Please don’t stop me, but you have read this before: A widely-used tech product is found to have a privacy flaw, spurring consternation among users and calls for action in Congress–as well as panicked “we need something on this” story-assignment e-mails from editors. And then we learn that the situation isn’t as horrific as first portrayed.
The latest version of this tech trope involves the discovery that Apple’s iPhones and 3G-equipped iPads regularly save your location, as determined from nearby wireless transmitters, in a hidden but easily-accessed “consolidated.db” file, and do so without your notice or consent. O’Reilly and Associates researchers Alasdair Allan and Pete Warden summarized their “discovery” yesterday and posted an iPhoneTracker application that lets you see these records on a map.
That quickly led to numerous blog posts illustrated with iPhoneTracker-generated maps portraying their authors’ wanderings in fascinating detail. (That was not the case when I ran this app: Since it only shows data from the most-recently-synced iOS device, its map correctly indicated that the iPad 2 loaned by Apple PR had not left my house.) Congress and the FCC quickly began demanding explanations, while Apple engaged in its characteristic routine of not answering anybody’s questions. (FYI to Apple PR: That’s a good way to make your company look guilty.)
The massive Web traffic typically generated by pieces about Apple and the iPhone could not have hurt this story’s popularity among editors.
But… there’s no evidence that Apple is collecting this data from its users’ computers, an iPhone needs to save its location to help location-based apps function, iOS has always done this and people have known about the log in consolidated.db for months, as computing-forensics research Alex Levinson blogged today. Also, wireless carriers already track your location.
There are still serious issues: Why store this information in perpetuity instead of keeping only recent data? How does this conduct square with Apple’s insistence that third-party apps get your permission before tracking you? The answer to that first and most important question likely boils down to a programming oversight, perhaps fostered by the ever-lower price of flash memory–why bother automatically trimming a log file if you’ve got plenty of room for it?
That’s not nearly as outrageous as a headline like “Apple tracks your location” might suggest. Too bad.
I saw this kind of story arc play out repeatedly in my time at the Post. After two different Facebook privacy scares–each involving the Web’s standard “referrer” feature–turned out to be far less frightening on closer inspection, I wrote a column critiquing over-caffeinated coverage of data breaches.
The next time you see a story along these lines, remember two things. One, software development is rarely tidy. Two, companies exist to make money, preferably with less effort rather than more. Before you freak out over an alleged privacy issue, consider which factor provides a more plausible explanation for the problem.
4/22, 11:40 a.m. The Wall Street Journal’s Julia Angwin and Jennifer Valentino-Devries provide much more context in a story today. They write that both Apple and Google automatically collect data on nearby WiFi hotspots to build out databases that iPhones and Android phones can use to determine their locations faster than GPS would allow. But this doesn’t seem to be much of a secret: As I recall, the setup screens in Android clearly note that Google collects location information to improve its services, and Apple explained its conduct in a letter provided to Rep. Ed Markey (D-Mass.) last summer and posted on his site.