Apple faces class action suit for tracking users without consent

Filed Under: Apple, Data loss, Featured, Law & order, Privacy, Security threats

Image of iPhone and maps courtesy of ShutterstockApple's been hit with a class action suit [PDF] in the US for using the location service function on its iPhones to track customers without notice to, or consent from, customers when it comes to their whereabouts being tracked, recorded, sent to Apple, and potentially provided to third parties.

A Californian woman, Chen Ma, filed the suit on behalf of Apple's 100-million-plus iPhone users in the US District Court for the Northern District of California.

She accuses the company of violating iPhone users' privacy by not only being able to pinpoint their locations but also to "record the duration that users stay at any given geographical point and periodically transmit" the data to Apple's database.

iPhones come with software called Location Services that uses GPS, cell towers, nearby Wi-Fi networks and other sources to work out the iPhone's location.

When you switch on Location Services some other services that send that location data back to Apple, such as 'Popular Near Me' and Location-Based iAds, are also enabled.

Chen Ma says Apple never told her about the tracking.

From the court filing:

Plaintiff alleges that while using her iPhones, including her current iPhone 5S, she was not given notice that her daily whereabouts would be tracked, recorded, and transmitted to Apple database to be stored for future reference. She was not asked for and thus has not given her consent, approval and permission nor was she even made aware that her detailed daily whereabouts would be tracked, recorded and transmitted to Apple database.

The lawsuit should come as no surprise, considering the saber-rattling about location services that's led up to it.

On 11 July 2014, China's state media TV broadcaster, China Central Television (CCTV), called iPhones a security threat to the state, lambasting the phones' "Frequent Locations" function for allowing users to be tracked and information about them to be revealed.

The broadcast quoted researchers who said that those with access to the data could glean sensitive information such as the country's economic situation or "even state secrets".

In fact, Ma claims in the lawsuit that she had no idea that "her daily whereabouts" were being tracked until she saw the CCTV report.

CCTV's wrath didn't extend to other mobile phones that also track location. Androids, for example, also track where we go, and in the event that a phone is stolen, Android owners can track their devices' location.

But then, other mobile phones aren't as American as Apple. In the wake of revelations about the National Security Agency's (NSA's) extensive surveillance activities, that American-ness has taken on the aroma of guests and yesterday's fish.

In fact, in June 2013, a state-run media campaign warned about the dangers of using foreign tech gear.

A June cover story in China Economic Weekly used the English headline, "He's Watching You," on top of a glowering figure, borrowed from a World War II-era US propaganda poster, wearing a helmet emblazoned with an NSA logo.

The eight US companies singled out in that cover story included Apple.

Ma's suit alleges that Apple doesn't give iPhone users "any meaningful choice" to turn off the feature "without substantially compromising" iPhone functionality.

The suit says that Apple, in response to CCTV's queries, "only stressed that it will not disclose" the data to a third party - a claim she's not swallowing.

She alleges that Apple has, in fact, handed information to third parties, including the US government, which has made more than 1,000 requests for information.

(Here's Apple's first transparency report [PDF], from November 2013.)

In the suit, Ma said that the intentional intrusion is "extremely offensive and objectionable."

She's seeking both compensatory and punitive damages from Apple and has asked the court to grant an injunction prohibiting Apple from collecting "highly sensitive and highly private" data through the location service feature without "meaningful notice" and "explicit consent."


Image of iPhone and map courtesy of Shutterstock.

, , , , , , , , ,

You might like

20 Responses to Apple faces class action suit for tracking users without consent

  1. This is stupid, because Location Services is a thing you specifically need to enable at the time you activate an iPhone/iPad/iPodT.

    It's a whole screen, very clear, very specific. Not a checkbox, but a menu option, and by default, if the memory doesn't fail me, it's on "Don't enable".

  2. Larry · 76 days ago

    Um, she's a fool and the judge that allowed this to reach court is an ID10T,

    Its in the Terms and Conditions, section 4.

    http://images.apple.com/legal/sla/docs/iOS7.pdf

    This is a waste of the courts and tax payers time and money

  3. Gavin · 76 days ago

    I think the point is not that the phone has GPS functionality which may or may not be enabled, it's that by enabling such functionality you are consenting without choice or knowledge to that information being relayed to, stored by and apparently shared by Apple for reasons OTHER THAN the functionality you as a user want to enable, without your consent.

    I see it as analogous to a car manufacturer setting up their vehicles so that if you choose to move them around (though you don't have to), their movements will be recorded and reported back to that manufacturer.

    Do we also know if an iPhone with Location Services turned OFF definitely doesn't transmit any location data? It could still do so, certainly by cell tower connection if nothing else. That data could and should be available for network troubleshooting and billing purposes, but without a disclosure and opt-in/out agreement, no data should also be used for the purposes of tracking the user.

    I agree with Chen Ma on this one.

    G

  4. Ian · 76 days ago

    Wait a sec. You mean the statement from Apple on p.36 of their iOS 7.1 software User Guide?

    "Location Services lets location-based apps ... use data indicating your location. Your approximate location is determined using available information from cellular network data, local Wi-Fi networks, and GPS. The location data collected by Apple isn’t collected in a form that personally identifies you."

    Followed by procedures on how to turn it on/off, to include system services. When its off, the system even notifies you that an app is trying to use that feature.

    Stop being ignorant about the devices and technology you use; learn and understand it. I hope that individuals like this put more effort into understanding their auto's than they do their phones.

    • Paul Ducklin · 76 days ago

      It's on page 2 (section 4) of the T&Cs an earlier commenter referred to. You don't have to like it but the idea that you couldn't have known about geolocation, and that you are as good as forced to keep using to get value from your iDevice anyway, rings hollow with me.

      • Andrew Ludgate · 76 days ago

        If you got someone else to set up your phone, I can see how you could miss this, but otherwise you know that you're sending location data to Apple. They changed the setup interface around iOS 5, because people were realizing that unencrypted location data was being stored. Then later in iOS 6, they integrated iCloud, and had to update again (with another round of privacy complaints) because that (now encrypted) data was being uploaded to their servers and it wasn't obvious from the install wording.

        However, the entire situation is pretty clearly spelled out now. The only complaint I can really see is that Apple is tying location features that no user would really want to the location services that they DO want, by default, without explaining the relationship. You can still adjust the ad location tracking, but it's non-obvious.

    • Sam Spade · 75 days ago

      Apple needs to be very careful about statements like "The location data collected by Apple isn’t collected in a form that personally identifies you". If that location data is transmitted with a unique ID that can be tied to a particular phone, and that particular phone can be tied to a particular Apple account, then the information IS in a form that (could potentially) personally identify somebody. The potential ability to follow such a bouncing ball to ultimately identify a person is what matters, not whether they are actively doing so.

  5. Steven · 76 days ago

    Therefore its a menu option - and by default - its set to "Don't enable"

    Therefore I see no reason to claim Apple is responsible when someone volunteers the information - that many other phones can have this feature, for a good purpose of safety - emergency vehicle or car break down location.

    The broadcast quoted researchers who said that those with access to the data could glean sensitive information such as the country's economic situation or "even state secrets" - Any device connected to the internet or phone system could be vulnerable - giving consent is not someone else to blame.

    Lets be fair - China is also one of the best sources for free anonymous proxies... apparently, which would definitely skew the "original source", What better weapon can Al Qaeda use with misinformation - for example a person appears in the country from another country and makes a video about Mohamed to get people to react overseas to reports of offending yet in fact no be as they presume. The internet sells call spoofing where you can call someone and make Caller ID presume something - not be the origin of the phone number - is so bad that its been listed as illegal and penalties if you do not have a good reason for doing it.

  6. Anonymous · 76 days ago

    Faith in humanity - 1

  7. 4caster · 75 days ago

    I wonder whether anyone has thought to track the iPhones of passengers on Flight MH370 (the one that went missing over the Indian Ocean). Some passengers would surely have their iPhones switched on. Or does Apple require ground-based systems to track the iPhones, rather than pure GPS?

    • Paul Ducklin · 75 days ago

      The phone has to "call home" with its latest GPS reading to reveal your location. Otherwise the phone knows where it is but Apple doesn't.

      My understanding is that the plane almost certainly crashed far, far out of range of any cellular towers, so none of the location aware devices on board (most of which were probably switched to flight mode anyway) could possibly have called home.

  8. To be pedantic, Apple is tracking the iPhones, not the users. If you want to go somewhere where you can't be tracked, leave it behind or switch it off. Personally, if mine is lost or stolen I would be rather pleased if Apple could locate it.

  9. Pierre · 75 days ago

    So typically American to sue for something like this.....
    So what if Apple can track her and millions of others locations?
    So what?
    What is going on in a persons mind even to think about suing a company for something like this........More over, wtf is going on in the lawyers brains to represent someone like this?

  10. Jeffrey · 74 days ago

    All of her complaint items can be controlled in the obviously named Settings \ Privacy. Apple should have received a preliminary injunction to get the case tossed.

  11. I think the point is , that I paid $600 for a phone . If I want to use the gps I should not HAVE to agree to send Apple ANY information . Apple has no investment in GPS They dont own the system . It cost apple nothing . Apple has no right to track you , anymore than Garmin does for the GPS in your car .

  12. eigram · 74 days ago

    truly! besides, there's nothing to worry about if they track you, unless you do something fishy lol just say saying ;)

  13. Mark · 66 days ago

    Today, we carry in our pocket, power that used to fill a building. Get used to the idea that we can be tracked. Location services on or off. There are probably more "tracking" services available than we, the end user, currently are aware of. Don't want to be tracked, turn off your cell/mobile phone/tablet and put it in a drawer. Then duck all the cameras that are out there...

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

I've been writing about technology, careers, science and health since 1995. I rose to the lofty heights of Executive Editor for eWEEK, popped out with the 2008 crash, joined the freelancer economy, and am still writing for my beloved peeps at places like Sophos's Naked Security, CIO Mag, ComputerWorld, PC Mag, IT Expert Voice, Software Quality Connection, Time, and the US and British editions of HP's Input/Output. I respond to cash and spicy sites, so don't be shy.