Apple users consented to iPhone spying app

Users of Apple’s iPhone and 3G iPad devices consented to having their location tracked by the devices for close to a year.

As reported earlier, iPhones and iPads running iOS4 or higher stored a plain text, unencrypted log of the coordinates of the user. Apple was asked to comment.

Hidden in Apple’s iPhone terms of service was the following statement (emphasis added):

“Apple and its partners and licensors may provide certain features or services through the Service that rely upon device-based location information. To provide such features or services, where available, Apple and its partners and licensors may collect, use, transmit, process and maintain your location data, including the real-time geographic location of your device, and you hereby agree and consent to Apple's and its partners' and licensors' collection, use, transmission, processing and maintenance of such location data to provide such services. In addition, by enabling and/or using any location-based services or features within the Service (e.g. Find My iPhone), you agree and consent to Apple collecting, using, processing and maintaining information related to your account, and any devices registered thereunder, for purposes of providing such location-based service or feature to you. Such information may include, but is not limited to, your account name, device ID and name, device type and real-time geographic location of your device at time of your request.”

Further into the Apple iPhone terms of service, instructions on how to disable this function:

“You may withdraw this consent at any time by not using the location-based features or by turning off the Find My iPhone or Location Services settings (as applicable) on your device. When using third-party services that use or provide location data as part of the Service, you are subject to and should review such third party's terms and privacy policy on use of location data by such third party services. Any location data provided by the Service is not intended to be relied upon in situations where precise location information is needed or where erroneous, inaccurate, time-delayed or incomplete location data may lead to death, personal injury, property or environmental damage. Neither Apple, nor any of its content providers, guarantees the availability, accuracy, completeness, reliability, or timeliness of location data or any other data displayed by the Service.”

But the terms of service did not explain why Apple did not encrypt the plaintext data or take reasonable measures to protect it from prying eyes nor why such a critical privacy vulnerability was not more clearly conveyed to users.