Apple: iPhone data used to build Wi-Fi hotspot database

Apple has finally responded to the revelation that its iPhone and 3G-equipped iPad collect users' location data in an unencrypted file, stored both on the device itself and on any computers with which it has been synchronised.

Apple says it does not collect users' location data, but logs the location of nearby Wi-Fi hotspots and cellular base stations. Credit: O'Reilly Radar

In a statement on Wednesday, a week after the location data collection was publicised, Apple said it was not tracking iPhones, nor was the iPhone logging user locations. It said iPhones were instead logging the location of nearby Wi-Fi hotspots and cellular base stations, in order to populate an Apple database that helps iPhones calculate their location more quickly than if they just relied on GPS.

ZDNet UK has asked the company how this does not amount to logging the user's location, but had received no response at the time of writing.

The collection of Wi-Fi hotspot data for location-based services was also the reason given by Google when it was found to be amassing such information using its Street View cars. However, it was the collection of further data such as passwords and email fragments that led to Google being censured by the Information Commissioner's Office (ICO).

According to an ICO statement on Wednesday, "all businesses that are collecting people's data should have clear and accessible privacy notices", especially where users are "unlikely to appreciate the privacy implications of a service they are using".

"Apple has a legal obligation to make clear how people's information might be used when customers sign up," the ICO said. "Equally, customers should make sure they carefully read through terms and conditions. Anyone who has a data protection concern can bring their complaint to us and we will look into it."

'Crowd-sourced database'

Despite denying tracking users, Apple admitted that the quantity of location data being stored on the iOS devices was excessive, and said it was down to a technical fault. It also blamed a "bug" for the fact that such data continues to be stored even if the user has explicitly opted to disable location services. The data will be encrypted in the next major iOS release, the company added.

Position calculations are "performed live on the iPhone using a crowd-sourced database of Wi-Fi hotspot and cell-tower data that is generated by tens of millions of iPhones sending the geo-tagged locations of nearby Wi-Fi hotspots and cell towers in an anonymous and encrypted form to Apple", Apple said.

"The entire crowd-sourced database is too big to store on an iPhone, so we download an appropriate subset (cache) onto each iPhone," it explained further.

"This cache is protected but not encrypted, and is backed up in iTunes whenever you back up your iPhone. The backup is encrypted or not, depending on the user settings in iTunes," Apple said. "The location data that researchers are seeing on the iPhone is not the past or present location of the iPhone, but rather the locations of Wi-Fi hotspots and cell towers surrounding the iPhone's location, which can be more than 100 miles away from the iPhone."

Privacy issues

Apple claimed that people were concerned about the issue partly because Apple and other creators of location-based technology "have not provided enough education about these issues to date".

The company said the cache being stored on the iPhone was large due to "a bug we uncovered", and also blamed a bug for the fact that iPhones continue updating their Wi-Fi and base station data from the "crowd-sourced database", even if the user had opted to disable location services. It said an imminent software update to the iOS operating system, due in the next few weeks, would fix the bugs and stop the backing-up of the cache.

"We don't think the iPhone needs to store more than seven days of this data," Apple said, adding that the company was also collecting anonymous traffic data in order to give users "an improved traffic service in the next couple of years".

Apple said location data was not shared with any third party or advertisement without the user's prior approval, and promised to "continue to be one of the leaders in strengthening personal information security and privacy".

Since Apple's logging of location data was revealed, it has also been reported that Android and Windows Phone do similar things. However, Android requires the user's permission to use location data, and only stores it for a few days.