By Greg Mills
The notion of privacy is a right only inferred by the Constitution of the Untied States rather than being a specifically enumerated right, such as those rights mentioned in the US Constitution’s Bill of Rights. Freedom of religion is an example of an enumerated right.
The courts have found that an inherent “expectation of privacy” in most situations exists for us all. Without a warrant the government may not search our homes or dig into our private papers, for example. Little did I suspect the iPhone and iPad I carry most of the time represent an incredible potential invasion of my privacy.
Apple has gone on record as supporting the right of privacy for users of Apple devices. Steve Jobs has publicly stated that tracking users of web browsers without them “opting in” for such tracking is wrong. I agree.
Recently, it was announced that the Apple Safari web browser under Mac OS Lion would have a “do not track” preference to stop advertising companies from tracking you to “customize” offers it pushes. It sure is nice to know Apple is looking out for my privacy … or not!
Actually, it turns out iPhone and iPad user locations are constantly being recorded, time stamped down to the second and that information appears to be permanently stored on both the iOS device and the computer they sync with. This has been standard procedure, since iOS 4.0 without actual notice to users and without “opting in.” In fact, there doesn’t seem to even be an easy opt out option.
At some point I updated iTunes and glibly clicked “accept” on the terms my trusted friend Apple presented to me, thus giving up my expectation of privacy. Have you ever read the fine print on a free update of a program you have been using for years? It seems iTunes gets an update every couple of weeks.
Hidden in plain sight, within the 15,000 words was the following notice: “Apple and our partners and licensees may collect, use, and share precise location data, including the real-time geographic location of your Apple computer or device. This location data is collected anonymously in a form that does not personally identify you and is used by Apple and our partners and licensees to provide and improve location-based products and services. For example, we may share geographic location with application providers when you opt in to their location services.”
That sounds innocent enough but actually, when some collects the information from your computer, iPhone or iPad, he or she knows exactly whose location date they have. Keep in mind that should your computer or iOS device be stolen or lost, all that data is easy to access and your life is an open book.
What isn’t made clear is that even if you don’t opt in, your data is stored forever on your iOS device and backed up forever on your computer. Even if you migrate to a new computer, the data file is moved intact and installed in the new computer with all that data intact.
I vaguely knew that cell phone companies know where you are by comparing a log showing your closest cell tower to the timeline. Those records, at least with AT&T are considered private and held behind a firewall. Without a court order or search warrant, those records are not given out even to the police, let alone anyone else. Certainly, in case someone is lost or kidnapped tacking the cell phone of the victim or the perpetrator is a legitimate search. Barring that level of emergency, such location records would seem to reasonably be expected to remain private. That seems to be less than settled legally, however.
Is it anyone’s business that yesterday I took my dogs to the vet, made a bank deposit, shopped at Walmart and went to church that evening? I am not a terrorist. Tracking terrorists just became easy. Give them an iPhone and track away.
I have a serious problem with that. When I first read that this was going on, I downloaded a free app called iPhoneTracker.app and ran it. I was horrified to see a map pop up with a graphic representation of where my iPhone (where I have been) ever since iOS 4 was loaded. Further research indicates that if you have “location services” turned on, the data can include your exact GPS location with a time stamped record stored on your computer’s hard drive.
We are not talking just once a day, we are talking virtually constant location updates. I found over 20,000 time stamped location files on my MacBook Pro downloaded from my iPhone. Get the free app to see your location data at http://petewarden.github.com/iPhoneTracker/ .
I object to not being advised by Apple that they were doing this. The notice in iTunes, even had I noticed it doesn’t tell me that information is stored forever on my Mac. I am further angry that this is being done without a way to “opt out” and an easy way to erase just those records isn’t obvious.
Check your Mac system folder and it will have such files if you own an iPhone or iPad. A new folder is generated each time you sync your iOS device. Go to /Users//Library/Application Support/MobileSync/Backups/ . You will find a bunch of files that appear to be gibberish. They are not gibberish to your computer.
You can delete these files through iTunes preferences. Go to iTunes/preferences/devices/ then, select unused or obsolete devices and click “Delete Backup.” Be careful not to delete the most recent backup of each current device. I don’t have a clue about deleting the information on the iOS devices since the files are not easily available to civilians. I suspect the deleted files will be restored next time you back up your iOS device. To undo this will require a change in both the iOS 4 and Mac OS X systems.
I recently had a MacBook stolen. The thief could easily open those files and know where have been every hour of every day since I loaded iOS 4.0 onto my iPhone. That makes me uneasy. In as little as five minutes someone who knows what they are doing could load software on to my current computer and capture all that location data and email it to a remote computer for later examination. Then, when you know remote access to computers by hackers is common, it is easy to see the risk of having all that data in an unsecured file. It is possible to encrypt your backups, and I am looking into that.
I don’t care what advertising program Apple expects to use this information for, I don’t want my privacy abused simply because I use Apple products. I was sorely tempted to trash all the Backups file but tinkering with the Library in OS X can be a disaster. What if you accidentally trash all your apps?
I will have a rather heated conversation with an Apple Genius tomorrow, in person at my local Apple store. I expect to be trashing my secret location files and seeking a way to disable that “feature.” Disabling location tracking in iOS will be more complicated and may require Apple to undo the secret tracking feature or to offer a preference to no longer record locations. From what I read, no similar tracking system is found on Android phones.
I am very disappointed in my Apple. I found a nasty worm in my Bite today. Shame on you Apple.
(Greg Mills is currently a graphic and Faux Wall Artist in Kansas City. Formerly a new product R&D man for the paint sundry market, he holds 11 US patents. Greg is an Extra Class Ham Radio Operator, AB6SF, iOS developer and web site designer. He’s also working on a solar energy startup using a patent pending process for turning waste dual pane glass window units into thermal solar panels used to heat water see: www.CottageIndustySolar.com Married, with one daughter, Greg writes for intellectual property web sites and on Mac/Tech related issues. See Greg’s art web site at http://www.gregmills.info He can be emailed at gregmills@mac.com )