With much publicity about yesterday's iOS location-tracking issue, a number of voices have already weighed in to provide additional perspective on exactly what is happening with respect to user privacy.
As noted by Ars Technica, U.S. Senator Al Franken sent a letter (PDF) to Apple CEO Steve Jobs yesterday asking for more detail on how consumers' information is being used and why it is not encrypted.
Anyone who finds a lost or stolen iPhone or iPad or who has access to any computer used to sync one of these devices could easily download and map out a customer's precise movements for months at a time. It is also entirely conceivable that malicious persons may create viruses to access this data from customers' iPhones, iPads, and desktop and laptop computers. There are numerous ways in which this information could be abused by criminals and bad actors.
A number of observers have pointed out that Apple did respond to location-tracking concerns last July, noting that such information could be collected, batched, and sent to Apple to assist with generating and refining its database of cellular and Wi-Fi access points for providing location services. Location tracking is also used to aid in targeting iAds to customers based on their geographic region, although this information is not passed on to advertisers.
We mentioned in our initial report that knowledge of this "consolidated.db" file containing the timestamped location information was not new, having been used by forensic analysts associated with law enforcement seeking to determine the whereabouts of a given device (and presumably the person associated with that device) at a given time. One of the people primarily responsible for developing those forensic tools, Alex Levinson, has weighed in on the developments, specifically taking issue with several of yesterday's claims.
While forensics isn't in the forefront of technology headlines these days, that doesn't mean critical research isn't being done surrounding areas such as mobile devices. I have no problem with what Mr. Warden and Mr. Allan have created or presented on, but I do take issue with them making erroneous claims and not citing previously published work. I'm all for creative development and research, as long as it's honest.
For example, while Apple has noted in the past that it does collect information for specific purposes, it does so anonymously. Consequently, Levinson notes that claims that Apple is gathering information about user locations are overblown. Levinson also notes that the database of locations in iOS is neither hidden nor new as presented in yesterday's report, reporting that the file had existed in earlier versions of iOS as "h-cells.plist" but changed names and locations with iOS 4 in order to support background location services employed as part of the new multitasking features of iOS.
Finally, Levinson points to his own work, including contributions to a textbook describing exactly what the various database files are and how they are used. Levinson also developed and is continuing to work in his capacity as lead engineer Katana Forensics on Lantern, software for forensic professionals assisting them with pulling information from such files.
