Users of Apple’s iPhone and 3G iPad devices consented to having their location tracked by the devices for close to a year.
As reported earlier, iPhones and iPads running iOS4 or higher stored a plain text, unencrypted log of the coordinates of the user. Apple was asked to comment.
Hidden in Apple’s iPhone terms of service was the following statement (emphasis added):
“Apple and its partners and licensors may provide certain features or services through the Service that rely upon device-based location information. To provide such features or services, where available, Apple and its partners and licensors may collect, use, transmit, process and maintain your location data, including the real-time geographic location of your device, and you hereby agree and consent to Apple's and its partners' and licensors' collection, use, transmission, processing and maintenance of such location data to provide such services. In addition, by enabling and/or using any location-based services or features within the Service (e.g. Find My iPhone), you agree and consent to Apple collecting, using, processing and maintaining information related to your account, and any devices registered thereunder, for purposes of providing such location-based service or feature to you. Such information may include, but is not limited to, your account name, device ID and name, device type and real-time geographic location of your device at time of your request.”
Further into the Apple iPhone terms of service, instructions on how to disable this function:
But the terms of service did not explain why Apple did not encrypt the plaintext data or take reasonable measures to protect it from prying eyes nor why such a critical privacy vulnerability was not more clearly conveyed to users.