Location data collection may interest law enforcement

The revelation that the latest versions of the iPhone and iPad have a file that records the geographical location of the popular mobile devices has created a privacy stir.

Every move you make, every step you take, your iPhone is watching you.

O'Reilly Radar researchers Pete Warden and Alasdair Allan, who announced their discovery last week at the Where 2.0 Conference in Santa Clara, Calif., said in a blog post that Apple devices running iOS version 4 have a system that logs location information -- longitude/latitude coordinates with timestamp -- to a file known as consolidated.db.

"What makes this issue worse is that the file is unencrypted and unprotected, and it's on any machine you've synced with your iOS device," Allan wrote. "It can also be easily accessed on the device itself if it falls into the wrong hands. Anybody with access to this file knows where you've been over the last year, since iOS 4 was released."

Naturally, this has prompted some to wonder why Apple needs this information, including US Senator Al Franken who sent a letter to Apple CEO Steve Jobs, raising privacy and security concerns, such as the possibility that an unauthorized person or malicious application could access the data.

But experts say this type of data collection is nothing new within the mobile world. And according to new research by Samy Kamkar, Google regularly transmits the location data of its smartphones back to a central server. A Wall Street Journal report on Friday expounded on Kamkar's findings.

Perhaps the larger concern with data collection of this kind may not be what Apple or Google want to do with it, but that it opens the possibility that law enforcement may seek warrantless access to it, say researchers.

Christopher Soghoian, a privacy researcher at Indiana University, said in a blog post Friday that the federal law governing digital privacy sorely needs an update to address today's mobile landscape. Right now, it is unclear if the the US Electronic Communications Privacy Act or Australia's National Privacy Principles protect location data from being obtained by law enforcement without going through the courts first.

"[I]t is quite possible that if and when these firms [such as Apple or Google] receive a request for this data, they could refuse to comply with the subpoena, and argue that it should be subject to the protections of the Fourth Amendment," Soghoian wrote.

"Certainly, some judges around the country have decided that mobile phone location data is sensitive enough to require a probable cause warrant issued by a judge

"However, many other judges do not agree with that theory," he added. "Without the protections of the [privacy laws], if the courts do not think this data deserves [privacy] protections, there is nothing to stop law enforcement agencies from getting it with a subpoena."

Apple collects the anonymous data -- meaning it is not tied to a user -- twice a day, according to a Thursday blog post from security firm F-Secure. Apple has since issued a Q&A to rebut some of the concerns of privacy advocates.

This would help to improve the "geolocational cognition" of applications running on Apple devices, something that would minimize the resource strain on the phones as they search for and access cell towers, said Alex Levinson, a student and researcher at Rochester Institute of Technology in New York..

Levinson, who has studied the location file, said he does not think Apple is up to anything nefarious.

"There's all sorts of data on a phone," Levinson said. "Just because it's there doesn't mean it's being stolen or being used against you or being harvested. I am not denying that the data is on the phone. But I think it's on there to enhance the functionality of Apple devices."

He said approved applications installed on the iPhone are sandboxed and thus "cannot talk" to this file.

"I didn't find it any more intrusive from a privacy perspective than having text messages on my phone," Levinson said.

"I believe people are creating this idea that this data is just wanting to be gobbled up, and I think people are failing to recognize the steps that Apple is taking to prevent this from happening."

This article originally appeared at scmagazineus.com