Location info—why you should care

The iPhone (and cousins) storing of location information and similar activity by Android is turning out to be a pretty big scandal. Some people are saying, “I’ve got nothing to hide.” but most people I associate with don’t think that way. And since that guy writes for the NYT he doesn’t really count with most of the country anyway.

Brian X. Chen and Mike Isaac explain the issue better than I could:

Having a data file with over a year’s worth of your location information stored on your iPhone is a security risk.

So if a thief got his hands on your iPhone, he can figure out where you live and loot you there, too. Same goes for a hacker who gains remote access to the consolidated.db file. But if a thief or hacker dug into an Android device, there isn’t going to be much geodata saved on the smartphone to digitally stalk you. (There’s plenty of other data on smartphones such as text messages, address books and so forth, but at least we have control over what data we store in this regard.)

Bottom line, this data shouldn’t stick around on your iOS device, because it does nothing but put you at risk. And you should care about that, because this problem can be and should be fixed by Apple, and you should demand that.

I’m not at liberty to say much but I will say that I spent some time explaining the security of Windows Phone 7 location services to our Program Manager and Dev Manager this afternoon. Both seems satisfied with the status. It’s not as good as I would like it to be when I put on my utopian privacy hat but I think the tradeoffs made were within acceptable bounds. I’m also pleased that at every stage through the location service development process privacy was taken seriously by everyone I worked with. I had expected I would have to fight hard at times to protect location information but that was not the case. I only got pushback on some relatively minor issues, for legitimate needs, and the compromises made were acceptable to me.

WP7 location service does a much better job of protecting your privacy and giving you control over your data than the iPhone currently does and probably better than Android. And as long as I am working on location services I will do my best to make sure it stays that way.


9 thoughts on “Location info—why you should care

  1. It’s not just IOS.

    When complete strangers can’t look up anything they want to know about me on the Internet any more and cops can’t just go to a website to track my location through the phone company, then I’ll worry about a file on my phone that caches my location.

    There is no such thing as privacy in the modern world.

    Like it or not, that’s just the way it is.

  2. If this weren’t “Boomershoot week” I would write a long post on this topic. You have a valid point but I still mostly disagree with your conclusion. Perhaps after Boomershoot…

  3. All versions of Windows since 95 (including her half-sister OS2 which is on Diebold ATM and voting machines) have a backdoor put there on behalf of the NSA. If you Google ‘windows nsa backdoor’ you will find it).

    I don’t want backdoors in my computer. I will only use linux, and even then only if I can audit the source code. That means no smart phones for me cuz even the linux one (android) won’t let me audit source code.

  4. I’m actually happier with the apple method. I would rather request the tower locations (and create a log entry) once and then access the cache than to access a central server every time. The file only lives on my phone and my computer. The governent doesn’t want or need the data because the telcos rolled over on that issue a long time ago.

  5. I can’t believe anyone would begrudge the police and our technocratic overclass the information to not only do their jobs in the present, but to predict the future.

  6. @Bobby, The NSA key was a misunderstanding. It didn’t do what people suspected it of doing.

    @Phelps, I think you misunderstand some things. I’ll explain it all in a post someday.

    One hint about part of my planned post is “Reducing the attack surface.”

  7. Hi Joe,

    For those of use who are forced to carry an iPhone for our work what can we do to minimize our risks? Can we write a script that deletes the location file every time we connect to our computers or anything like that?


Comments are closed.