The first dust-up, earlier this week, occurred when researchers "discovered" a hidden file in the iOS filesystem, one that keeps growing and growing, which contains snapshots of a user's location, along with timestamps. While the file is not sent back to Apple, it is unencrypted, and backed up onto an end user's computer as well.
[Although two researchers claimed to have discovered the file, and that it affected only iOS 4+, it appears it was actually discovered years ago and affects earlier iOS versions, as well.]
Meanwhile, the Wall Street Journal wrote of its findings in the matter. While discussing the Apple FUBAR of earlier this week, as well as its earlier stories about how third-party apps on both platforms "phone home with data," adds information about new research by by security analyst Samy Kamkar.
According to Kamkar, an HTC Android phone collected its location every few seconds and transmitted the data to Google several times an hour. In addition, the device transmitted the name (SSID), location and signal strength of any nearby Wi-Fi networks, as well as a unique phone identifier.
[As an aside, this sort of transmission, if it occurred several times an hour, could be very battery intensive, because the device would be kept from "sleeping."]
Aside from the hidden file, Apple says it "intermittently" collects location data, including GPS coordinates, of iPhone users and nearby wi-fi networks and transmits that data itself every 12 hours. That statement was made in a letter Apple general counsel Bruce Sewell (.PDF) sent to U.S. Representatives Edward Markey (D-Mass.) and Joe Barton (R-Texas) in 2010.
Google has responded to the WSJ story. The company has issued a statement to the media, saying that
“All location sharing on Android is opt-in by the user. We provide users with notice and control over the collection, sharing and use of location in order to provide a better mobile experience on Android devices. Any location data that is sent back to Google location servers is anonymized and is not tied or traceable to a specific user."Thus far, Apple has been silent on the matter of its hidden file. However, Markey sent a letter to Apple CEO Steve Jobs requesting information no later than May 12. Senator Al Franken (D-Minn.) also sent a letter.
Apple's hidden file really seems related to what it already said in its letter last year. It seems, however, there is a bug, or an oversight. Assuming the data is in fact transmitted every 12 hours, there is no reason for Apple to retain that data once the transmission occurs. There is also no reason for Apple to back it up when syncing an iDevice.
Finally, there is absolutely no reason it should be unencrypted.
To be honest, it's hard to understand why people don't expect this sorts of data gathering to be going on. For example, Google gives away a number of services for free. In order to monetize that, it gathers data on your use of the Internet.
Meanwhile, to provide the best location-based services either company can deliver, of course both Apple and Google collect location data. What is most disturbing, however, is to see what could happen if a company made a mistake like Apple's. All that data is just sitting there, and if you lose your iPhone, it's available for a hacker.
That said, these are corporations, and they don't have our best interests at heart, per se. Rather, as corporations, they must try to maximize their shareholder return. It's all about the bottom line.
No comments:
Post a Comment