Security News for Mobile, Apps & IoT

Apple Changes Its Geolocation Policies

Perhaps bowing to public–and Congressional–pressure, Apple made several concessions on geolocation caching in Wednesday’s iOS update.

Apple has been under fire recently after the discovery of a file that collects and stores location data from Wi-Fi networks and cellular towers. Worse, the unencrypted geolocation file is stored in iTunes every time the phone syncs. So a record of your travels might be stored on several different PCs.

In version iOS 4.3.3, Apple says the “crowd-sourced” location cache is no longer backed up to iTunes, and that it will delete the cache whenever iOS location services are turned off. These are significant improvements toward protecting consumer privacy, however, it appears that the file, consolidated.db, remains unencrypted.

The Register cites other concerns:

According to tests by independent security researcher Samy Kamkar, the iPhone was also collecting new data on cell tower and Wi-Fi networks when location services were off, and sending this data back to its servers. It’s unclear whether the update stops these collections as well.

There is a need for greater transparency in consumer apps on mobile devices. For example, consumers—and enterprises—need the ability to set personal preferences, such as where and when an app can be used. And how much personal information that app collects or has access to. Only then will consumers truly feel comfortable with their mobile devices.

Tags: , , , , , , , , ,

1 Comment

  1. [...] In iNception: Planting and Extracting Sensitive Data from Your iPhone’s Subconscious , Oudot talked about various ways to get data off the iPhone, including location data with Apple’s consolidated.db file. He said that location data can be eliminated with an upgrade to version 4.3.3 of iOS. [...]

Leave a Comment