Consumer Tips: Is Your iPhone or iPad taking a bite out of your privacy?

 

Some of Apple’s products, including iOS 4 iPhones and iPads, have been collecting consumers’ detailed location information and storing the data directly on the devices and on devices they have synced with. Apple has now created a software update (iOS4.3.3 <http://support.apple.com/kb/DL1358?viewlocale=en_US>) that responds to many of these issues. WPF urges all owners of these devices to ensure that they have downloaded the most recent versions of the iOS4 software. Some device owners may also want to opt out of location sharing.

If the devices are left with older versions of the iOS4 software, the data stored on the iPhones and iPads will be unencrypted and can include latitude, longitude, when the location was visited, for how long, and the data could have been collected for as long as a year. Up to 2 MG of data can be stored, which can be a lot of location data.

This tipsheet explains in capsule some of the key issues and discussions regarding this issue. Please note that in addition to the iOS4 devices, some smartphones using Google’s Android system have similar issues. This tipsheet does not cover Android phones specifically.

How do I know if I have an iPhone or iPad that is collecting and storing my location details?

The Apple devices that are collecting and storing detailed location information are iPhones and iPads with the iOS4 operating system. To see what iOS version your device is using, look at the About this iPhone or About this Mac menu item, and see what iOS version number the device lists. If you have any doubts about whether or not your iPhone or iPad is one of those that can track you, see the next bullet point.

How do I know if detailed location data is stored on my phone or iPad?

You can install an app called iPhone Tracker to view your data, if it exists on your device. If you can see information through the iPhone Tracker app, then your Apple has been tracking you. If this is the case, we urge you to update your software immediately.

What can I do to fix this?

Fortunately, you can correct many of the issues related to this problem.

  • If you want to remove the cached information from your device, turn off location sharing. You can do this via the iTunes interface.

Why is this collection and storage a potential safety problem?

If the devices are not updated with the software update, and if location sharing is not turned off, the location information Apple is storing on these products can reveal where the devices have been, when, and for how long by longitude and latitude. Anyone who can pick up someone’s iOS4 iPhone or iPad could potentially access this data, view it, and use it to find out where the device owner has spent time, what roads and cities she frequents, and where she has been on what date. The accuracy is potentially quite good.

Many people will be sensitive to having their location data stored on a device they carry around and use everyday — and rightly so. Law enforcement professionals, including police and judges, human rights workers in foreign countries, journalists, and people with location concerns such as victims of domestic violence and stalking have a safety interest in keeping their home addresses, frequently traveled routes, and general geographic patterns private.

Special note for health care providers using iPads and iPhones

If you are a health care provider, and you have been using an iOS4 iPhone or an iPad as part of your practice, it will be especially important for you to take immediate steps to update the software for your devices. This may not solve all of the potential privacy issues, and we encourage health care providers to include smartphones in any HIPAA risk assessments. It may be prudent for health care providers to opt out of location sharing on their devices.

Who can access your location information?

Location information may be available to anyone who can access your iPhone or iPad, if you have not updated the software and if you have not opted out of sharing your location information.

Why was this collection and storage a privacy and consumer rights problem?

Beyond the immediate privacy concerns this issue raised when it was first discovered, there are additional privacy and consumer rights issues this controversy raised. Although Apple has taken steps to correct many of the problems, the rights consumers should have in regards to this data have not changed.

  • Consumers should have the right to affirmatively consent to this collection and storage of data on the device, not have it automatically occur with little to no meaningful notice.
  • From a security perspective, this data stored on devices should have been encrypted from the very beginning as a matter of course, notwithstanding that it should not have been stored directly on the devices in the first place without express user consent.
  • Consumers should have the right and ability to easily delete all of this data from their devices.
  • Detailed geo-location data usually requires some legal process (e.g., a subpoena) before a phone company can release the data to the police or in a lawsuit.. But because much or all of the same data is stored on the phone, the legal protections that individuals enjoy may be circumvented by anyone who has direct access to the phone.
  • Apple needs to be significantly more transparent and fair with its Terms of Use and Privacy Policy.
  • There should be a general policy of not tracking children under 13 with geolocation data stored on devices.
  • Individuals who work or live in special circumstances such as overseas human rights workers, members of law enforcement, journalists, and other individuals who need to keep their home, work, and travel patterns private need robust and immediate assistance in removing this information entirely from their devices. [Note: individuals may now update their software and opt out of location sharing, which will reduce the threat initially posed. However, the fact remains that these individuals still need these rights, and these rights remain important.]

What Does Apple’s Privacy Policy Say?

Apple’s location-based privacy policy says:

  • Location-Based Services To provide location-based services on Apple products, Apple and our partners and licensees may collect, use, and share precise location data, including the real-time geographic location of your Apple computer or device. This location data is collected anonymously in a form that does not personally identify you and is used by Apple and our partners and licensees to provide and improve location-based products and services. For example, we may share geographic location with application providers when you opt in to their location services. Some location-based services offered by Apple, such as the MobileMe “Find My iPhone” feature, require your personal information for the feature to work.

The World Privacy Forum is not persuaded that this language fairly describes what the Apple product does with location information, how much information is stored, how long it is retained, or the scope of data sharing. The data on your iPhone is obviously not anonymous as the privacy policy suggests. If you opt-in to a location service, is all your location data from the previous year shared or only your current location?

What has Apple done about this? What is Apple planning to do about this?

Apple has updated its software. Apple has said the following about what the software update will accomplish:

  • About iOS 4.3.3 Software Update
  • This update contains changes to the iOS crowd-sourced location database cache including:
    • Reduces the size of the cache
    • No longer backs the cache up to iTunes
    • Deletes the cache entirely when Location Services is turned off

Apple has also said that in the next major iOS software release the cache will also be encrypted on the iPhone.

What is being done right now? Where can I find more information?

  • Senator Al Franken wrote a letter to Apple with his concerns.

 

What more can I do?

If you are the owner of an iOS4 iPhone or iPad, you can write Apple via its privacy policy to voice your concerns and request more rights and more options about managing and deleting this data.

 

Published April 21, 2011. Updated April 28, 2011, updated May 10, 2011.