by Daily Mail Reporter
22 April 2011
from DailyMail Website

 

  • Google's Android HTC phone transmitted data back to Google several times an hour

  • Apple slammed for user locations being stored in iPhone and iPad

  • Google and Apple are using location data to build databases of Wi-Fi hotspots

  • Data from Apple devices syncs with computer, meaning anyone with access can see

  • Representative Edward Markey questions whether the practice may be illegal

 

Tests

An Android HTC phone was found to track its location every few seconds

and transmitted the data back to Google several times an hour
 

The row over the privacy of mobile phone users escalated today as it was revealed that Google devices regularly transmit user locations back to the company.

The new revelations come after Apple was this week slammed by several Congress members for the way user locations are being stored in unencrypted databases on the iPhone and iPad, sometimes stretching back several months.

In Google's case an Android HTC phone tracked its location every few seconds and transmitted the data back to Google several times an hour, according to new research by security analyst Samy Kamkar for the Wall Street Journal.

It also transmitted the name, location and signal strength of any close Wi-Fi networks and the phone's unique identifier.

Both Google and Apple have previously admitted they are using location data to build massive databases of Wi-Fi hotspots.

This can then be used to pinpoint individual's locations via their mobile phones, which in turn could help the companies tap into the huge market for location-based services, currently worth $2.9billion.

This figure is expected to rise to a staggering $8.3billion in 2014, according to research company Gartner.

Location data is some of the most valuable information a mobile phone can provide, since it can tell advertisers not only where someone's been, but also where they might be going - and what they might be inclined to buy when they get there.

A spokeswoman for the Office of the Privacy Commissioner of Canada told the Journal the office 'had concerns' about using mobile phones to collect Wi-Fi data and had expressed those concerns to Google itself.

 

Concern

Apple was slammed by several Congress members for the way

iPhone and iPad users' locations are being kept under secret surveillance by Apple
 

'The whole issue of the tracking capabilities of new mobile devices raises significant privacy issues,' she said.

In the past Google has pointed out that its collected Wi-FI data is anonymous and that it deletes the start and end points of every trip it uses for traffic maps.

But, the data, provided to the Journal exclusively by Mr Kamkar, contained a unique identifier linked to an individual's phone.

Mr Kamkar developed a tracking file called 'evercookie' that once installed on a computer, was difficult to get rid of, in order to highlight the privacy vulnerabilities in web-browsing software.

The Journal then had an independent consultant test out the program on an Android device and its use of location data. It worked.

 

A graphic of iPhone location data from Washington D.C. to New York City

 

Secret surveillance

The map shows the locations and phone use of a journey taken by Alasdair Allan and Pete Warden,

the researchers who discovered the capability on the device
 

Now watch the video of the trip from Washington D.C. to New York:
 

 

Washington DC to New York from Alasdair Allan on Vimeo

 



The news that both Google and Apple have these capabilities is a worry, especially after the Journal's findings last year that some of the most popular smartphone apps use location data and other personal information aggressively - in some cases sharing it with third-party companies without the user's consent or knowledge, the paper found.

Representative Edward Markey and Senator Al Franken have both expressed concern about the way Apple may use its location data.

Their anger was prompted by a report from researchers Alasdair Allan, research fellow at University of Exeter in the UK and Pete Warden, the founder of Data Science Toolkit.

 


Both Google, led by Chairman and CEO, Eric Schmidt, right, and Apple, led by CEO Steve Jobs,

have previously admitted they are using location data to build massive databases of Wi-Fi hotspots
 


Anger

Senator Al Franken, left and Representative Edward Markey, right,

have both expressed concern about the way Apple may use its location data in a letter to the company
 

A TOOL FOR THE POLICE?
The police could certainly benefit from the location data stored on the iPhone with a simple high tech device called Cellebrite UFED.

This is a box that connects to almost any personal mobile phone and downloads its entire contents, including call logs, texts, photos and web history even if it has been deleted.

Michigan State Police yesterday defended their use of the device arguing that it was an effective tool in fighting crime.

But the Michigan branch of the ACLU disagrees and fears police are using it on routine arrests and even traffic stops, according to Fox News.

Michigan State Police spokesman Tiffany Brown told FoxNews.com the devices are only used to gather evidence for serious cases such as crimes against children however.

'The (department) only uses the device if a search warrant is obtained or with consent,' Brown added.

The pair found the Apple devices save the latitude and longitude of users' locations, along with a time stamp, then copies the data to the owner's computer whenever the two are synchronized.

They were able to build an extraordinary detailed map of where they had been, but said they had no evidence the file was being transmitted to Apple.

They have since built a program that individuals can download for free to see what location data has been stored on their own phones.

And after talking to people in the Android community Mr Warden and Dr Allan were told that Android phones had something similar to Apple, but that only a couple of weeks of rolling data was kept.

On their website the pair speculate whether Apple may have built the feature in for future developments but add:

'The fact that it's (the data) transferred across devices when you restore or migrate is evidence the data-gathering isn't accidental.'

They highlight that the location data is stored in an easily-readable form on a person's computer.

'By passively logging your location without your permission, Apple have made it possible for anyone from a jealous spouse to a private investigator to get a detailed picture of your movements,' they write.

Other mobile phone providers collect similar data but it's kept securely behind their firewall, they write.

This data ordinarily requires a court order to gain access to it, whereas the data from Apple devices is there for anyone who uses that person's phone or computer to see, they add.

 

WHAT ABOUT BUSINESSES?
Many companies hand out business mobile phones and increasingly iPads to their colleagues.

The revelations about data storage could prove to be a headache for companies in terms of security, not to mention employees who may use the devices for business and personal use.

Michael Sutton, a security researcher with Zscaler, found that JotNot Scanner Pro, an iOS application, stores passwords for other applications unprotected in the iTunes backup database.

In a blog post, Sutton said:

'Unfortunately, the authentication credentials stored for Evernote, Google Docs, Apple's iDisk and any WebDav enabled server are stored in plain text.

'Therefore, anyone that gained access to this backup file, would then have your username/password for these services.'

Senator Al Franken said the issue raises 'serious privacy concerns,' especially for children using the devices.

He said:

'Anyone who gains access to this single file could likely determine the location of a user's home, the businesses he frequents, the doctors he visits, the schools his children attend, and the trips he has taken - over the past months or even a year.'

Representative Edward Markey questioned whether the practice may be illegal under a federal law governing the use of location information for commercial purposes and said consumers weren't properly informed.

He said:

'Apple needs to safeguard the personal location information of its users to ensure that an iPhone doesn't become an iTrack.

'Collecting, storing and disclosing a consumer's location for commercial purposes without their express permission is unacceptable and would violate current law.'

Mr Markey, who is the co-chair of the House Bipartisan Privacy Caucus, sent a letter to Apple CEO Steve Jobs on Thursday in response to the research.

Specifically, Markey wants to know if Apple developed the feature intentionally to keep a log of users' whereabouts. And if it did mean to collect this information, what did it intend to do with it? He also wants to know if Apple has notified consumers that this information is being collected.

He said he's seeking answers to his questions by May 12.

Apple said it 'intermittently' collects location data, including GPS coordinates, of many iPhone users and nearby Wi-Fi networks and sends that data to itself every 12 hours, according to a letter the company sent to Mr Markey and Representative for Texas, Joe Barton, last year.

A spokesman for Google said:

'All location sharing on Android is opt-in by the user. We provide users with notice and control over the collection, sharing and use of location in order to provide a better mobile experience on Android devices.

'Any location data that is sent back to Google location servers is anonymized and is not tied or traceable to a specific user.'