Google and Apple have both been in the news lately over details of how both companies? mobile operating systems store and transmit geolocation data. Following a class-action suit brought by two Tampa men targeting Apple over alleged user tracking, Google is facing a similar class action lawsuit filed in Detroit on Wednesday.
Last week it was revealed that iOS devices cache a large amount of location data in a file that is backed up to users? computers. The file is hidden from normal access on iPhones and iPads, but is unencrypted, and unless users also opt to encrypt iOS backups in iTunes, the file is also unencrypted. While someone would need physical access to either device to get the information, concerns were raised that the information could be used to track individuals, thereby compromising their privacy.Apple later explained that the data was a cache of nearby cell tower and WiFi access point locations downloaded from Apple, which iOS devices can use to more quickly narrow down a users location when GPS signals are weak or nonexistent. The company admitted that the cache was designed to collect more data than was necessary, and said that an upcoming iOS update would restrict the size, encrypt it on the device, and keep the data from being backed up to users? computers when syncing with iTunes.
Furthermore, Apple explained iOS devices do in fact collect GPS coordinates for cell tower locations and WiFi basestations to expand and refine Apple?s database if users elect to send anonymous diagnostic data to Apple when setting up a new device. That data is periodically sent to Apple?about every 12 hours, according to a letter sent to Congress last year. The data is encrypted and does not include any device IDs, making it impossible for Apple to track any particular user with this information.
Last week developers also revealed that Android devices keep a similar cache of cell tower and WiFi data, though Android limits the amount of data to 50 recently accessed cell towers and 200 recently accessed WiFi networks. Like iOS devices, a person would need to ?root? (similar to ?jailbreaking?) an Android device to get the data, but in contrast to iPhones this data isn?t synced to a computer.
More disconcerting, however, is the fact that Android devices collect ?its location every few seconds and transmitted the data to Google at least several times an hour,? according to research by security expert Samy Kamkar. Google said it uses this data for a variety of uses, but unlike Apple, Android attaches a unique ID number to the data. While that ID number is effectively random and can?t be directly linked to a particular device or user, it is possible to analyze such data and correlate it to particular individuals using increasingly advanced ?deanonymization? techniques.
Detroit area residents Julie Brown and Kayla Molaski filed a class action lawsuit against Google over concerns that the location data that Android devices send to Google ?several times per hour? is tied to a unique (though random) device ID. The lawsuit further alleges that this data is sent to Google unencrypted. ?The accessibility of the unencrypted information collected by Google places users at serious risk of privacy invasions, including stalking,? according to the complaint.
Source: http://www.wired.com/epicenter/2011/05/google-faces-lawsuit/
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.