Apple has your permission to do whatever it wants with that location data it’s tracking

Location data found by researchers in a hidden file tracking the movements of an iPhone user. (Image: O'Reilly Radar)

Two researchers, Alasdair Allan and Pete Warden, are making headlines across the web today with news of their discovery that iPhones and 3G-enabled iPads have been recording the position of user devices into a hidden file since the introduction of iOS 4 last year.

The researchers have created a Mac OS X application called iPhone Tracker to allow users to see the data their devices are collecting about their location.

Upon reading the details I immediately thought back to a post last June on the personal blog of Kim Cameron, the Microsoft chief identity architect, spotlighting a change in Apple’s privacy policy — coinciding with the iOS 4 introduction.

That policy includes the following passage under the category of “non-personal information” that Apple can “collect, use, transfer, and disclose … for any purpose.”

We may collect information such as occupation, language, zip code, area code, unique device identifier, location, and the time zone where an Apple product is used so that we can better understand customer behavior and improve our products, services, and advertising.

In other words, the company has told us what it’s doing — and more than that, we’ve all agreed to it by accepting those updated terms and conditions so we can keep downloading apps and tracks.

Of course, in reality, this is one of those voluminous policies that most of us blindly accept rather than read in full. As Cameron noted in his post last June, the privacy policy spanned 45 pages when read on an iPhone — and the disclosure about collecting UIDs and location data as “non-personal information” was on Page 37. (What, you missed that?)

So technically, the news today shouldn’t be much of a surprise. But it’s good that the discovery of the hidden location file is getting so much attention, because now we can have the discussion and debate that we should have had last year … when Apple (very subtly) told us what it was doing.

  • Guest

    While I don’t like it, I doubt it is an different that what Google, RIM or MSFT are collecting too. That is the unfortunate requirement of owning a “smart” phone/device.

  • Guest

    I specifically informed Apple that they are not entitled to have or to use my location data. If they do use my location data, they will be required to renumerate me accordingly.

  • John W Baxter

    Apple is nice enough to date the iOS/iTunes privacy policies, and I do read the new ones. So yes, I’m one of 6 people who knew about the addition.

    [EVERY entity should date their privacy policies at a minimum. Or supply the human readable form of a diff.]

  • Radu Litiu

    It is true, most of us somehow expected the mobile OS manufacturers (Google, RIMM, MSFT, etc.), as well as the wireless carriers, collect the location information of the smartphone, whether we carefully read the privacy policy or not (most likely not). In this case though, there is another looming threat: the location data is stored unencrypted on the phone. It is thus backed up unencrypted on any computer you sync your phone with. Have you ever sync’ed up your iPhone with your work computer? Not that your friendly IT department (a.k.a., your employer) ever looks at the data on your computer. Also, chances are the clear text file storing the location data is available to all third party apps.

    Fighting the technology-enabled continuous abuse of private information is a losing battle. You can run, but you cannot hide. If you are really adamant about your privacy, your only chance is not to have a Facebook profile and not to carry a smart phone. It’s still good though for us to know what we are giving up…

  • Lwk

    How about an app that populates the database with bogus data?