What they appear to be saying is that consolidated.db, with its timestamped locations, is someone else's data. Your own location is sent over the air separately in order to build the larger database. OK, the two might overlap (i.e. you might download your own submitted records), but for the most part it is only a cache of the wider area you've been in, which has some privacy implication but a very weak one.These calculations are performed live on the iPhone using a crowd-sourced database of Wi-Fi hotspot and cell tower data that is generated by tens of millions of iPhones sending the geo-tagged locations of nearby Wi-Fi hotspots and cell towers in an anonymous and encrypted form to Apple
...
The entire crowd-sourced database is too big to store on an iPhone, so we download an appropriate subset (cache) onto each iPhone
This (if true) leaves me feeling that the technical approach is not unreasonable, and the security research that supposedly revealed this is pretty poor.
Averaging entries with the same timestamp comes remarkably close to the phone’s actual location, but only if reception is good and cellular towers are dense. Averaging a random sample of consolidate.db entries with late-night timestamps yielded coordinates only 690 meters from the actual location of my apartment. The average of a block of entires on a Saturday gave me coordinates only 630 m from my girlfriend’s house. Both of these locations have great reception and are moderately-dense suburban neighbors. On the other hand, averaging entries during the week put me a full 8.1 km from the actual location of my office. We have terrible reception in my office, so this is not too surprising.
http://tomstokes.wordpress.com/2011/04/21/preliminary-analysis-of-the-iphone-location-log/
Here's a real world analysis of how accurate the tracking was:
How do you know for sure that this is what is actually happening?That analysis was from 5 days ago, before we knew that the data was not just from your own phone but was a consolidated download of surrounding 3g cells and wifi networks. .
How do you know for sure that this is what is actually happening?
It’s worth noting that although Apple claims the excessive location-data storage method is a bug, the company recently filed for a patent that describes a location-gathering method in which the iPhone’s database file does not remove location history entries until the location database becomes full.
http://www.wired.com/gadgetlab/2011/04/iphone-location-bug/
Other handsets perform similar tasks, but Apple yesterday denied tracking users and claimed that only a bug in the system was causing the phone to store location data on handsets for up to a year. Even data detailing which cells and Wi-Fi hotspots were in range need only be kept for a week, the company said.
Yet this appears to contradict a patent application for “Location Histories for Location Aware Devices” that Apple filed with the US Patent and Trademark office in September 2009.
“A location-aware mobile device can include a baseband processor for communicating with one or more communication networks, such as a cellular network or Wi-Fi network,” Apple said in its patent application. “In some implementations, the baseband processor can collect network information (e.g., transmitter IDs) over time.”
The plan sounds almost identical to the data-accumulating file that landed Apple in hot water with privacy campaigners, after researcher revealed that the company was collecting mappable data on handset locations...
Third-party access
Apple also planned, according to the patent, to allow third parties to see this data trail in a bid to build services around the system.
“The travel timeline can be used by location-aware applications running on the location-aware device or on a network,” Apple said at the time. “In some implementations, an Application Programming Interface (API) can be used by an application to query the location history database.”
Apple's intentions may have changed from the time the patent was filed in 2009 to when the tracking utility was implemented in iOS 4. The company has so far to declined to comment on the patent.
http://www.pcpro.co.uk/news/security/367048/apple-snooping-plot-thickens-iphone-tracker-was-patented
The two Michigan-based HTC Inspire 4G-owners said in their complaint, which was filed on April 27th in Detroit, that they've been tracked "just as if by a tracking device for which a court-ordered warrant would ordinarily be required." Naturally, they're seeking $50 million in damages, along with a court order to force Google to stop tracking owners of their Android devices.
They're going to have a tough time over this one, unlike the iPhone owners, because Google actually asks users to opt-in to the "collection, sharing and use of location," according to Google, which said "any location data that is sent back to Google location servers is anonymized and is not tied or traceable to a specific user.
http://gizmodo.com/#!5796968/google-sued-over-android-phone-tracking
very good/detailed article here:
http://www.macworld.com/article/159528/2011/04/how_iphone_location_works.html
good reading for the less hysterical.
"I believe that consumers have a fundamental right to know what data is being collected about them," said the Democratic senator Al Franken from Minnesota at a hearing of the new senate judiciary subcommittee on privacy, technology and the law. "I also believe that they have a right to decide whether they want to share that information, and with whom they want to share it and when."
Franken, chairman of the subcommittee, added: "I have serious doubts about whether those rights are being respected in law or in practice."
The Apple software chief, Guy "Bud" Tribble, said the company is committed to user privacy. "Apple does not track users' locations," he said. "Apple has never done so and has no plans to ever do so." But he added that the company's privacy policy says that Apple "may collect, use and share precise location data." Tribble wouldn't answer questions after the hearing about the apparent discrepancy.
Google's director of public policy in the Americas, Alan Davidson, said the company's Android smartphone platform has a similar policy. "All location data that is sent back to Google's location servers is anonymised and is not traceable to a specific user or device," he said.
But Franken challenged the assertion that Apple's and Google's location data are anonymous. He asked another witness, researcher Ashkan Soltani, whether the time-stamped location data could be used to track users. Soltani said that he thought it was possible, and that assertions the data are anonymous are "not really sincere".
Nice to see politicians getting to grips with this properly - ie: not seeing it as fixed just because the location data is not stored locally. The bigger picture is what is sent to servers.
A new statement from the European Union could lead to greater restrictions on the handling of location data on mobile devices for companies like Apple and Google.
EU privacy officials published a nonbinding opinion this week stating that users must be given "clear, comprehensive" information about location data, according to Bloomberg. The opinion comes as data protection officials in Europe continue to investigate the iPhone location services controversy that recently erupted.
The new EU opinion states that information collected through Wi-Fi and location services is considered "personal data." Such a classification would make the data subject to EU privacy rules.