Apple 'not tracking' iPhone users
- Published
Apple has denied that its iPhones and 3G iPads have been secretly recording their owners' movements.
In a website posting, the company said it had never tracked user location and had no plans to do so in future.
Security researchers claimed to have found a hidden file on the devices containing a record of everywhere they had been.
Some users managed to extract the data and plot it on maps.
More than a week after the issue came to public attention, Apple released an online question and answer document, external.
It said: "The iPhone is not logging your location. Rather, it's maintaining a database of Wi-Fi hotspots and cell towers around your current location, some of which may be located more than one hundred miles away from your iPhone, to help your iPhone rapidly and accurately calculate its location when requested."
Planned fix
The document also addresses the fact - as some users discovered - that data going back months and even years was being stored.
"It shouldn't. This is a bug, which we plan to fix shortly," said Apple.
Ian Fogg, principal analyst at Forrester Research, said that the company was being uncharacteristically open about the functioning of its devices.
"I do not think that that the other [makers of mobile operating systems] have been as black and white about what they are doing with location data," he said.
While Mr Fogg believes that Apple is trying to do the right thing, he said that the company may have inadvertently created a security risk.
The fact that the location data file is stored on users' computers in an unencrypted form made it vulnerable to hackers.
Mr Fogg suggested that owners of Apple devices should go into their iTunes settings and select the option to encrypt their backups, external.
Not plausible
Apple's explanation did not convince everyone, however.
Ross Anderson, professor of security engineering at Cambridge University, described it as "not plausible".
"The researchers' report clearly shows that the phone was recording a location trace of its user," he said.
"I'll assume that their claim of a programming error may be an attempt to diminish culpability, and thus the fine they have to pay, in the event that they get prosecuted, whether by the FTC [Federal Trade Commission] in the USA or by one or more data protection authorities in Europe."
- Published20 April 2011
- Published21 April 2011