The blogosphere yesterday was aflutter with news that iOS 4 stores user location data in a unprotected and unencrypted file accessible on a user’s mobile device or desktop in a file called consolidated.db. The truth of the matter is that this file isn’t new and has been discussed quite extensively for months now as it’s been used in a number of law enforcement investigations.
But, we suppose the fact that this file is easily accessible is cause for concern, and naturally, it didn’t take longs for politicians to turn their heads towards the issue. Senator Al Franken from Minnesota (yes, formerly of Saturday Night Live) recently penned a letter to Apple CEO Steve Jobs. You can view it here as a PDF.
“Anyone who gains access to this single file,” Franken writes, “could likely determine the location of the user’s home, the businesses he frequents, the doctors he visits, the schools his children attend, and the trips he has taken over the past months or even a year.”
“It is also entirely conceivable,” Franken continues, “that malicious persons may create viruses to access this data from customers’ iPhones, iPads, and desktop and laptop computers. There are numerous ways in which this information could be abused by criminals and bad actors. Furthermore, there is no indication that this file is any different for underage iPhone or iPad users, meaning that the millions of children and teenagers who use iPhone or iPad devices also risk having their location collected and compromised.
Franken finishes up with a list of 9 questions he wants Apple to answer:
- Why does Apple collect and compile this location data? Why did Apple choose to initiate tracking this data in its iOS 4 operating system?
- Does Apple collect and compile this location data for laptops?
- How is this data generated? (GPS, cell tower triangulation, Wi-Fi triangulation, etc.)
- How frequently is a user’s location recorded? What triggers the creation of a record of someone’s location?
- How precise is this location data? Can it track the users location to 50 m, 100 m, etc.?
- Why is this data not encrypted? What steps will Apple take to encrypt the data?
- Why were Apple consumers never affirmatively informed of the collection and retention of their location data in this manner? Why did Apple not seek affirmative consent before doing so?
- To whom, if anyone, including Apple, has this data been disclosed? When and why were these disclosures made?