Perhaps bowing to public–and Congressional–pressure, Apple made several concessions on geolocation caching in Wednesday’s iOS update.
Apple has been under fire recently after the discovery of a file that collects and stores location data from Wi-Fi networks and cellular towers. Worse, the unencrypted geolocation file is stored in iTunes every time the phone syncs. So a record of your travels might be stored on several different PCs.
In version iOS 4.3.3, Apple says the “crowd-sourced” location cache is no longer backed up to iTunes, and that it will delete the cache whenever iOS location services are turned off. These are significant improvements toward protecting consumer privacy, however, it appears that the file, consolidated.db, remains unencrypted.
The Register cites other concerns:
According to tests by independent security researcher Samy Kamkar, the iPhone was also collecting new data on cell tower and Wi-Fi networks when location services were off, and sending this data back to its servers. It’s unclear whether the update stops these collections as well.
There is a need for greater transparency in consumer apps on mobile devices. For example, consumers—and enterprises—need the ability to set personal preferences, such as where and when an app can be used. And how much personal information that app collects or has access to. Only then will consumers truly feel comfortable with their mobile devices.