February 25, 2024

Inquiries Grow Over Apple’s Data Collection Practices

At the same time, some researchers said that contrary to reports published Wednesday, the iPhone’s recording of location information in a hidden file on the device, later stored on iTunes on a PC, has been known for some time, and that the information has, on some occasions, been used by law enforcement agencies in investigations.

“This data that was supposedly discovered yesterday has existed in earlier iPhones,” said Alex Levinson of Katana Forensics, a company that specializes in extracting data from electronic devices for legal cases. Mr. Levinson said that he and colleagues had explained Apple’s practices at conferences and in research papers, and that his firm has helped law enforcement agencies “harvest geolocational evidence from iOS devices,” a reference to the Apple operating system.

Mr. Levinson said that an update to Apple’s operating system changed the location of the file storing the information, but that the file had existed previously.

Security experts say law enforcement agencies can often get more precise location information from cellphone carriers than from the hidden file.

While privacy advocates and many iPhone users were alarmed by the revelations, Mr. Levinson and other security experts said they suspected that Apple had been using the data to be able to pinpoint a phone’s location more quickly, saving bandwidth and battery life, when their owners used location-based services like maps and navigation.

Still, the controversy has been magnified by Apple’s silence. For the second day, the company did not respond to calls and e-mails seeking comment.

But in a letter sent by Apple in July to two congressmen — Edward J. Markey, Democrat of Massachusetts, and Joe L. Barton, Republican of Texas — the company appeared to confirm that it has been storing and collecting location information for some time.

In the letter, Apple said it collects the location data anonymously and only when consumers agree to use its location-based services like maps, or any apps that ask a user’s location, and for its advertising system, iAds. The company said that it has been offering location-based services since 2008, but that only in 2010, when it released iOS 3.2, did it begin relying on its own databases for those services. Explaining its need to collect data from its customers’ phones, Apple wrote, “These databases must be updated continuously.”

Security experts say companies like Apple and Google collect the location of Wi-Fi networks and cell towers to pinpoint the location of phones without using GPS technology. Some suggested Apple was doing so through the users of its iPhones.

Mark Seiden, an information security consultant in Silicon Valley, said that Apple’s letter to the congressmen suggests that it uses the location data from the previously hidden file “so a phone knows where it is quickly.” Mr. Seiden said that Apple did not appear to be using the data to track people, but that the company should probably be more diligent about deleting dated location information. “I don’t know why they would want to keep old data on the device,” he said.

Mr. Markey on Thursday sent a follow-up letter to Apple asking it to explain why it was storing the information in the user’s device, and raising concern that its actions could violate the Communications Act.

“Apple needs to safeguard the personal location information of its users to ensure that an iPhone doesn’t become an iTrack,” Mr. Markey said in a statement. On Wednesday, Senator Al Franken, Democrat of Minnesota, also sent a letter asking Apple for an explanation.

The controversy erupted on Wednesday, when two computer programmers issued a report at a conference in San Francisco describing the files with the hidden data. The programmers also released a program that allowed users to see their stored location data on a map.

Some privacy experts were particularly concerned that the files were not encrypted, and that they were backed up on users’ computers.

The concerns quickly spread to Europe, where privacy laws are typically stricter than in the United States.

The Bavarian Agency for the Supervision of Data Protection, in Germany, said it would examine whether — and if so, why — the iPhone and iPad were storing such user data. Thomas Kranig, the director of the agency, said his office had asked Apple whether geographic information was being stored and for what purpose. 

“If it’s true that this information is being collected, and it is being done without the approval and knowledge of the users, then it is definitely a violation of German privacy law,” Mr. Kranig said. 

The Italian Data Protection Authority also opened an investigation into Apple’s data collection, expanding one it had begun on how mobile applications process personal data, Reuters reported.

France may follow suit. Yann Padova, the secretary general of CNIL, the French data protection authority, said the agency was trying to verify the report by the American programmers.

The French agency plans to send Apple France a letter asking for an explanation next week, Mr. Padova said. A major concern will be whether the information remained on the device or whether it was transferred by Apple to one of its commercial partners.

“In the first case, it is a matter of simply not obtaining the consent of  the consumer for the data to be collected,” Mr. Padova said. “In the second case, if the information is marketed without the knowledge of the consumer, it is much more serious.”

Article source: http://feeds.nytimes.com/click.phdo?i=74fd8a4f915940d4c38c6958bb0c25d6