Apple rather belatedly issued a Q&A on the whole "LocationGate" saga. This confirms what I said about the data being a cache of cell tower and wifi locations. The fact that this was kept for up to a year was a bug. Within the next few weeks they will reduce this to 7 days, they will not back up the cache any longer, and they will turn off the cache when you turn location services off, which addresses the issue reported by the Wall Street Journal and widely re-reported.. These are all good actions to take, and address the key issues in my opinion. It does reinforce the importance of developers being careful about location security, and Apple was slack in this case, even though the potential risks were much less dire than widely reported.
Note that in the short term if you are concerned, you can encrypt your iPhone database backup just by checking a box on the front page in iTunes (after plugging in your iPhone). If you do this, the current location log cannot be accessed by someone who hacks into your computer.
3 comments:
I agree that the iPhone *should* "turn off the cache when you turn location services off." However, what Apple said in their Press Info is that Apple "deletes this cache entirely when Location Services is turned off." This doesn't make sense and looks like a wording error to me. Can you get Apple to clarify?
I think this approach is reasonable. The cache will only store 7 days worth of data now anyway, and will quickly build up again if you turn location services back on. It makes sense for Apple to take a more conservative approach on privacy given all the recent fuss.
Also I think they should have a way to allow a user to delete the cache at any time - this will be at least one way to do that, though maybe not as obvious as a "clear location cache" in settings, which they didn't mention.
Thanks for the article. It's true that location security is a key issue for Apple, and will probably continue to be one as time progresses.
Post a Comment