Daily Mail – April 22, 2011
The row over the privacy of mobile phone users escalated today as it was revealed that Google devices regularly transmit user locations back to the company.
The new revelations come after Apple was this week slammed by several Congress members for the way user locations are being stored in unencrypted databases on the iPhone and iPad, sometimes stretching back several months.
In Google’s case an Android HTC phone tracked its location every few seconds and transmitted the data back to Google several times an hour, according to new research by security analyst Samy Kamkar for the Wall Street Journal.
It also transmitted the name, location and signal strength of any close Wi-Fi networks and the phone’s unique identifier.
Both Google and Apple have previously admitted they are using location data to build massive databases of Wi-Fi hotspots.
This can then be used to pinpoint individual’s locations via their mobile phones, which in turn could help the companies tap into the huge market for location-based services, currently worth $2.9billion.
This figure is expected to rise to a staggering $8.3billion in 2014, according to research company Gartner.
Location data is some of the most valuable information a mobile phone can provide, since it can tell advertisers not only where someone’s been, but also where they might be going — and what they might be inclined to buy when they get there.
A spokeswoman for the Office of the Privacy Commissioner of Canada told the Journal the office ‘had concerns’ about using mobile phones to collect Wi-Fi data and had expressed those concerns to Google itself.
‘The whole issue of the tracking capabilities of new mobile devices raises significant privacy issues,’ she said.
In the past Google has pointed out that its collected Wi-FI data is anonymous and that it deletes the start and end points of every trip it uses for traffic maps.
But, the data, provided to the Journal exclusively by Mr Kamkar, contained a unique identifier linked to an individual’s phone.
Mr Kamkar developed a tracking file called ‘evercookie’ that once installed on a computer, was difficult to get rid of, in order to highlight the privacy vulnerabilities in web-browsing software.
The Journal then had an independent consultant test out the programme on an Android device and its use of location data.
It worked. Google declined to comment to the Wall Street Journal on its revelations.
The news that both Google and Apple have these capabilities is a worry, especially after the Journal’s findings last year that some of the most popular smartphone apps use location data and other personal information aggressively – in some cases sharing it with third-party companies without the user’s consent or knowledge, the paper found.
Representative Edward Markey and Senator Al Franken have both expressed concern about the way Apple may use its location data.
Their anger was prompted by a report from researchers Alasdair Allan, research fellow at University of Exeter in the UK and Pete Warden, the founder of Data Science Toolkit.
The pair found the Apple devices save the latitude and longitude of users’ locations, along with a time stamp, then copies the data to the owner’s computer whenever the two are synchronised.
They were able to build an extraordinary detailed map of where they had been, but said they had no evidence the file was being transmitted to Apple.
They have since built a programme that individuals can download for free to see what location data has been stored on their own phones.
And after talking to people in the Android community Mr Warden and Dr Allan were told that Android phones had something similar to Apple, but that only a couple of weeks of rolling data was kept.
On their website the pair speculate whether Apple may have built the feature in for future developments but add: ‘The fact that it’s (the data) transferred across devices when you restore or migrate is evidence the data-gathering isn’t accidental.’
They highlight that the location data is stored in an easily-readable form on a person’s computer.
‘By passively logging your location without your permission, Apple have made it possible for anyone from a jealous spouse to a private investigator to get a detailed picture of your movements,’ they write.
Other mobile phone providers collect similar data but it’s kept securely behind their firewall, they write.
This data ordinarily requires a court order to gain access to it, whereas the data from Apple devices is there for anyone who uses that person’s phone or computer to see, they add.
Senator Al Franken said the issue raises ‘serious privacy concerns,’ especially for children using the devices.
He said: ‘Anyone who gains access to this single file could likely determine the location of a user’s home, the businesses he frequents, the doctors he visits, the schools his children attend, and the trips he has taken — over the past months or even a year.’
Representative Edward Markey questioned whether the practice may be illegal under a federal law governing the use of location information for commercial purposes and said consumers weren’t properly informed.
He said: ‘Apple needs to safeguard the personal location information of its users to ensure that an iPhone doesn’t become an iTrack.
‘Collecting, storing and disclosing a consumer’s location for commercial purposes without their express permission is unacceptable and would violate current law.’
Mr Markey, who is the co-chair of the House Bipartisan Privacy Caucus, sent a letter to Apple CEO Steve Jobs on Thursday in response to the research.
Specifically, Markey wants to know if Apple developed the feature intentionally to keep a log of users’ whereabouts. And if it did mean to collect this information, what did it intend to do with it? He also wants to know if Apple has notified consumers that this information is being collected.
He said he’s seeking answers to his questions by May 12.
Apple said it ‘intermittently’ collects location data, including GPS coordinates, of many iPhone users and nearby Wi-Fi networks and sends that data to itself every 12 hours, according to a letter the company sent to Mr Markey and Representative for Texas, Joe Barton, last year.