Apple Lied: Filed Patent for Mobile Device Tracking

Friday, April 29, 2011

Headlines

69dafe8b58066478aea48f3d0f384820

Apple's claim that the geolocation tracking of its customers via a stealth file maintained in devices running the iOS operating system are, well, "patently" false.

The stealth iOS file records geolocation information derived from triangulating the location of a device using the signals from the closest cell phone transmission towers and Wi-Fi access points. The data is continuously collected and recorded regardless of whether the user has chosen to disable location services features on their mobile device.

Apple released a statement earlier this week that claims the data collection is caused by a software bug that will be remediated in a soon to be issued update to the iOS. Apple admitted that the information was being sent to the company, but they maintain that they are unable to trace the data a particular phone or user.

Apple CEO Steve Jobs even stated directly that "We don't track anyone. The info circulating around is false."

Reports have now surfaced that demonstrate these assurances are false.

Apple filed for a patent in September of 2009 titled "Location Histories for Location Aware Devices" with the intent to develop services based around the company's ability to locate and track mobile devices running the iOS operating system.

The abstract of the patent reads as follows:

"A location aware mobile device can include a baseband processor for communicating with one or more communication networks, such as a cellular network or WiFi network. In some implementations, the baseband processor can collect network information (e.g., transmitter IDs) over time. Upon request by a user or application, the network information can be translated to estimated position coordinates (e.g., latitude, longitude, altitude) of the location aware device for display on a map view or for other purposes. A user or application can query the location history database with a timestamp or other query to retrieve all or part of the location history for display in a map view."

The patent text goes on to outline how the tracking data could be accessed by applications, indicating Apple intends to build salable services around the collected data and allow third parties the ability to access it:

"A user or application can query the location history database with a timestamp or other query to retrieve all or part of the location history for display in a map view. In some implementations, the size and "freshness" of the location history database can be managed by eliminating duplicate entries in the database and/or removing older entries. The location history can be used to construct a travel timeline for the location aware device. The travel timeline can be displayed in a map view or used by location aware applications running on the location aware device or on a network. In some implementations, an Application Programming Interface (API) can be used by an application to query the location history database."

The patent application then goes on to describe how the location tracking data can include transmitter identifiers that correlate the data to a specific phone - which means a specific user - and how the data can be transmitted to network servers for processing:

"In some implementations, the network information can include transmitter identifiers (IDs). For example, Cell IDs can be tracked and recorded. The Cell IDs can be mapped to corresponding cell tower locations which can be used to provide estimated position coordinates of the location aware device. When a location history is requested by a user or application (e.g., through an API), the transmitter IDs can be translated to position coordinates of the location aware device which can be reverse geocoded to map locations for display on a map view or for other purposes. In other implementations, the network information can include WiFi scan data (e.g., access point IDs) which can be used to determine position coordinates of the location aware device, which can be reverse geocoded for display on a map view. In some implementations, the network information can be sent to a network server, which can translate the network information into position coordinates, which can be returned to the location aware device for processing by a location aware application."

Revelations of the patent application now confirm suspicions that Apple was quite aware of the storage of geolocation tracking data, that it was not merely a database of Wi-Fi locations, and the building of location histories on their customers was not due to a software glitch.

The full Apple patent application can be found HERE.

Possibly Related Articles:
52690
PDAs/Smart Phones
Apple iPhone Privacy geo-location Smart Phone Headlines Tracking iOS
Post Rating I Like this!
12b78bed0e9cd7b675706d1b8866cc00
Brian Ford This reporting seems to assume that a technological process described in a patent application has made it into a shipping product. Umm. That's not always the case. Just because there is a patent application doesn't mean it's in there. Any other revelations that might dispute those assurances from Apple?
1304100702
6d117b57d55f63febe392e40a478011f
Anthony M. Freed Though the entirety of what was proposed in the patent application may not have been realized in the field yet, the disclosure runs counter to Apple's assertions issued in their statement released earlier this week. The company's attempt to characterize the privacy concerns of consumers as unfounded was entirely disingenuous.
1304101038
B71b97ceae7b5837b59813ee06a34bed
David Dennis While I personally have my concerns about Apple, it appears that their intent and/or attitude is close to most other forward looking tech companies. They all realize that, while there is money to be made selling great hardware and software, the real money is in the data they can accumulate. They collect it, mine it, and sell the results to others willing to pay for it.

In a sense, Jobs wasn't lying when he said that they don't collect information on anyone. They collect data--the basic, unorganized bits. What he didn't address is that they mine that data into useful information and use/sell that. It may or may not be individually identifying.

This isn't new. Market research has always done that. Technology has now reached a point where it's easy to collect data; companies have long had the ability to mine it.

As a society, we need to decide just what is personal. If we give up raw data on ourselves, it is no longer ours to protect--it becomes the property of the collecting organization (fill in the blank here)...or even the public. If I publish my street address, I give up my right to not have anyone mail me anything.
1304290385
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.