I often travel internationally (with no data roaming) and I've noticed that the iPhone's A-GPS is incapable of determining my location when I arrive in a new place, even if I've pre-loaded my route/maps in the maps application prior to arrival. But once I've connected to the internet - even for a few seconds - my phone is permanently able to track itself in that city, even after I've left and returned months later.
It's going to be unfortunate when I can't do this anymore because of people blowing this issue out of proportion. I hope Apple will at least provide the option of caching this data for longer than 7 days.
Well. If you are near an access point apple knows about or just by geolocating your IP address, the iPhone can still download datapoints from that central database that allow it to quickly locate you.
That file on the iphone is just a local copy of the relevant parts of the central database.
Sure. It might be 10 seconds instead of one second now, but that's a reasonable tradeoff compared to the huge log it currently makes. IMHO.
Point is that he's turning roaming off, and probably doesn't have access to WiFi in the foreign city. By having the database, you don't need a data connection at all, thus saving money.
Do you need to use AGPS? It only takes 12 minutes to download the ephemeris and almanac via the GPS satellite itself. So even without Internet connectivity, you'll eventually know where you are.
As far as I can tell, the iPhone cannot determine one's location solely from the GPS antenna. If you travel to a place where you haven't been before, location services simply won't work until you obtain internet connectivity for a few seconds.
I don't know if this is because the iPhone's GPS functionality is crippled, or if it's a software limitation. I'd imagine that if you wanted to overcome this limitation, you'd need to jailbreak your phone and use 3rd party mapping software at a minimum.
*Note: once it has located you, it will generally track you correctly while you're moving, even if you leave the area where you had internet connectivity.
Are you sure you've had 12 minutes with a clear view of the sky? Each GPS satellite carries the entire constellation's almanac. After downloading that (which is a 12.5 minute process), then you can download the ephemeris from each satellite, which takes 30 seconds. You need 4 satellites to get a location fix.
The almanac is valid for 180 days, so you only need to wait 12 minutes once. From then on, you only need the ephemeris from 4 visible satellites, which takes less than a minute to download.
It confuses me that the iPhone wouldn't be able to do this, because I can buy a $10 microchip that's the size of a dime that can do it. Give it electricity, wait 15 minutes, the location comes out the other side. I would be shocked if the iPhone were incapable of doing this.
> I can buy a $10 microchip that's the size of a dime that can do it. Give it electricity, wait 15 minutes, the location comes out the other side.
How do you know when the 15 minutes starts, though? Dedicated GPSs tell you things like how many satellites they have in view and how accurate their fix is, but dumbed-down devices like to pretend location is magic. I'd hope they'd at least provide the gritty details through CoreLocation so a user can buy an app if she wants to know which bench outside the train station to sit at sipping coffee while the phone orients itself.
You don't need to know "when it starts", it transmits in a loop, you need to collect ~12.5 minutes of that loop to get the entire almanac. (lousy software _might_ not understand unless it finds some particular preset mark in the loop, but it's not a GPS system architecture problem)
The user needs to know when the almanac is being received and when the whole thing is in when looking for a clear-view-of-sky spot to sit a while.
The best you can do with CoreLocation is set desiredAccuracy to kCLLocationAccuracyBest and wait for it to fall below 100 feet with no way to find out if it ever will.
It's a common scenario in Europe. It's not "exotic" to take a €39 train ride from Paris to Brussels to visit for the weekend.
I don't think it's a privacy concern to store such data locally on the phone. In any case, it should be resolved by letting the user decide how long to cache the data; that would make everyone happy.
How does data roaming work on European carriers? For someone traveling from the US, there could be a significant cost to using data in another country. If Europe's prices are more sane, it might not be an issue.
At the moment data roaming in Europe is still a nightmare, most providers make you pay ridiculous fees when crossing a border. The EU commissioner for IT & Telco (Nellie Kroes) recently threatened with legislation if things didn't improve and now several providers started offering some kind or "Euro roaming" subscription.
Even so, the data should not be stored in a plain text file. Doing so gives any iPhone application access to that location data. Apple claims that it manages location preferences by application, but that's not true as long as this file exists in a plain text format.
That is incorrect. The iPhone employs sandboxing, so most areas of the filesystem are not accessible to iOS applications, and this cache is in one of those restricted locations. An app on the phone cannot read this information.
However, it is included in the iTunes backups. Those can be read -- but only on your computer, not on the iPhone itself.
(An exception to the above would be a jailbroken phone: the packages installed via Cydia would not have the same restrictions, although the recent jailbreaks do not remove the restrictions on apps from the App Store.)
The location/timestamp concerns are only relevant when my phone has been stolen or somebody has unrestricted access to my computer. At that point, location tracking is only one of many many terrible things that can happen to me, and frankly it's nowhere near the most terrible. And if I'm concerned about somebody tracking me, I'm going to be most concerned about the last 7 days, not the past year. If you're concerned about the government tracking you for longer than a year, they easily have access to that data without your ever knowing they looked.
The solution is to properly protect your data on your phone and your computer.
Your solution is asinine, as I have little way to protect my "cache" of goods... it's unencrypted both on the device and in the backups (though you can encrypt backups now, there might be previous computer backups of mine that have unencrypted location data, now I have to go find and excise those).
Any malicious desktop tool can easily find the location cache in unencrypted backups. Modern Police Forensics tools (http://www.cellebrite.com/) can easily extract non-encrypted data from phones in minutes (see Michigan Police).
That Apple stored this growing set of user-data in cleartext on the device was as stupid as Sony storing their customer's personal information in cleartext (or weakly hashed) on their servers.
Either bit-recycle the information that's not immediately relevant, or strongly encrypt/sanitize it. This shit isn't rocket-science, folks. Otherwise it's a liability and potential PR nightmare in the making.
We're now still in the "wild west" of personal data records. Once these issues start to snowball and real-life consequences happen, people will clamor for litigation, which given politicians will be over-reaching and ham-fisted.
Corporations with hundreds of millions of users' personal data should stay in front of these issues unless they want to wade in a regulatory mess (see Google's mis-steps with wifi packet data).
As of right now, anyone with an iPhone can have their localization data ripped from their device in less than 5 minutes via cellebrite. It could be a coworker, police office, or immigration official.
The iPhone is not logging your location. Rather, it’s maintaining a database of Wi-Fi hotspots and cell towers around your current location, some of which may be located more than one hundred miles away from your iPhone, to help your iPhone rapidly and accurately calculate its location when requested
This actually makes sense - looking at the logs on my iPhone and iPad, the locations where pretty far away from the places where I usually roam, and actually there was a very great deal of places where I've never been, not even close.
>and actually there was a very great deal of places where I've never been, not even close.
How does that make sense? It should only cache the locations of cell phone towers it was in the range of. Are you seeing data that was more than 100 miles away from the places you were at?
Nope. It's a local (geographically speaking) slice of a huge database of hotspots. There is a concentration of points downtown, a few points at the local airport, others at touristic destinations nearby. Most are places I've never been at.
It is nothing but a very neat cache. The nerd in me is sad to see it go.
> Are you seeing data that was more than 100 miles away from the places you were at?
Yes, actually. I used the app that was posted and, even after I modified the code to stop fuzzy-ing the data, I was thinking to myself "well, I've never been anywhere close to there".
Ever go up in a tall building? Your phone sees more towers. But actually, we don't know that "towers my phone sees" is the actual mechanism here.
Apple hasn't explained the algorithm they use to determine what location data to send to the phone. Perhaps they're saying "100 miles" because that's what they do -- send tower data for up to 100 miles around the current tower, depending on tower density for that location.
Is it possible the cell tower you're locally connected to is aware of its adjacent towers and communicates this information back to the iPhone? If you're traveling at highway speeds, or perhaps on rail, a 100 mile radius won't cover a huge area. Looking at my own data it seemed to be closer to 200-300 miles in some cases. (in rural areas where presumably towers are spaced out further apart)
Ironically, shrinking the geolocation cache will result in more frequent requests to the server, making it theoretically easier for Apple to track your location.
I use location services on an iPod touch almost daily and without a network connection. The location cache is currently limited by size. It seems to hold about a small city's worth of wifi hotspot coordinates, which is downloaded in large blocks at a time.
Reducing the size of the wifi location cache to a mere 7 days could severely reduce the usefulness of that feature.
I really hope they're not killing a great feature because of some hysteria and bad reporting.
I have seen this more and more lately, the standard reaction to anything Apple in the tech community is pitchforks. I have a feeling subconsciously we all want Apple to fail at something and try to latch on to anything remotely blamable.
>I have seen this more and more lately, the standard reaction to anything Apple in the tech community is pitchforks. I have a feeling subconsciously we all want Apple to fail at something and try to latch on to anything remotely blamable.
I think that's a counter reaction to a whole bunch of people who think Apple can do no wrong at all.
Exactly, but I think it's rational. Software is hard, damn hard to get right -- even if you get the math side correct, there's always UX to damn your product. It's only reasonable that a company that gets so many things _right_ is both so loved by some, and expectant to fail by others.
I think the reaction was appropriate. It confirms the major points that people were upset about: 1) that the data is stored unencrypted, 2) that it lives even after you turn off location services, 3) that it was taken without explicit permission.
This press release doesn't change any of those points, it merely places the blame on bugs (which wouldn't have been patched had the story not been uncovered).
Isn't this comparable to the Google/Buzz fiasco, which was met with similar (deserved) scorn?
which wouldn't have been patched had the story not been uncovered
That's a pretty cynical reaction. Why would you make that assumption? Do you think that if someone had alerted Apple privately to the bug they never would have gotten around to fixing it?
I think there wouldn't be the same sense of urgency. I don't think that's cynical at all; that's the way business works. I've never worked at a company that doesn't push something when enough customers make a fuss about it.
Personally, I consciously want the iOS to fail. I want to be able to install any OS I want on my tablet without voiding my warranty, and Apple's done a great job of setting a trend against that. If Apple provides boot camp for the iPad, I personally will probably shut up and buy one.
Locked-down bootloaders are the norm in the high-end tablet space, because Apple set the trend. Yes, there are a handful of freely modifiable ones, but I don't want my hardware choices constrained to those vendors which deign to let me use the hardware I've purchased as I please.
That's twisting my words a a bit isn't it? I don't like what Apple is doing. Other manufacturers imitate Apple. I want Apple to fail in the hopes that other manufacturers will stop imitating Apple.
I'm sure other manufacturers would stop imitating Apple if Apple failed.
But that's an incredibly negative view isn't it? By imitating Apple, the other manufacturers simply aren't contributing anything meaningful. It seems unlikely that Apple's failure would make them suddenly unleash a wealth of creativity and contribution on the world. If they had it, why wouldn't they be using it right now?
Wouldn't it be better for Apple to succeed, and the imitators fail? That way, we'd get the best of both worlds. Advancement of technology from Apple, and a clear marketplace signal that imitators are not wanted.
New companies and investors would who wanted to succeed would no longer be tempted to imitate but might actually innovate.
5. Can Apple locate me based on my geo-tagged Wi-Fi hotspot and cell tower data?
No. This data is sent to Apple in an anonymous and encrypted form. Apple cannot identify the source of this data
I hate it when companies use 'encrypted' like it would somehow make your data more secure in their hands. They mean here they use something like SSL so snooping the traffic is impossible, but of course they can still read what you're sending, otherwise the information would be useless to them.
The claim that apple can't identify the source of the data is also highly dubious. If they wanted to, they could probably correlate your IP with the IP used to access your iTunes account. That they don't do this is one thing, but claiming that they can't is something else.
EDIT: come on HN, since when did we start downvoting stuff you don't want to hear? This is a valid point, if you have critizism just leave a comment. If you want to downvote something, do it on the summary comments. Sheesh.
I understand being cynical but in this case the keyword is anonymous. The encryption is for protecting in transit like you said.
In order to populate their wi-fi/location database they really don't have to send over a person's IP to the server. In fact its something they don't want I would assume as it adds absolutely no value to the data. They already know who you are and where you are don't they?
They receive your IP address because that's how IP works; otherwise they wouldn't have an address to send data back (and IP packets with a spoofed source IP are dropped immediately). They might not do anything with it, but they definitely have access to it.
Sure, that's why they say "anonymous". If they do not delete the IP address as soon as technically possible they are lying about the anonymous part.
This is not about ability. This is about trust. They say the data is anonymous which means they are obligated to disregard the IP address and to not log it anywhere.
Sure it is. That's exactly what the following statement means: "Apple cannot identify the source of this data". How can you interpret that as anything else but their ability of identifying the source?
The statement is obviously not true; if they were forced to, by a government agency for example, to track the location information from a user from that point on they COULD; saying they can't is wrong IMHO.
The correct thing to say here is that they can, but they don't, unless forced to. But I guess that isn't the message Apple wants to communicate.
Out of context, that is what the statement would read. But with context I would read it as "Apple cannot identify the source of this data 'stored without IP addresses with us'"
I was specifically talking about storing your IP along with the location data. That makes no sense as it does not add value to the data.
They have access to it sure. But they have access to it through a lot of other methods. In fact they even have your credit card information. You gave to it them :)
>EDIT: come on HN, since when did we start downvoting stuff you don't want to hear? This is a valid point, if you have critizism just leave a comment. If you want to downvote something, do it on the summary comments. Sheesh.
You must be new to HN, any post that can be construed as criticizing Apple, whether legitimate or not will either be ignored or downvoted. On the other hand, anything justifying Apple's actions, whether true or not will be heavily upvoted.
So you think the people who were reporting on these issues and caused Apple to fix them did it to hate on Apple? Tthe issues were real and not made up because Apple is now fixing them. Would they have fixed it if every reporter acted like Gruber? Why do some people take it as a personal insult if people point out that Apple can ship buggy software?
Of course we couldn’t have Apple news without Gruber bashing.
"The big question, of course, is why Apple is storing this information. I don’t have a definitive answer, but the best at least somewhat-informed theory I’ve heard is that consolidated.db acts as a cache for location data, and that historical data should be getting culled but isn’t, either due to a bug or, more likely, an oversight. I.e. someone wrote the code to cache location data but never wrote code to cull non-recent entries from the cache, so that a database that’s meant to serve as a cache of your recent location data is instead a persistent log of your location history. I’d wager this gets fixed in the next iOS update.”
"The key question for Apple: Given that this file was widely known among iOS forensics experts back in September, why does it still contain historical (as opposed to just recent) location history today?”
"Android phones store the same type of location information, but, unlike iOS, Android’s cache only contains recent entries — which is to say Android is doing it right.”
I think people jumped to the conclusion that Apple was logging your actual location, which would be a big deal, and published it as fact. It's a great story and gets traffic.
That said, I cannot imagine that if they'd contacted Apple about the issue they would have gotten a useful answer without the publicity.
Bottom line though is that any sufficiently sensational story gets traffic regardless of its truth or lack of attempt to even verify the veracity of the alleged problem.
There were plenty of sensational stories, sure. There were also many reasonable stories that debated what was being tracked, many of which were discussed on HN. You can't invalidate a story because some people become sensationalist, that always happens on any controversial story.
I am sure that lots of people discussed the story; but the original story that kicked it all pitched it as an "Apple is tracking you and the guys in black suits are using it to convict you of crimes" story.
The people who were reporting these issues made false claims and presented them in the most alarmist and damaging way possible to Apple. They did this without data to support them and continued to make insinuations not supported by the facts even when other researchers showed their claims to be unsupported.
It's certainly reasonable to question their motives.
The iPhone is not logging your location. Rather, it’s maintaining a database of Wi-Fi hotspots and cell towers around your current location, some of which may be located more than one hundred miles away from your iPhone, to help your iPhone rapidly and accurately calculate its location when requested
Can Apple locate me based on my geo-tagged Wi-Fi hotspot and cell tower data?
No. This data is sent to Apple in an anonymous and encrypted form. Apple cannot identify the source of this data.
I think a lot of folks who spent money on Apple products are going to be happy with this, and for that I'm glad.
But I didn't find this release adequate. Apple is not tracking me -- they are keeping a time-stamped list of nearby access points on my device, which effectively is a huge breadcrumb trail of everywhere I've been and when. Apple doesn't know it's me -- because the data is encrypted, which makes no sense at all. Whether data is encrypted or not is meaningless. Can I go to the Apple server logs and track incoming downloads and associate them with the data or not? I strongly suspect the answer is "yes". If not, that's great, but that wasn't described here.
The killer omission? That Apple has been doing all of this -- which is at the very least controversial -- without informing the users in a manner in which they clearly understood it. The response we see is simply a reaction. The "bug" here is getting caught.
I don't necessarily see anything nefarious at work, but I'm troubled with the idea that Apple was keeping a list of my whereabouts (the nearest access point, for those of you who are literally-minded) without my knowing it. That's a pretty serious breach of user trust, no matter how many times it was covered in the 47-page lawyered-up doc that nobody reads.
But like I said, folks are willing to cut Apple lots of slack, and they deserve it. But hell if I'd want to see something like this happen again, from any manufacturer. I'm not so sure that vendors are getting the point.
Frankly this is doublespeak very similar to the kind used to manufacture this hysteria in the firstplace - the data you're talking about is on your phone Apple doesn't have it, therefore Apple is not tracking you.
Your email is on your phone. Does this mean that Apple has your email? Clearly not, or perhaps we should have 'emailgate' and prevent phones from downloading emails more than 7 days old.
Apple was never keeping a list of your whereabouts.
>they are keeping a time-stamped list of nearby access points on my device, which effectively is a huge breadcrumb trail of everywhere
Read again. They are not. Its not timestamped when "you" where there, but when some anonynous iPhone picked up that particular hotspot. It got then uploaded to Apple and subsequently downloaded onto your iPhone, so that your iPhone can find its location easier.
Wasn't that kinda the obvious reason in the first place?
I'm pretty sure that's true. I'm going to try find some time this evening to animate the points out of the database from my phone to prove it to myself. I'm guessing the animation will show random segments of trails that anonymous iPhone users have travelled around my neighborhoods, but nothing I'll recognize as a trip I've made. (I'll blog about it at bigiain.com if I find anything interesting)
Then you will write a very interesting, but somewhat misleading blog post, just like everyone else has written in the past few weeks.
The point is that the database on your phone is a subset of the greater (global) database mapping wifi and cell access points to location. The local database contains timestamps of when your phone downloaded the information. The global database only contains a list of access points and approximate locations of those access points.
That way, when your phone sees an access point it can look up in the database (locally or globally) and see if this access point has been pinpointed, if it has it will be another tool for your device to provide you with a proper location.
In other words: animating the points in your database will show the first time your phone downloaded information about a specific access point, which will give you a trail of your movements (to a certain extent limited by the factors mentioned above).
That's a pretty serious breach of user trust, no matter how many times it was covered in the 47-page lawyered-up doc that nobody reads.
Yup! The crowdsourcing part (how they initially assembled and now maintain the hotspot database) needs a bit more clarifying. The release glosses over it and people everywhere are instead fretting about the file, even though it's just a cache, a mere fragment of Apple's data, not theirs.
The iPhone UX makes it very obvious that apps are using location services but it never conveys that the iPhone user is contributing data back to Apple, even if anonymously. This is new information for everyone, I guess.
Furthermore Apple implies that they uncovered the but themselves.
The reason the iPhone stores so much data is a bug we
uncovered and plan to fix shortly (see Software Update
section below). We don’t think the iPhone needs to store
more than seven days of this data.
Again, Apple's use of language is interesting. The phrase, "the iPhone needs to store" is based on functional criteria rather than the economic value which can be garnered from storing and datamining the level of information currently gathered in the crowd sourced database.
I found the language interesting too. It's subtle but exactly the same "you're holding it wrong", refusal to really admit wrong or truly come clean attitude that they displayed with the antenna saga.
It's a very interesting comparison as well with Google who (for example) with Buzz and the Wifi sniffing incident did complete and total mea culpas without reservation. It didn't particularly seem to help Google in those cases so it's hard to argue that Apple needs to do the same, but I do feel they would be better off with a simple and direct "sorry" and a promise to do better rather than a "oh it was just a bug, and we found it ourselves anyway, and by some definitions you're all wrong anyway so there!".
This is intensely nerdy, but "encrypted form" can be jargon for what we'd mean by "anonymised" in certain contexts around personally identifiable information.
See, but that would be crazy. If what they're saying is true (and there's no reason to doubt it at this point), they're using this in order to provide you with a service: the ability for your phone to know where you are in your city. Calling it "tracking data" is wrong, even.
Given their description of how the cell tower/hotspot data is used, it seems like deleting "this cache entirely when Location Services is turned off" is the opt-out you are looking for.
I wish people would stop saying this. Of course it's tracking data. There's nothing wrong with that. One of the phone's features is tracking your location so you don't get lost.
Personally I think Apple has overreacted. They just need to provide a configuration setting for the size of the cache, and more importantly not include it in backups. A cache is not important enough to back up. But as far as the size of the cache, the defaults sound sane enough.
You could also call the IP address that you're sending email from 'tracking data' if you wanted.
Hell, I get a text message from Rogers the second I land in the US to let me know that roaming rates apply. The fact that I have a device that has to talk to another end point means that I can be tracked.
Yes, I would call that tracking data. But unlike IP address headers, this cache contains information that is by design displayed to the user to help track their location.
I'll admit to typing "tracking data" after misreading the following bit of the release:
Apple is now collecting anonymous traffic data to build a crowd-sourced traffic database with the goal of providing iPhone users an improved traffic service in the next couple of years.
"Tracking" vs "traffic". [shrug]
But I'd still strongly prefer to be able to opt out. GPS still works to find location without this data, it's just slower. I should be allowed to take that hit, for the trade-off of not sending in data. As biafra says below:
Tracking data is only anonymous if it cannot be de-anonymized. Since I cannot check that this is not the case (with Apple, Google and Skyhook) I have doubts about the so called anonymity.
Hm, although an opt-out option might seem a reasonable request, Apple has to draw a line somewhere. If you want to have fast and accurate positioning, you have to provide them with your anonymous tracking data. That's the tradeoff, which I think is also reasonable to most people.
(I wish Apple would take that same stance with regard to crash logs. If you want stuff from the App Store, you have to let iTunes send your crash logs to the developers, without having to ask for permission first. There really is no good reason why anyone would need to opt-out of that.)
"If you want to have fast and accurate positioning, you have to provide them with your anonymous tracking data."
No I don't have to.
I am currently working on an offline positioning system based on a (hopefully complete) dataset of all GSM-Cells in the world (http://myapp.fr/cellsIdData/). The sqlite3-database is currently 25MB big with some room for optimization. I do this for Android but the iPhone also has enough space to hold this data. Although I think it would be impossible with iOS because of missing APIs to be notified when the cell tower changes.
I'm sure that cell towers are enough for Assisted GPS to get a quick fix.
If people would have found a data set of all cell towers ids and coordinates no one would have had concerns about privacy.
Tracking data is only anonymous if it cannot be de-anonymized. Since I cannot check that this is not the case (with Apple, Google and Skyhook) I have doubts about the so called anonymity.
edit:
I am looking for a comprehensive dataset of wifi access points MAC-adresses and coordinates
I should've been clearer: I didn't mean "have to" in the sense of "strictly technically necessary" but more along the lines of "if you want to use this functionality, you'll have to help us out by collecting the data that'll make it work better for everyone".
Whether or not the collected data really makes the positioning that much better, I don't know, but Apple apparently seems to think it does.
From the transcript of the phone interview Steve et al did with All Things D:
"Jobs: If people don’t want to participate in things, they will be able to turn location services off. Once we get a bug that we found fixed, their phone will not be collecting or contributing any crowdsourced information. But nor will it be calculating location."
So it looks like you will be able to opt out completely, if you really want that (but then what's the point of even having an iPhone?).
1. This explanation seems to ignore the timestamps that are stored along with the hotspots/towers data. What do the timestamps represent? The time when the cache was downloaded onto the phone?
2. Speculatively, the way this seems to work is, that the phone identifies a tower, say, with ID12345. It then looks up the crowdsourced database for the tower with this ID, and queries it for all towers/hotspots within X miles radius. The result of the query is logged into the consolidated.db file, along with the current timestamp.
3. I don't know about the 100 miles number, but for me, in an urban setting, it certainly seems to be accurate upto approximately a mile or so, that together with the timestamp, gives a reasonably accurate picture of where I've been, and when.
This explanation seems to ignore the timestamps that are stored along with the hotspots/towers data. What do the timestamps represent?
As a devils advocate, if I'm a developer writing some sort of logging routine I'm including a timestamp without even thinking about how or why it would be used. Its a logger its supposed to have timestamps ;-)
8. What other location data is Apple collecting from the iPhone besides crowd-sourced Wi-Fi hotspot and cell tower data?
Apple is now collecting anonymous traffic data to build a crowd-sourced traffic database with the goal of providing iPhone users an improved traffic service in the next couple of years.
Interesting. Apple generally does not pre-release information about upcoming products, at all. They must have felt their hand forced in this, or Jobs is not at the helm of this press release (which I'm sure he is).
Excuse me if I'm just being naive, but how could the above point 8 ever be reconciled with
1. Why is Apple tracking the location of my iPhone?
Apple is not tracking the location of your iPhone. Apple has never done so and has no plans to ever do so.
If you are "collecting anonymous traffic data" that means that you have to collect a phone's position and velocity, as well as time. That sounds like tracking to me.
Sure, it is probably anonymized and encrypted and aggregated into some probabilistic model, but it's still tracking the users' movements. I wouldn't be surprised if it's all stored somewhere server-side, that we only will find out about when something happens to Apple like happened to Sony's PSN network a few days ago.
"Apple apparently has its own Wi-Fi location information, presumably culled from the daily movements of iPhones around the country, that it thinks is good enough for its own devices."
That sounds exactly like what is described in the press release.
IMO the most interesting thing -- I was just daydreaming on the way to work of a mapping app that basically tracked your route, and compared timestamps of movement against expected times to generate an accurate realtime traffic map when shared with a central server.
The problem with traffic info right now is that it's always either laughably late (see sirius/xm traffic info) or it's based on eyes-in-the-sky style updates from radio, which you can only get every period of time.
For getting angry at Android privacy, Jobs certainly seems to be missing out on the fact that this isn't an opt-in service, whereas it is in Google. http://googleblog.blogspot.com/2009/08/bright-side-of-sittin... Apple is GOING to get your traffic data, whether you want them to or not. With Google, I have the option.
Great clear response from Apple. Patch is a good outcome, turning off location service actually stopping tracking and limitation to 7 days are very good moves.
Meh. Everyone sucks at press releases this week (thinking about you, Sony). This just seems so much more bloodless, dispassionate, and frank than it ought to. It's obnoxiously contrary to write "The iPhone is not logging your location."
I mean, really? That's just argumentative. My mom is gonna look at the location history visualizers people wrote and respond "Really, Apple? Cause this looks very much like log of my locations".
Somebody at Apple's PR needs an ass-kicking. This ought to be a video with a short transcription from someone on the phone team (not Jobs) that just explains it without getting defensive of semantically tricky.
See, that's the kind of mean spirited reading of texts I hate so much. They were made aware of the issue, they looked at the code and (they claim) that it doesn't behave as designed because of a bug. This is them saying "We didn't design the cache to never be purged, that's a bug." Whether you believe that or not is your own problem but that's the whole story, writing "a bug we uncovered" is entirely appropriate in that context.
The charitable reading is that regardless of who "discovered" or "reported" the symptoms of the bug, Apple's engineers "uncovered" it in terms of isolating and diagnosing the precise issue at the source level.
(It's also possible - even likely - that Apple already knew about the bug. Apple does quite a lot of QA and every product ever shipped has had known bugs that weren't deemed so important as to postpone release.)
Two lies: the "bug" was uncovered a considerable time ago (August 2010 was when I read the first story talking about it) and was first exposed by third-parties (so if Apple did "uncover" it, they've been sitting on this discover for some time).
You speak of the symptoms of the bug as if they were the bug, consider this one act play:
• The internet claims Apple is tracking all iPhone owners!
• Steve Jobs interrupts family time to exclaim "WTF!"
• SJ: "Minion! Verify this claim!"
• Minion: "It is true, to the extent that we keep large, possibly unbounded, volumes of cell tower and wifi access point in the cache for the purpose of…" SNICKER-SNACK… thump.
• SJ: "Engineering, fix this. Marketing, communicate this.", returns to family time.
• Engineering to engineer: "Fix this."
• Engineer to self: "I do not know why this happens, I will search and uncover this bug." <<<--- there, that is where the bug is uncovered. He fixes the purge code from whatever simple or broken strategy the first coder used, perhaps deleting the comment that says "// might need to prune the cache, but the OS probably does that when it gets too big"
• Marketing: "What? We were busy hiding the links on the home page until you respect our new iPad2, but ok, we can crank out a press release if it saves us from the vorpal blade."
DOWN CURTAIN // insert character development and pathos before first rehearsal
A huge hole in this press release is how apps use location information. An app can easily log a user's location and send it anywhere along with whatever other data the app has access to.
Since you have to individually give each app permission you should go talk to the App developers. The apps use the location API that is available, and don't have direct access to the cache if that is what you are worried about.
>"The iPhone is not logging your location. Rather, it’s maintaining a database of Wi-Fi hotspots and cell towers around your current location, some of which may be located more than one hundred miles away from your iPhone, to help your iPhone rapidly and accurately calculate its location when requested. Calculating a phone’s location using just GPS satellite data can take up to several minutes. iPhone can reduce this time to just a few seconds by using Wi-Fi hotspot and cell tower data to quickly find GPS satellites, and even triangulate its location using just Wi-Fi hotspot and cell tower data when GPS is not available (such as indoors or in basements). These calculations are performed live on the iPhone using a crowd-sourced database of Wi-Fi hotspot and cell tower data that is generated by tens of millions of iPhones sending the geo-tagged locations of nearby Wi-Fi hotspots and cell towers in an anonymous and encrypted form to Apple."
Some are located more than 100 miles away because the database contains every location ever logged. Despite the fact that hotspots and cell towers over the horizon cannot play a role in accurately determining your location, Apple's response is intended to create the impression that they play such a role and thus justify permanent storage.
Furthermore, short of magic, there is no way to send a relevant subset of the crowd sourced data to an iPhone without first knowing both the location of the iPhone and its unique identity.
>"The entire crowd-sourced database is too big to store on an iPhone, so we download an appropriate subset (cache) onto each iPhone. This cache is protected but not encrypted, and is backed up in iTunes whenever you back up your iPhone. The backup is encrypted or not, depending on the user settings in iTunes. The location data that researchers are seeing on the iPhone is not the past or present location of the iPhone, but rather the locations of Wi-Fi hotspots and cell towers surrounding the iPhone’s location, which can be more than one hundred miles away from the iPhone."
Apple is trying to create the impression that storing the data from which location can be triangulated is somehow significantly different from storing the actual location and again creating misdirection with the reference to "more than one hundred miles away from the iPhone."
>"5. Can Apple locate me based on my geo-tagged Wi-Fi hotspot and cell tower data?
No. This data is sent to Apple in an anonymous and encrypted form. Apple cannot identify the source of this data."
In an interesting shift of language, Apple's answer is technically about the person's location rather than the location of the iPhone and it could be argued that in this context "source" refers to the person using the iPhone rather than the identity of the iPhone. Given that "cannot" rather than "do not" is used, the limitation does not correlate with something in an algorithm since an algorithm can be changed to identify the specific iPhone.
> Furthermore, short of magic, there is no way to send a relevant subset of the crowd sourced data to an iPhone without first knowing both the location of the iPhone and its unique identity.
If you consider recording the id of the cell tower the phone is connected to magic..
If Apple can do so without tracking the location of the iPhone and knowing its identity, yes. But then the scenario you propose admits that Apple tracks the location of the iPhone to some degree.
The most charitable case would be that Apple only tracks location based on the cell tower to which the iPhone is connected. The worst case is that it tracks location based on every hotspot and celltower the iPhone sees.
Since the most charitable case would produce the least predictive power when selecting a relevant subset of the crowd sourced data and the worst tracking case would produce the most predictive power - and given the level of detail reported to be stored on the iPhone is consistent with the worst case and less consistent with the most charitable case - the worst case scenario regarding tracking would appear to be more likely.
The device ID is not necessary for such a query to be successful, though. If you as the device programmer were interested in getting the subset of the cache for your location, the method signature would need be nothing more complicated than:
So even in the "worst" case described by you no identifying data is sent. This could possibly be statistically analyzed, but given Apple's flat denials, a plausible technical reason, and the public attention this has received, I doubt they are lying here. A whistleblower providing evidence contradicting their "we don't track" claims would be devastating, and possibly open them up to legal action. I don't think they are quite that careless, although it is certainly possible.
The "flat denial" is in response to Apple's ability to "locate me" not "locate my iPhone." Elsewhere, Apple is very specifically making claims about the iPhone.
"Anonymous" is pretty slippery and there is no agreed upon technical definition (just ask EFF), but it literally means "not identified by name" so one could argue that sending tracking data based on your device serial number, IP address, phone number, location, contacts list, etc. is still in an "anonymous form." [somewhat similar to debates about the technical meaning of "open"].
I'll add that the information you are proposing to send to Apple is enough to clearly identify your location - or rather the location of the iPhone, and short of Apple using Tor or a similar approach to making the message's route through the network untraceable, the data in "anonymous form" can likely be disanonymized.
It's not fluff, it's an attempt to appease many groups of people with different levels of technical ability. You may see some of the information as fluff because you already understand it, but many people (e.g. people who don't read tech sites and have only heard about this issue from a 45-second story on their local TV news) are confused and are looking for these answers.
>Apple is not tracking the location of your iPhone. Apple has never done so and has no plans to ever do so.
Alright...
>Apple is now collecting anonymous traffic data to build a crowd-sourced traffic database with the goal of providing iPhone users an improved traffic service in the next couple of years.
...... The collection of anonymous traffic data involves tracking your location to determine what road you're on and what speed you're going. They can't even get their story straight.
> Apple is now collecting anonymous traffic data to build a crowd-sourced traffic database with the goal of providing iPhone users an improved traffic service in the next couple of years.
"In the next major iOS software release the cache will also be encrypted on the iPhone."
Great, thanks a lot! Now I no longer have the option of viewing what law enforcement will be able to get anyways. Nor will I have access to what essentially was a pretty neat database to look through.
That probably only works for local telco's. With Apple's info, US agencies can track anyone with an iPhone in the world, even if the telco's there don't want to cooperate.
I guess what I really meant was I'm happier knowing what they're keeping. Future versions may add other features of interest & we'll never know.
I wonder what this story would have been like if this database was originally encrypted & then it was discovered. "Apple attempts to hide location tracker on your iPhone via encryption!"
this q&a is misleading a bit. iphone downloads locations around hotspots u have already been close to by timestamping, and it means ur approximate location+timestamp was logged indefinitely on ur phone and copied to PC, though indirect.
the whole q&a is a simple game words to trick users.
`apple is not tracking ur location` but `your approximate location is downloaded, timestamped and stored on ur mobile phone due to a bug`
Apple is now collecting anonymous traffic data to build a crowd-sourced traffic database with the goal of providing iPhone users an improved traffic service in the next couple of years.
....
Let me guess...Where, all roads lead to Apple?
EDIT: I posted this fully knowing it will be unpopular. But reading the press release gave me the feeling that Apple was using a sleight of hands by turning the public's focus from the privacy and security issues this incident has amplified and brought to the public's view, and instead is saying "Gee..We were doing y'all a favor by building a better maps app, and now you come along and screwed that up". Security is not an afterthought people. Hasn't the Sony fiasco that is still unraveling taught us anything?
It's going to be unfortunate when I can't do this anymore because of people blowing this issue out of proportion. I hope Apple will at least provide the option of caching this data for longer than 7 days.