and a software bug played a huge part in all of this.
One revelation: “Apple is now collecting anonymous traffic data to build a crowd-sourced traffic database with the goal of providing iPhone users an improved traffic service in the next couple of years,” says the press release. The Wall Street Journal pressed for more details and got nowhere, but the revelation of even this slim tidbit is practically unprecedented. Apple is like the Wonka factory. They’re the ultimate closed shop and nobody never talks about unreleased products.
This “improved traffic service” fits in with Apple’s past behavior. By building their own crowdsourced database of WiFi hotspots and cell towers, they cut their corporate tether to the outside company they formerly needed as a supply of that data. By building their own knowledge base of traffic routes, patterns, and behaviors, Apple can reduce or even eliminate their dependence on Google, Bing, and other map services for certain functions.
This whole incident leaves both handset makers and handset users a little wiser:
The users have received a lesson on just how much information flows through a smartphone. It’s a complex and necessary relationship between this little device and a huge wireless network. Phones simply don’t work unless they keep checking themselves in; companies are also under federal mandates to ensure that the network can always find you if it needs to, as when you make an E911 call.
Location data isn’t used by the hardware and OS makers for nefarious purposes. But these companies are definitely interested. If Apple or HTC or Samsung want their phones to work more reliably, they can either poll several thousand users about what they’re experiencing or they can ask several million handsets the same question. The phones don’t expect to get a free box lunch for spending three hours inside a focus group. It’s all (fairly) innocent, but users should never forget that they agreed to this sort of thing and plenty more when they blithely clicked through the terms of service agreement.
The bigger problem presents itself when information like this unprotected database falls into the hands of the baddies. Or even the hands of the good guys, for that matter. If you’re pulled over for a traffic offense and a police officer asks if he can see your phone for just a few minutes, why should you (with utmost courtesy) decline unless he produces a warrant? This. Law enforcement has a far better understanding than the average user of what a mobile phone can reveal.
(Oh, and they also have devices back in the prowler that can copy this information for later analysis lickety-split.)
The handset makers should learn that the things that are obvious to a group of engineers who’ve spent the past three years designing and building a phone aren’t the least bit obvious to the average consumer. Apple’s first response to The Kerfuffle (one of Steve Jobs’ trademark short responses to a user’s email) seemed to dismiss the whole problem. Steve didn’t say anything that wasn’t technically true. But the response failed to anticipate the natural human reaction to the revelation that a simple, vulnerable file on their phone contains nearly a year’s worth of the kind of data that could get someone fired or divorced.
Apple themselves acknowledged this slip-up in their press release, accepting blame for failing to provide the public with enough education about these issues. People like me look at the data and analyze it and can conclude that the iPhone isn’t collecting any really useful data and that it’s easy enough for anybody to lock it down on their own.
Ordinary people just get scared. Who can blame them?
My proposal: hire an Aunt Estelle or an Uncle Bonfiglio for every major product, as independent contractors.
I mean, literally, have each member of the engineering team nominate their least-tech-savvy aunt or uncle. And then, late in the design process when the product can be demonstrated as an organic whole, lay it all out for him or her and then see how they react.
As I sit her writing this, I can just imagine an engineer with one of my Beloved Aunts. “Oh,” she would say, after she’s heard the complete pitch about this database. “I . . . I don’t think I like that very much. Are there other phones that don’t have that?”
She’d be very sweet about it. She always is.
But behind the one-way glass, a roomful of managers and other engineers would thunk their heads down on their desks. Back to the drawing board. At the very least, they’d identify the areas where they’d need to improve the product’s security and educate the consumer.
You must be logged in to post a comment.