Apple iOS update quashes location tracking "bug"

Filed Under: Apple, Data loss, iOS, Mobile, Privacy

iPhoneApple has released an iOS update for the iPhone and iPad, addressing concerns that the devices were tracking users' locations.

As was widely reported last month, a bug in Apple's software meant that iPhones and iPads were collecting location-related data and were archiving it on users' computers.

It was found that location information stored on your computer could pinpoint your iPhone's whereabouts for up to a year afterwards - something which caused a storm of protest from those concerned about their privacy.

And you can see their point. After all, someone with access to your PC might find the backup file in your iTunes and determine places that you regularly visit. And you had no idea that that information was being stored.

iPhone tracking

At the time of the revelation I think my biggest concern was the sheer amount of data that was being backed up to PCs. I couldn't see a legitimate reason for up to a year's worth of location data to be held.

Apple responded to the media interest, and admitted that devices were collecting information about cell towers and WiFi hotspots around users' current location, even when users had specifically turned off Location Services.

Apple says that the newly-released iOS 4.3.3 update will no longer back up location data cached on iPhones and iPads to users' computers, and fixes the Location Services bug.

iOS 4.3.3 update

If you install the update, the location data stored on your iPhone or iPad will reportedly only stretch back seven days, and the cache will be deleted in its entirety if you disable Location Services.

It would still be nice, of course, if the cache of location data was also encrypted - to prevent snooping eyes. Apple says that they plan to encrypt the data in the next major iOS software release (iOS 5.0?).

, , , , ,

You might like

7 Responses to Apple iOS update quashes location tracking "bug"

  1. Evil Bob · 1613 days ago

    It wasn't a bug.

    The data was restored to a new phone when you migrated from one device to another, they were keeping the data with the user and not necessarily the device itself.

    That pretty much seals the deal in that it was intentional that Apple was tracking their users specifically.

    • This was tower and hotspot caching data, not user location data, and was backed up along with the rest of the directory it was in, to be restored with that backup identity. It could be argued that this file actually improved your privacy, as the data was only stored locally, instead of continually being sent back to a central server like other devices do. This meant that when using location services, the location service only had to access the cache to find your location instead of calling home.

      Despite the conspiracy theories, it was likely that Apple just failed to properly vet the file during development. After all, it was stored locally, not transferred back to Apple, so they probably didn't see a privacy concern.

      Now, the fact that they didn't connect the dots and realize that tower and hotspot location data can still be used to virtually find your location at a limited number of times in the past, and failed to encrypt the cache on the phone and during backup by default as a response, is a larger issue. Hopefully Apple will respond to this backlash by improving their privacy testing during the development process, and not just patch issues as customers complain.

  2. Glad to see that Apple has fixed this privacy concern!

  3. jb47220 · 1613 days ago

    Is the update compatible with the older 3 and 3GS models...?

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Graham Cluley runs his own award-winning computer security blog at, and is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s. Now an independent security analyst, he regularly makes media appearances and gives computer security presentations. Follow him on Twitter at @gcluley