Reports surfaced last week that files on some versions of Apples's iPhones and iPads and Android devices running an operating system from Google stored hidden files of locations visited by mobile smartphone users that could be transferred to personal computers (see Hidden Files on iPhone Pose Risk).
Researchers reported that they found hidden files that show where users visited. Apple said the researchers misinterpreted what they found in those files. "The location data that researchers are seeing on the iPhone is not the past or present location of the iPhone, but rather the locations of Wi-Fi hotspots and cell towers surrounding the iPhone's location, which can be more than 100 miles away from the iPhone," Apple said. "We plan to cease backing up this cache in a software update coming soon."
"Apple has never done so and has no plans to ever do so," the company said in a statement issued Wednesday. Apple attributed the brouhaha over security and privacy to the complexity of the devices, technology that's hard to explain in a sound bite. "Users are confused, partly because the creators of this new technology - including Apple - have not provided enough education about these issues to date." the company said.
Concerns over the appearance that smartphones secretly track the whereabouts of the devices' users have prompted the Senate to hold a hearing May 10 on the matter (see Senate to Probe iPhone, Droid Tracking). "The existence of this information - stored in an unencrypted format - raises serious privacy concerns," Sen. Al Franken, D-Minn., said in announcing the Senate Judiciary subcommittee hearing he'll chair.
Apple conceded that some cache location information stored on the iPhone isn't encrypted, and said the next revision of the device's operating system will have that data encrypted.
Apple said the iPhone doesn't log user's locations. The device maintains databases of Wi-Fi hotspots and cell towers around a customer's current location, some of which may be located more than 100 miles away from iPhone to help the smartphone rapidly and accurately calculate its location when requested. Calculating a phone's location using just GPS satellite data can take several minutes and the iPhone can reduce this time to a few seconds by using Wi-Fi hotspot and cell tower data to quickly find GPS satellites, triangulating its location by employing Wi-Fi hotspot and cell tower data when GPS is unavailable such as indoors or in basements, Apple said. These calculations are performed live on the iPhone using a crowd-sourced database of Wi-Fi hotspot and cell tower data that is generated by tens of millions of iPhones sending the geo-tagged locations of nearby Wi-Fi hotspots and cell towers in an anonymous and encrypted form to Apple.
The company said suggestions that it can locate customers based on geo-tagged WiFi hotspots and cell tower data are wrong. Apple said this data is sent to the company in an anonymous and encrypted form. Apple said it cannot identify the source of this data. Apple said a bug will soon be fixed that allows devices to continue to update its Wi-Fi and cell tower data from Apple's crowd-source database even when the feature is turned off.
In the next few weeks, Apple said it would release a free iOS software update that reduces the size of the crowd-sourced Wi-Fi hotspot and cell tower database cached on the iPhone, ceases backing up this cache and deletes this cache entirely when location services is turned off.
By Eric Chabrow, Executive Editor, GovInfoSecurity.com (April 27, 2011)