At the Where 2.0 conference on April 20, 2011, Alasdair Allan and Pete Warden gave a short talk on an iPhone application that tracked users’ locations and raised some privacy concerns. What they were not expecting was the media storm that their demonstration also raised. As Allan said, “It already seemed to be an open secret among people who do forensic phone analysis,” referencing previous research done by Alex Levinson, Ryan Neal and Paul Courbis. Maybe it was an open secret among a few techies, but after April 20, everybody with an iPhone was in on it, and they did not like what they were learning.
The location application arrived with iOS 4.0. Using cell towers and Wi-Fi hotspots, the application triangulates the phone’s location and then logs the longitude and latitude coordinates, as well as the time recorded. Originally, the app kept these time-stamped coordinates for an entire year and anytime the iPhone was backed up to iTunes, the year’s records were deposited on the back-up device as well.
As if that wasn’t disturbing enough, the manner in which Apple handled the location application was pretty underhanded. The application was hidden in the ‘kernel’ of the operating system, so that any regular user would never find it. And unlike the third party apps that are required to ask your permission to use your location, the location application was automatically installed and turned on without notifying the iPhone’s owner. To add insult to injury, the data wasn’t even encrypted. Not exactly as pervasive as the way Target tracks shoppers but people were concerned none the less.