I actually think my honest opinion on this fiasco is "someone can derive a user's movements from this database, but how big a deal is it really?"
I still think this should be fixed, Apple should explain it and release an update that pares it down to the bare minimum data for whatever function it serves.
However, let's honestly go through the implications of this:
- The user's cell provider already knows this. [1]
- If someone "owns" the user's phone then they can get their movement history. But that's at a point where they can track the user's current movements anyhow, so that's lose-lose there - the only difference is the historical angle.
- If someone steals the user's computer/phone they can get their previous history up until then. That's bad, but I bet nearly everyone has more sensitive private information available on their computer hard disk or their iPhone's internals - stuff that would be more exploitable than historical location data.
- Someone could maybe sneak private API calls into a legit app that sent this database somewhere else. No idea how feasible that is. However, if they can do that then it's pretty close to the "ownage" scenario described above - they can probably do anything anyhow.
If it comes out that Apple is sending this data back to Cupertino for some nefarious purpose then that is very bad as well, but I bet that's not the case.
Basically by having it stored locally, it lowers the barriers to accessing data, so that it is no longer restricted to law enforcement people seeking telco data.
That changes a lot of things.
For instance imagine you're a police informant or undercover cop: a technically savvy mob would be silly not to hoover up the location data of everyone in their org, which could lead to some interesting discussions.
For instance imagine you're a police informant or undercover cop: a technically savvy mob would be silly not to hoover up the location data of everyone in their org,
Sure, but if they have root or physical access to the phone (which they need) they can install a realtime tracking snooper to follow you around instead.
I agree this lowers the barrier, but fundamentally it seems to come down to - if you don't want people knowing where you are, don't carry around a GPS-enabled always-on computer in your pocket!
The point to be made here is that Apple's provided almost universal, historical snooping capabilities without any individual actors having to get James Bond on the situation. Every iOS device has the potential to reveal someone made a trip to a police station, or spent a lot of time in a suburb that doesn't match with a particular story.
The fact that people of sufficient technical capability and motivation can always install traffic snoopers with greater resolution / utility doesn't change any of the above?
I suppose this situation is a little like the Firesheep release. Things could already be exploited, but by reducing the effort and skill required it significantly changed the security / privacy situation.
Your final point is a bit of a false dilemma, because Apple can just fix the issue to remove that particular security concern. Of course the device is still tracked by networks, but as discussed the barrier to access that information is probably high enough for many people.
>Every iOS device has the potential to reveal someone made a trip to a police station, or spent a lot of time in a suburb that doesn't match with a particular story.
Sure, it has the potential. But only if the idiot was dumb enough to check into jail from Foursquare (or otherwise use a Location Service).
One would hope that a technically savvy mob would just disable location services on their iPhones in the Settings app and not track this information to begin with.
I still think this should be fixed, Apple should explain it and release an update that pares it down to the bare minimum data for whatever function it serves.
However, let's honestly go through the implications of this:
- The user's cell provider already knows this. [1]
- If someone "owns" the user's phone then they can get their movement history. But that's at a point where they can track the user's current movements anyhow, so that's lose-lose there - the only difference is the historical angle.
- If someone steals the user's computer/phone they can get their previous history up until then. That's bad, but I bet nearly everyone has more sensitive private information available on their computer hard disk or their iPhone's internals - stuff that would be more exploitable than historical location data.
- Someone could maybe sneak private API calls into a legit app that sent this database somewhere else. No idea how feasible that is. However, if they can do that then it's pretty close to the "ownage" scenario described above - they can probably do anything anyhow.
If it comes out that Apple is sending this data back to Cupertino for some nefarious purpose then that is very bad as well, but I bet that's not the case.
[1] http://www.zeit.de/digital/datenschutz/2011-03/data-protecti...