

Steve Jobs on iOS Location Issue: 'We Don't Track Anyone' - maguay
http://www.macrumors.com/2011/04/25/steve-jobs-on-ios-location-issue-we-dont-track-anyone/

======
huhtenberg
Ah, Apple is at it again - responding to a serious issue in a form of a
rumored email from Jobs himself, only to confirm it authenticity one week
later, to explain that "the info circulating is false" was referring to
Android, and thus in the end to say nothing official on the matter and to deny
any wrongdoing. Their wishy-washy side-channel PR tactics of handling bad
publicity are getting really tiring now.

~~~
kenjackson
And now Korea is investigating. I wonder if this will be like the EU vs MS
where the regulatory body of a country/region fights for some of their
companies.

[http://www.bloomberg.com/news/2011-04-25/apple-iphone-s-
loca...](http://www.bloomberg.com/news/2011-04-25/apple-iphone-s-location-
data-collection-to-be-investigated-in-south-korea.html)

------
delinka
I'm no Jobs apologist, but you're in the good ol' US of A where precise
language is requisite. (This reasons for this are a whole other conversation.)

"Why does Apple track me?" "We don't" - Apple is not AT&T. Maybe Apple doesn't
take a copy of the data. Maybe Apple takes a copy of the data without
associating it to your or your phone. Any of this qualifies under the
[im]precise language of the question.

How about we ask the purpose of that log the phone makes? Let's also ask who
gets a copy. If just having something on your computer "makes it easy for bad
guys to get," then all your files are "easy to get" and you might want to
learn something about securing your computers.

EDIT: OK, perhaps I'm a bit hasty:

"Could you please explain the necessity of the passive location-tracking tool
embedded in my iPhone?"

"We don't track anyone."

That's definitely sidestepping the issue. He didn't explain anything as
requested.

------
lukeschlather
I can't believe Steve Jobs would make such an obviously disingenuous if not
entirely false statement. It's a cold, hard fact that AT&T and every other
carrier tracks people. While it might be technically true that Apple doesn't
track anyone, the distinction is beyond weaselly. And the point isn't whether
or not Apple tracks people, the point is how easy the iPhone's unencrypted
backups of location data make it for people to track your movements.

~~~
mitchty
Every cellphone ever could be tracked via the cell handoffs and triangulating.
The police could always get at this, thats not the issue at hand.

What people are complaining about is the consolidated.db file which appears to
be a cache of general locations of where wifi SSID's are located. It also
keeps a log of where the phone was in general when a call was placed. This is
on the phone and is just an sqlite3 db, pick it open and have a look.

Now why, from an engineering perspective, is this necessary? Answer, it isn't,
at least not entirely. LocationServices is the likely answer. There are api
calls you can make that amount to "Give me the general location of the phone
accurate to Xmetres." that don't invoke the gps unless needed to save battery
life. Say you're hooked up to your wifi at home and the phone has cached this
ssid/wifi point do you really need the gps to give you a location accurate to
1000 metres if the app just wants to know the state you're in? No, so you
cache some of this information in this little db and give a general "around
here is where i'm at" reply when the app just wants a general idea of
location. So with this in mind, would Jobs be wrong in stating that they don't
track you? No he would be 100% accurate as a cache used to help save battery
life isn't tracking you, its a cache.

Now as to the backups containing the file, thats rather obvious as they are
backups and exposes the need for an individual to encrypt the backups. You
should be doing this already. Anyone here that doesn't encrypt their phone's
backups, be it android or ios, shouldn't be calling themselves a hacker. Its a
known source of private data, if you aren't encrypting it, you are accepting
risk if someone gets a hold of it. Just make sure your family members also do
this, you're likely the geek of the family, help them with a bit of good
information.

What worries people is if the consolidated.db gets sent or uploaded in some
fashion. The data isn't all that useful for tracking you since the location
data for SSID's are general and don't appear to update each time you see them,
and the call data only seems to use cell triangulation and only when the call
was placed. Could you use this to track someone? Sure but no more than you
could by tailing them in a car or following them.

The comments for this post are a bit appalling for what I've come to expect
from this site. There is way too much hyperbole and vitriol in most of these
comments. I'm not trying to advocate for Apple, more to set people straight on
actual facts as we currently know them. Those with developer accounts should
look at the 2010 WWDC video 150 iirc (at work so can't verify, was that or
151), should shed some light on things. I'd rather we have an actual
discussion over the amount of data we store on these handheld devices and the
"security" and lack thereof around them. To me there is a lot more that can be
done in general, be it android or ios or whatever to secure things. Lashing
out at one vendor here isn't helpful, we need the whole industry to recognize
the issues. For starters I would like some very fine grained controls ala
selinux to control what apps get access to what. Down to the contact level if
need be. Things along those lines, not a general this app can get access to
your whole address book etc...

~~~
lukeschlather
>So with this in mind, would Jobs be wrong in stating that they don't track
you? No he would be 100% accurate as a cache used to help save battery life
isn't tracking you, its a cache.

You're taking the statement out of context. In context, the email was clearly
asking about "passive location-tracking," i.e. the cache. If you have to take
a statement out of context for it to be true, it is as I said, disingenuous to
the point of being an outright fabrication.

Now, I do think Jobs was accurate in saying that Android does do similar
caching, so I don't see why he would have (if this email is genuine, which I
doubt) felt the need to falsely claim iOS doesn't.

~~~
mitchty
That still assumes the statement "passive location tracking" is true. It also
equivocates a form of tracking to caching data. I don't hold as true that the
two are equivalent. Comparable maybe.

------
msie
OMG, is this hysteria going to lead to some awkward system of caching GPS
location, leading to a horrible customer experience? Will Apple resort to a
system where it asks the user at install time a confusing question of whether
they want to cache GPS locations for better performance or not? Maybe they
will encrypt the GPS file and ask the user for a password each time it needs
to be accessed? Or each time location info is needed it will have to make a
server request, causing more congestion on the net. How about Apple design a
compromised experience that satisfies the politicians, media and security
researchers out there? That'll be great. Why isn't there an uproar over the
contacts, music playlists, photos, emails and other info that's synced to your
personal computer? That's private information too?

------
smackfu
"As is Jobs' usual style, his brief comments provide little detail or
information to support his claims, and his vagueness leaves things rather open
to interpretation."

------
watmough
I'm sure Steve is factually right, and Apple has zero interest in tracking any
users.

However, they've been stupid and sloppy, and instead of minimizing the
footprint and usefulness of the location to base-station cache, they've tagged
it with exact times, boneheadedly allowing this information to easily be
picked up and used for unreasonable searches, and exposing users to
considerable potential liability, such as being erroneously linked to a crime
etc.

------
mattsilv
Has any single message purported to be from Steve Jobs ever actually been from
Steve Jobs?

