Apple is recording the location data of iPhone and iPad users and storing the unencrypted information on any computer used to sync the device, researchers revealed on O’Reilly Radar on Apr. 20.
By tracking users without their knowing, Apple may be violating Section 222 of the Communications Act, which “requires companies to obtain customer consent before location data is used or disclosed for commercial purposes,” according to a report from the Electronic Privacy Information Center (EPIC).
The finding set off a wave of controversy that soon revealed Android smartphones contain a similar feature.
Apple CEO Steve Jobs was given 15 days to give an explanation of why he is doing this, in a letter from Senator Al Franken (D-MN). He states “the existence of this information—stored in unencrypted format—raises serious privacy concerns…Anyone who gains access to this single file could likely determine the location of a user’s home, the businesses he frequents, the doctors he visits, the schools his children attend, and the trips he has taken—over the past months or even a year.”
The concern raised by Franken is if an iPhone or iPad is stolen, this data will also fall into the hands of the criminal. Now that the vulnerability is known, cybercriminals may also look for ways to access the data with computer viruses.
Representative Ed Markey (D-MA) issued a similar letter, with a brief paragraph-long introduction before skipping to questions for Jobs to answer. Markey also asks directly, given the nature of the vulnerability, what Apple is doing to comply Section 222 of the Communications Act “which requires express prior customer authorization for the use, disclosure of, or access to the customer’s location information for commercial purposes.”
Although the findings are just now causing a stir, cell phone tracking is nothing new. Digital rights organization the Electronic Frontier Foundation (EFF) stated on, “Your cell phone company knows everywhere you go, twenty-four hours a day, every day.”
An earlier article published by the EFF states the issue of cell phone tracking was first revealed in August 2005, when an Eastern District of New York judge “publicly denied a government request” to access this data.
“In doing so, Judge Orenstein revealed that the Justice Department had routinely been using a baseless legal argument to get secret authorizations from a number of courts, probably for many years,” states the EFF.