Skip the navigation

Shock: iPhones store location data (Gimme a break...)

Worried about LocationGate? I'll give you something to worry about

April 23, 2011 12:28 PM ET

Computerworld - Location data retention sounds like a medical condition. In a way, it is. And your phone's probably got it.

We heard about a new scandal this week. iPhones, we discovered, keep a record of every place you've been, or, at least, every place your phone's been. That data is stored in a file on your phone, unencrypted. Shock!

The data could be subpoenaed in a divorce case. PCs and phones could be hacked, and the could be data exposed. The horror!

Congress is outraged: Comedian-turned-grandstanding-senator Al Franken (D-Minn.), and Rep. Ed Markey (D-Mass.) have demanded that Steve Jobs explain himself. And Germany, a country whose national pastime has become the harassment of Silicon Valley companies that may be violating German privacy laws, wants clarification as well.

The self-appointed guardians of privacy are breaking out the pitchforks and torches. The news media have been alerted. TV talking heads are aghast.

Meanwhile, the Wall Street Journal reported that Android phones not only capture location data, but also beam it back to Google every few minutes, along with the phones' unique identifiers and the location of nearby Wi-Fi hot spots. (Google erases the start and end locations for all "trips.")

The Drudge Report linked to the Journal story with this headline: "FOLLOWING YOU: APPLE, GOOGLE PHONES COLLECT DATA." You know it's serious if they use all caps.

The whole affair is a non-issue as far as I'm concerned, and for two reasons. First, we already knew all about it. And second, there are far more serious violations of privacy going on every day that few seem all that concerned about.

Old news

One of the most delicious ironies in all this is that Markey demanded -- and received -- an explanation about Apple's location collection policy in July. In response to that request, Apple offered a detailed explanation in a letter to Markey, and Rep. Joe Barton (R-Texas).

Markey could just read the letter he has on file. But his demand looks a lot like political grandstanding and not much like fact-finding.

A few bloggers were talking about this last year, but nobody cared. It's something of a mystery why this has suddenly become an issue.

The least of our location data worries

The biggest reason LocationGate is a non-issue is that it's far less of a privacy concern than other aspects of owning and using a smartphone.

Let's be clear about what's going on here. The scandal around the iPhone's user-tracking capability is that "you" should be the only one in possession of your own location data. Fears center around the "potential" for evil-doers to get their greasy mitts on that data -- something that has not actually happened, as far as I know.

If some shady hacker type steals my iPhone or hacks my laptop, the last thing I'm worried about is a database that shows where I went last month. I'm far more concerned about passwords, financial information, private e-mails, my list of contacts, information that would enable hardcore identity theft, and so on. Who cares if they know I went to Whole Foods last month or that I entered a Starbucks at 2:36 p.m. last Wednesday?

To me, it would be far more problematic if my location data -- and even truly sensitive information -- were being shared without my knowledge with companies I've never heard of. And in fact, that is happening every day.

First, iPhone and Android apps store and share all kinds of data, including location data.

Hundreds or thousands of apps routinely zap location data and personal information back to the companies that made the apps without your knowledge. Many of them share that information with advertisers without your consent. Much of that information is associated with your phone's unique identifier, along with personal data like gender and ZIP code.

Other apps store information that's far more sensitive than location history. Security researcher Michael Sutton found that many apps store data backups, passwords and other login credentials, and other sensitive information in a format that's readable by anyone who downloads a widely available tool from the Internet.

This is a vulnerability that thousands of apps share, including Google Docs, Apple iDisk and Evernote, that store and upload sensitive personal information and have open APIs that essentially hand the keys to that data to many third-party companies.

Unlike many cell-phone-enabled violations of your privacy, whose purpose is mainly to enrich the app maker, the storage of location data on iPhones and the gathering of location data by Android phones at least provide benefits to users and are under user control.

The database works behind the scenes mainly to improve wireless data service, traffic maps and other basic functions of a smartphone.

Location data isn't even gathered if location services are turned off.

Yes, the storage of unencrypted location data on your phone is a potential privacy breach waiting to happen. But there's a whole list of privacy violations taking place through your phone every day.

The hard reality is that there's only one way to guarantee privacy with a cell phone: Remove the battery.

Mike Elgan writes about technology and tech culture. Contact and learn more about Mike at Elgan.com, or subscribe to his free e-mail newsletter, Mike's List.

Clarification: This column has been changed since it was originally posted to point out that Evernote is one of thousands of apps with open APIs that are vulnerable to having users' data exposed.

Read more about Mobile Apps in Computerworld's Mobile Apps Topic Center.



Our Commenting Policies