Senator Al Franken Takes iPhone Location Tracking Issue to Steve Jobs

Privacy watchdogs are demanding answers from Apple Inc. about why iPhones and iPads are secretly collecting users’ movements in a hidden file.

Sen. Al Franken's letter to Steve Jobs says he 'would appreciate your prompt response to these questions.' Photo: The Minnesota Independent/Flickr

Sen. Al Franken wants answers. Security researchers on Wednesday revealed the existence of a file on iPhones and on their computer backups that logs detailed cell phone triangulation data – and has ever since iOS 4 was released last summer.

This privacy glitch was discovered by two British security researchers, Alasdair Allan and Pete Warden, who presented their findings at the location-centric O’Reilly Where 2.0 conference in San Francisco. They even released a downloadable application that plots users’ movements on web-based mapping software to illustrate the privacy implications.

In a blog post on the O’Reilly Radar Web site, Mr. Allan said, “The presence of this data on your iPhone, your iPad, and your backups has security and privacy implications.” The two programmers have contacted Apple’s product security team but said they had not yet had a response.

Overnight US Congressmen led calls for Apple to explain itself over the way the iPhone logs users’ coordinates based on the mobile network masts to which they are connected. The Federal Communications Commission meanwhile reportedly said it would look into the matter.

The hidden file, which is called “consolidated.db,” is stored on both the Apple iPhone 4 and the computer it is associated with, and is not protected by a password or encryption. The security firm F-Secure also claimed the iPhone reports location data back to Apple twice a day.

In a letter to Steve Jobs (PDF), the Democratic Senator Al Franken, who leads a Senate privacy panel, said: “Anyone who gains access to this single file could likely determine the location of the user’s home, the businesses he frequents, the doctors he visits, the schools his children attend, and the trips he has taken over the past months or even a year.”

Senator Franken asked the Apple CEO to explain why the data is captured, what it is used for and why it did not seek “affirmative consent” from users. “It is also entirely conceivable that malicious persons may create viruses to access this data from customers’ iPhones, iPads, and desktop and laptop computers,” the letter continues.

“There are numerous ways in which this information could be abused by criminals and bad actors. Furthermore, there is no indication that this file is any different for underage iPhone or iPad users, meaning that the millions of children and teenagers who use iPhone or iPad devices also risk having their location collected and compromised.”

In its statement the Information Commissioner’s Office said: “All businesses that are collecting people’s data should have clear and accessible privacy notices. This is especially important where users are unlikely to appreciate the privacy implications of a service they are using.”

“Apple has a legal obligation to make clear how people’s information might be used when customers sign up. Equally, customers should make sure they carefully read through terms and conditions. Anyone who has a data protection concern can bring their complaint to us and we will look into it.”

Apple’s privacy policy states that location data “is collected anonymously in a form that does not personally identify you and is used by Apple and our partners and licensees to provide and improve location-based products and services”.

But Professor Ross Anderson, a privacy and security expert at the University of Cambridge, argued the location log could not be considered anonymous data. “If your location history were to be kept anonymous, it would have to be broken up into separate segments of a few hours or perhaps even less,” Prof. Anderson said.

“As it is, if our location histories were to be published without our names on, then anyone who knows where you were at a few definite times in the past can identify your location history from among all the millions of other people’s, and then work out where you were at (say) evenings and weekends.”

Apple Inc. has not yet publicly responded to the controversy. Readers, what do you think about it all?! Tell us your thoughts in the comments below. [via The Telegraph (UK), The Republic, CNN and NY Times]

Share this article

We welcome comments that advance the story directly or with relevant tangential information. We try to block comments that use offensive language, all capital letters or appear to be spam, and we review comments frequently to ensure they meet our standards. If you see a comment that you believe is irrelevant or inappropriate, you can flag it to our editors by using the report abuse links. Views expressed in the comments do not represent those of Coinspeaker Ltd.