Slashdot Mirror

← Back to Stories (view on slashdot.org)

Apple Updating iOS To Address Privacy Concerns

Posted by CmdrTaco on from the hype-of-the-month dept.

wiredmikey writes "[Apple] said that over the next few weeks it would release a software update for iOS that would reduce the size of the crowd-sourced Wi-Fi hotspot and cell tower database cached on the iPhone, cease backing up the cache, and delete the cache entirely when Location Services is turned off. Additionally, Apple said that in the next major iOS software release the cache would be encrypted on the iPhone, though a timeline for that was not provided."

18 of 318 comments (clear)

  1. Fail by magamiako1 · · Score: 4, Insightful

    So apple's going to encrypt the location cache on a phone that is otherwise locked, where other people generally don't have access to it other than the device itself, and lower the battery to deal with encryption routines all because people are idiots?

    Sigh...

  2. Moving on by mudpup · · Score: 4, Insightful

    Sounds like Apple is taking steps to improve their system and give the paranoid users a easy opt out. Now the question is what are the other phone manufactures doing with their location systems? Especially those who log your data to the cloud?

    --
    Who owns your data?
    1. Re:Moving on by 93+Escort+Wagon · · Score: 5, Interesting

      Sounds like Apple is taking steps to improve their system and give the paranoid users a easy opt out. Now the question is what are the other phone manufactures doing with their location systems? Especially those who log your data to the cloud?

      That's a good point. Given their relatively short response and turn-around time on this, I'm wondering if Apple sees the possibility here for turning a negative situation into a positive. Don't get me wrong - I think Apple (and other vendors) should've been doing this from the get-go - but it will be interesting to see (for example) how Google responds, given that their business model is to own as much data about you as possible.

      --
      #DeleteChrome
  3. direct link by bidule · · Score: 4, Informative

    Why not use the direct link as nothing was added and some was cut?

    --
    ID: the nose did not occur naturally, how would we wear glasses otherwise? (apologies to Voltaire)
    1. Re:direct link by Americano · · Score: 4, Informative

      Just a wild, unscientific guess, but I'd say it's because linking to Apple's press release directly means that SecurityWeek doesn't get ad impressions from the slashdotting. The link goes to a SecurityWeek Article by Mike Lennon; TFS submitted by "wiredmikey," whose profile identifies him as "SecurityWeek Editor", and links to SecurityWeek.

      Connecting the dots is left as an exercise for the reader.

  4. Re:Bug? by mangino · · Score: 5, Insightful

    Almost all bugs would be caught by a single testcase if you thought about writing it. Most often the problem is that nobody concerned the scenario and though to write a testcase. While it could be mailicious, it could also be just an accident.

    --
    Mike Mangino
    mmangino@acm.org
  5. Seems like a bug by SuperKendall · · Score: 4, Interesting

    Not erasing the old logs doesn't seem like a bug.. it would've been caught by a single test case.

    You only put tests in for problems you think of. Deleting the log file altogether when you turn off location services, is a problem they simply didn't think about. If you think about it the guys writing that part of the code probably assumed that since the file was cached it would be truncated so leaving it around wouldn't matter...

    The rest of the time you aren't deleting the file, instead you are periodically truncating it - something beyond a single test case, and requiring a long period of time to elapse. That part seems also like it could easily be oversight.

    To my mind they probably just thought keeping a record of cell towers was not a big deal, because it was not an exact location log... although just from a performance aspect you'd think they would not want that file growing too large.

    --
    "There is more worth loving than we have strength to love." - Brian Jay Stanley
  6. Conclusion: by Lazareth · · Score: 4, Insightful

    A perfectly sane feature has now been curtailed effectively by public outcry against perceived violation of privacy. While I agree that it is a good thing the stuff now gets encrypted locally (yay, more encryption of sensitive information!) the grand result is nearly nothing. The way this thing worked was by having a cache of locations stored locally and for those who worry about invasion of privacy this turn of events doesn't change anything - if Big Brother wants to know where you are and where you've been, he need do nothing more than to store where you connect from on his side - something he has always been able to do.

  7. Re:Good...? by SvnLyrBrto · · Score: 5, Insightful

    How do you suppose the phone company knows what cell you're in, so they can route calls to your phone? How do you suppose they get their E911 data?

    As long as you have the thing powered on, the phone company know where you are. And if the police want to know, they won't go to your house, hack your computer, and read the log backup. They'll just go to the phone company with a subpoena.

    This whole controversy was much ado about nothing. The only thing that was different was that the user had access to the data that "the man" had all along.

    --
    Imagine all the people...
  8. Re:Bug? by SvnLyrBrto · · Score: 4, Insightful

    Not necessarily a bug... it could have been a simple oversight. Just look at everything that's in /var/log on a vanilla UNIX/Linux installation. Unless you go in to your configurations and specifically dial things down, there's quite a lot in there that some nefarious party could exploit to get a very good idea of what you're doing on that box.

    --
    Imagine all the people...
  9. Re:nice by jessecurry · · Score: 5, Insightful

    Apple: We didn't see anything wrong with the previous implementation, but it seems that our customers do. We'll take steps to make sure that our implementation is in-line with what our customers desire.

    --
    Those who know, do not speak. Those who speak, do not know. ~Lao Tzu
  10. Re:Bug? by IAmGarethAdams · · Score: 4, Interesting

    As Phil Karlton once said

    There are only two hard things in Computer Science: cache invalidation and naming things

  11. Re:hmm.. by Anonymous Coward · · Score: 4, Funny

    It's about time the US started another war to distract people.

  12. Re:Glad this is over by Anonymous Coward · · Score: 4, Insightful

    Um, are you one of those people rising up against oppressive governments? How about the people bringing a class action lawsuit? How about the many blogs screaming about it? No?

    Can this data be used in real-time? No. Can it locate you precisely? No. Can an oppressive government that controls the local cell company locate ANY cellphone with greater accuracy and in real time? Yes.

    Hmmm... I think "alarmist" is an accurate description.

  13. Re:Bug? by Spykk · · Score: 4, Funny

    Invalidating the cache is easy. Just call m_cacheThisIsTheLocationBasedCacheThatSpeedsThingsUp.MakeThisCacheSoThatItIsNotValidAnymore(); Naming things on the other hand...

  14. Re:Bug? by Anonymous Coward · · Score: 5, Insightful

    Not if the bug is in the requirements. You can't test for something if there is no requirement for it. One of the biggest failures of how agile/XP methodologies are implemented, they skimp on the requirements documentation.

  15. Re:Bug? by mangino · · Score: 4, Informative

    I don't know that I agree with this. I've worked building software for more than 15 years and I can tell you that the likelihood of somebody accurately capturing something like this in a requirements document is very close to zero. After all, this isn't a feature we're talking about, it's an implementation detail of a performance optimization. The requirement would likely be something like

    "Must be able to detect a location within 0.2s if wifi is active or can locate at least 3 cell tower ids"

    the rest is how the programmer chose to make it work. If you are creating requirements to the level of detail needed to fully specify purge behavior of a cache database, you're never going to finish your requirements document.

    --
    Mike Mangino
    mmangino@acm.org
  16. Re:Bug? by dwandy · · Score: 5, Funny

    I thought there were two hard things in Computer Science: cache invalidation, naming things and off by one errors.

    --
    If you think imaginary property and real property are the same, when does your house become public domain?