Privacy concerns over iPhone's log of user's location

APPLE COULD be facing scrutiny from data protection groups across Europe after it was discovered that some of its devices log…

APPLE COULD be facing scrutiny from data protection groups across Europe after it was discovered that some of its devices log a user’s location and store it on the phone.

The feature, which is included in Apple’s 3G-enabled devices running the fourth generation of its iPhone operating system (iOS4), keeps a record of the phone’s latitude and longitude, along with the time of the visit. The data is stored in a file hidden on the handset. The file is then transferred to a user’s PC or Mac when the device is connected and synched through Apple’s iTunes software.

Because the information appears to be compiled using information from mobile phone masts rather than the device’s GPS capability, it cannot be switched off as long as the phone is receiving a network signal.

Such information is usually only accessible to mobile networks or to police forces if they obtain a court order.

READ MORE

The feature was publicised in a study presented at the Where 2.0 conference in California this week. The report, which was written by researchers Alasdair Allan and Pete Warden, was published on the California-based O’Reilly Radar website.

The researchers also made available an application that allows users to find the file and see the data represented on a map.

Research from interactive marketing group Return2Sender suggested that there could be more than 600,000 iPhone users in Ireland by May of this year.

Data is also collected by 3G-enabled iPads, Mr Allan and Mr Warden’s research found.

Authorities in the German province of Bavaria are already talking about a potential investigation to see if Apple has violated any privacy regulations. Legal or regulatory action could also be considered.

However, security expert Conor Flynn said there may be little that consumers could do, as the collection of location-based data is provided for in the end-user licence agreement that iOS4 users sign up to.

“Apple aren’t doing anything that they can be pursued for,” he said.”

However, the function opens up the possibility that the file could be accessed by a third party and a user’s movements could be monitored.

Data protection authorities in Ireland said they had not yet contacted Apple on the matter, but they expected that the collection of such information would be addressed in an upcoming document due to published by the Europe-wide umbrella group for data protection bodies.

Apple has not yet commented on the matter.

However, Mr Flynn said he expected the company would release an update for its software that would allow users to disable the collection of such data.

“It’s a big leap from the [end-user agreement] commitment on gathering information for location-based services to recording all cellphone tower interactions on the handset,” he said.

“This is the first time we’ve seen this level of information stored on a handset.”

Apple appears to be the only mobile maker that records this information and stores it in such a way. During the course of the research, Mr Warden and Mr Allan looked for similar files on other smartphones but failed to find any evidence.

“That doesn’t mean they’re not there,” Mr Flynn said.

Ciara O'Brien

Ciara O'Brien

Ciara O'Brien is an Irish Times business and technology journalist