Apple's data collection practices scrutinized.
In April, two computer programmers--one a former Apple employee--announced their findings that Apple's iPad and iPhone devices collect users' location information and store it in a hidden file on the device for up to one year.
As reported by The New York Times, the iPhone and iPad (3G version) began recording users' locations in 2010, when Apple updated its mobile operating system. After customers uploaded the software, a new hidden file began periodically storing time and location data, apparently gleaned from nearby cell phone towers and Wi-Fi networks.
The data is stored on a person's phone or iPad, but when the device is synced to a computer, the file is copied over to the hard drive, the programmers said. According to The Times, the data are not normally encrypted, but users do have the option to encrypt their information when they sync their devices.
Security experts say Apple had been using the data in the hidden file to be able to pinpoint a phone's location more quickly, saving bandwidth and battery life, when their owners used location-based services like maps and navigation.
According to The Times, in a July 2010 letter sent by Apple to two U.S. congressmen, the company said it had been storing and collecting location information for some time. Apple said it collects the location data anonymously and only when consumers agree to use services and applications that require the user's location, and for its advertising system, iAds. The company said that it has been offering location-based services since 2008, but that only in 2010, when it released iOS 3.2, did it begin relying on its own databases for those services. Explaining its need to collect data from its customers' phones, Apple wrote, "These databases must be updated continuously."
Responding to the furor over the programmers' announcement, Apple denied it tracks users, saying that iPhones were "maintaining a database of Wi-Fi hotspots and cell towers around your current location, some of which may be located more than 100 miles away from your iPhone."
Apple conceded that the data should not be retained for up to a year, blaming the length of retention on a bug and promising to fix the problem soon, according to a PC Pro report. The iPhone should not store more than seven days of data, the company said.
Privacy experts and consumers alike want to know whether Apple is gaining access to the information in any way, how precise the location data is, and why it is being stored at all. Although collecting such data is not illegal, privacy advocates say consumers must be told about the practice.
Apple has an obligation to its customers to allow them to opt out of being tracked, said Ian Glazer of Gartner Research, who is a director in the company's identity and privacy group. "There is no way to really turn this tracking off," he said. "It needs to be visually obvious, or in the settings, to see that this is happening on your phone."
Now European governments are investigating whether Apple violated European Union privacy laws by collecting and storing users' location data, which can be used to track people.
According to The Times, Germany's Bavarian Agency for the Supervision of Data Protection said it would examine whether it did, and, if so, why the iPhone and iPad were storing such user data.
The Italian Data Protection Authority also has opened an investigation into Apple's data collection, expanding one it had begun on how mobile applications process personal data, Reuters reported.
France may follow suit. Yann Padova, the secretary general of CNIL, the French data protection authority, said the agency was trying to verify the report by the American programmers. The French agency sent Apple France a letter asking for an explanation, Padova said, adding that France is concerned about whether the information remained on the device or was transferred by Apple to one of its commercial partners.
|Printer friendly Cite/link Email Feedback|
|Title Annotation:||DATA SECURITY|
|Publication:||Information Management Journal|
|Date:||Jul 1, 2011|
|Previous Article:||Judge: D.C. discovery violation 'flagrant'.|
|Next Article:||ISPs fight France's data retention law.|