It’s been a rough week for Apple, since a pair of researchers put forward the shocking claim that iPhones and 3G iPads were keeping a log of user’s movements in an unsecured file. After seven days of near-silence, Apple has finally issued a Q&A on how, exactly, the location data stored on iPhones is used. Their answer is, to say the least, quite intriguing.
The thrust of Apple’s argument is that they have never been tracking your location, and that the information within consolidated.db is actually not even your data. Confused? Understandable. Here’s what’s going on: When you fire up the map app or any other app that requests location, the iPhone uses three methods to find it. First is GPS, but that’s not very reliable when you’re indoors, underground, or even near tall buildings.
Second and third is determining your position by looking at the cell towers and wireless networks around you. This was the technology that powered the first generation iPhone’s location services, and it continues to supplement the iOS devices to this day. In order to best utilize cell tower and WiFi location data, Apple has been “crowd-sourcing” a database of WiFi hotspots and cell tower locations. According to Apple, this information has been anonymously collected by your device and transmitted to Apple. But this is not the same information that appears in the consolidated.db file.
The location log on your phone that has caused so much worry is actually downloaded from Apple. From their statement:
The entire crowd-sourced database is too big to store on an iPhone, so we download an appropriate subset (cache) onto each iPhone. […] The location data that researchers are seeing on the iPhone is not the past or present location of the iPhone, but rather the locations of Wi-Fi hotspots and cell towers surrounding the iPhone’s location, which can be more than one hundred miles away from the iPhone.
So, although the data makes it appear as if you’re being carefully tracked, it is actually a listing of WiFi and cell towers near to where you’ve been active. This might explain some discrepancies in users’ actual movements against the maps generated from the consolidated.db data. And why, for instance, some users saw locations they had visited while their phones were in Airplane Mode — which blocks cellphone activity — but where they used WiFi.
As to why so much data is being stored on Apple devices, and why shutting off location services does not stop the flow of this information, Apple claims it was a simple software bug that will be fixed in future updates. They say a forthcoming update will reduce the size of the location cache on decvices to seven days worth of information, which they believe is adequate for fast and reliable location fixing. The cache will also no longer be backed up on users’ computers, and will be entirely deleted when Location Services is shut off. According to their statement, the next major iOS release will encrypt the location cache on the phone.
Apple did not say whether the anonymized, encrypted location data for WiFi and cell towers would continue to be transmitted to Apple.
Interestingly, the investment gurus at the Motley Fool may have beaten everyone to the punch with their 2010 story about Skyhook Wireless. Skyhook, as iPhone historians will recall, was the company providing cell tower and WiFi location data in the first generation of the iPhone. Back then, when a user requested location information, the device would query the Skyhook database and get a surprisingly close (but often way-off) estimate of the user’s position. In August 2010, about the time the earliest entries into the consolidated.db file come from, Skyhook announced that Apple was no longer using their services. On their coverage of that announcement, the Motley Fool wrote:
Apple apparently has its own Wi-Fi location information, presumably culled from the daily movements of iPhones around the country, that it thinks is good enough for its own devices.
For their part, Apple acknowledges that they and other unnamed developers of this kind of location technology have “not provided enough education about these issues to date.” In an attempt to head off future furors, they give a brief outline of their future plans that would utilize similar crowd-sourcing techniques.
Apple is now collecting anonymous traffic data to build a crowd-sourced traffic database with the goal of providing iPhone users an improved traffic service in the next couple of years.
Rather than an apology, Apple is trying to paint this as a case of misunderstood high-technology. And from a marketing perspective, that might be the best way to handle the situation. One wonders if Steve Jobs’ powerful Reality Distortion Field (RDF) could have convinced us if he’d announced on stage exactly how the iPhone would be building and using a massive database of non user-specific location data. And Apple is right when they say that the process they adopted is rather complicated, and would have been hard to explain to most consumers.
That said, they have definitely caused some heart-ache amongst iOS device owners. For the past week, we’ve looked like rubes, duped by a company we chose to trust. Though Apple has taken great pains to explain the situation, and they do a good job of making their actions seem quite benign — even useful — this could still hurt them. The measure of their success in handling the consolidated.db mess will likely come at the launch of the next iOS toy, and if the normal white-hot intensity can overcome the qualms that have been dredged up this past week.
Have a tip we should know? email@example.com