d) Convey the object code by offering access from a designated place (gratis or for a charge), and offer equivalent access to the Corresponding Source in the same way through the same place at no further charge. You need not require recipients to copy the Corresponding Source along with the object code. If the place to copy the object code is a network server, the Corresponding Source may be on a different server (operated by you or a third party) that supports equivalent copying facilities, provided you maintain clear directions next to the object code saying where to find the Corresponding Source. Regardless of what server hosts the Corresponding Source, you remain obligated to ensure that it is available for as long as needed to satisfy these requirements.
As far as I can tell, they only need to provide a link where the source may be found. There's no reason, as far as I can see, why said link couldn't just be a link to the original project they ripped off which has the original source code. I have no idea if any of these fly-by-night developers actaully do that, since I don't actually read any of the text they put in their license agreements.
As for the primary story here, my understanding of the system that was in place was this: Google hosts the source repository at android.com (source.android.com if you want a direct link). If manufacturers make changes, they submit them Google. Google may choose to roll them into the official release or not, but either way those submissions are still available from Google as the central android code repository. I feel like as long as this is happening, and the manufacturers give you a link to android.com at some point, they're probably fulfilling their obligations. I'm not sure they actually need to do anything beyond including that link, which seriously, has got to be there somewhere buried in all the hundreds of screens you have to click through or on some "about" page in the set up.
Whoever modded me down as redundant really should have noticed that my post was 40 minutes before the other one. The other just happened to be in response to one of the first threads posted. Bah, oh well!
Way to strawman, bro. How did you go from "the pictures I had on my iPhone got deleted in the firmware upgrade due to a bug" to "using my iPhone to backup important stuff"?
Nobody with sense would keep important files on any kind of phone as a backup, android or iOS--makes no difference in that discussion. I'm just talking about the pictures I took with the phone, and therefore naturally on the phone. You do understand that phones are cameras too these days, right?
But is he right? Only the kernel is GPL'ed, and the vendors are mostly doing UI skinning--do we even know if they're modifying any of the stuff that falls under the GPL?
1) Project A is GPL, releases binaries, releases code. It's totally free. 2) Project B is based on Project A. It sells binaries, does not release code. 3) However, while project B might change the name, they don't make any real modifications to the code. They're just selling the same crap you could get free elsewhere.
Since Project B doesn't have any modifications over Project A, and Project A's source code is widely available, is Project B off the hook when it comes to releasing the source code?
This is extremely common, and as far as I can tell, it's legal--though slimy. I can't abide any business model which depends on ignorance--in this case ignorance that the exact same product is already available for free under a different name.
Both the App store and Android market are curated experiences, though Apple's version is obviously a lot more restricted. They have both rules, they limit what can be submitted, and they remove things that violate those rules. Both have had problems with apps doing more than they claimed to do that resulted in apps being removed after these violations were discovered. Pretty much every story about Android malware has a corresponding iOS story if you've been paying attention. But similarly, neither platform has any *significant* issues. The recent instance of Google kill switching some apps that violated their rules were not actual Malware apps, just apps posted by a security researcher to demonstrate that people will blindly install apps that ask permission to access contacts/location/etc even though they have no legitimate reason to be doing so. They weren't actually stealing user data, just demonstrating how it could be done.
What makes Android "open" is that if you don't like Google's rules, you can make your own App store like Amazon has done or you can just sideload anything you want. It's worth noting that just as many iOS malware stories involve jailbroken phones, most of the Google Malware stories have involved side-loading because like Apple, Google *DOES* curate the Android Market to keep Malware out and, though both have let some shady pieces of software through, both companies have done a pretty good job of keeping it out. Most of the malware that has slipped through on both platforms is just a matter of people not paying any attention to the fact that the Bobble Head app they just installed for some reason requires permission to access the contact list . . .
P.S. It's funny that you mention "which platform do you want to store your pictures on' because I recently had to do tech support for a relative who was quite saddened to discover that her iOS firmware upgrade had wiped all her pictures (which included many she had taken of her new puppy when it was growing). As an iPhone user myself, I've had this same bug happen to me in the past (when i upgraded my 3gs to firmware 4.0 before I got my iphone 4). I did the firmware upgrade and the pictures were simply gone afterwards . . .
There's a difference between "running a totally secure web presence" and "exploited by an automated SQL injection tool". If an auomated tool could find it, then you have to wonder why the hell Sony hadn't just run the damn tool themselves. There are levels of insecurity, and this level is well below what a company like Sony should be at.
The ultimate point, however, is that Google's "Location tracking" is:
1) Opt-in, instead of Opt-out 2) Very clearly described at the time of opt-in 3) Anonymized and therefore not actaully "tracking" (though the anonymization may be taking place server-side instead of client-side)
These three things make this entire situation nonsense. If it anonymously submits the locations of Wifi networks it finds, who the hell cares? That's perfectly legitimate data to collect. It allows Google to replicate the service/functionality of Skyhook.
Yeah my guess is he's got to be hoping for upsells of some sort. Doing this much work for "free" is basically just getting his foot in the door, which may be more than he had before. Perhaps it will work out or perhaps it won't. Time will tell I suppose.
The cold is not a deal breaker. Remember how pressure impacts boiling/freezing points from high school chemistry? Consider the sub-glacial lakes of Antarctica, for instance: http://en.wikipedia.org/wiki/Lake_Vostok
Lake Vostok is liquid at a temperature well below freezing simply because of the pressure of the ice above it. As long as it remains under pressure, the freezing point is significantly lowered.
But, but, Steve Jobs said! And then two women sued! And then Verizon added warning stickers, even though the warnings are about VERIZON having your location data, not Google. There's so much smoke, surely there's fire! And now that South Korea has done it, there's even more smoke. So now there will be congressional hearings, again.
Google is opt-in, for god's sake. All this hysteria over nothing. The phone ships with location services off. During the set up, you must turn it on and when you do, it warns you that this will cause locational data to be sent to Google. Once Google gets the data, they anonymize it so it can't ever be linked back to a user. What more do you want? What should Google do that they aren't already doing? Tell me, oh wise one, how can they possibly be less evil?
Remember, these phones all use AGPS, which literally means they can't even figure out your damn location without sending it to another server. If you have one of those phones, your location is broadcast to someone, somewhere. It cannot be helped.
Except that increasingly, Google is finding that the perception of being evil is based on nothing more than being big. People inherently mistrust them. This is all smoke, and other than Steve Jobs throwing a barbecue, there's no signs of fire.
I would find it troubling if some piece of software (or the operating system itself) was keeping logs of everything I did on the internet and storing them locally for future diagnostic reasons without divulging it. A bit less troubling, perhaps, because its hard to do anything without some degree of transparency on a PC. I have, by default, full access to the file system after all. When my phone does this
Again, the major issue is saving the data unencrypted creates a liability for the user. But even though this is the major issue, it's not something I couldn't get past because I don't think it was done maliciously--I just find the twisting-of-words denial by Steve Jobs to be kind of outrageous. There was a clear and obvious intent to mislead in his words.
The reason your analogy breaks down is that this is something the device is doing without the users knowledge, consent or awareness. This is a hidden "feature" built into the device for (most likely) diagnostic reasons. In your analogy, nothing is at stake because the consumers fully informed and consenting participants.
A better analogy (completely hypothetical, as well, don't sue me Sony), using your terms, would be this: Sony's camera firmware includes a hidden "feature" where anytime the camera is significantly jostled (using an accelerometer, let's say), it snaps a picture and stores it in a user-inaccessible portion of the internal memory. This is discovered. Nobody really knows why Sony would do such an an odd thing, but the assumption is that it might be meant for warranty purposes to determine if a camera was dropped or otherwise "abused" in the moments leading up to its breakage.
The press jumps all over this and its discovered that since these photos accumulate over time, and there are literally millions of them, some of them are bound to be sensitive in nature. Worse still, there is no encryption of these photos, no mention of their existence in any documentation and nothing to stop Sony techs from copying and keeping any they find to be particularly interesting if you submit your camera for warranty service. There is also reason for concern that other people might abuse this illicitly stored information to spy on others.
The CEO of Sony is asked about this, and rather than acknowledge it or suggest it was an ill-considered feature which will be changed, he says, categorically, "Sony does not spy on it's customers" and leaves it at that.
Not that the anonymous post you're responding to wasn't full of paranoia and frantic hand-waving, but I feel like you've got some facts wrong.
1) An android phone records the same data is a point that keeps getting erroneously made. Android phones do not record "the same data". They collect some locational data, and what they collect and what is stored is explicitly spelled out. Google Maps, for instance, will record some data while running related to determining traffic on the roads your driving. You can disable this, and its all anonymized. That's quite a different matter from this. Latitude, also, collects some data. Again, it warns you repeatedly that it's storing your location and offers you a chance to clear it out. And when I say repeatedly, I mean *repeatedly*. You don't even have to rerun the app, it will just remind you every couple of weeks what you're "still being tracked and you really might want to turn that off or clear your history if you're not completely comfortable with that."
Apple's EULA says they will gather anonymized locational data (like zip codes) so they can serve you more relevant ads. This is NOT that. This is something above and beyond what they asked permission to do in the EULA. This is not anonymized data.
2) My camera (on my iPhone, which is my primary device) asks permission EVERY TIME if I want to let it access my location. I don't get exif data in my phone pictures unless I allow it.
I don't know what his point was, but mine certainly isn't that I don't trust Apple. I'm pretty sure this file is intended for debugging purposes and its existence is an oversight or an error. At worst, its probably just really bad judgment rather than malice. But, that aside, I cannot abide Steve Jobs blatantly lying (or at least giving the truth a good roughing up, if you want to argue the semantics and assert he wasn't technically lying).
Apple needs just do what Google did with the whole Wifi sniffing thing and say "Hey, our bad. This file was meant to diagnose people's connection issues if they brought the phone in for service and we hadn't really considered the potential privacy implications of keeping this sort of a log that could potentially be taken into evidence or stolen by malicious software. We'll get right on a fix." None of this "'Tis but a scratch!" nonsense.
You seem to be doing some confusing line treading when you state try to have it both ways. Apple doesn't track you, according to you, because the file exists "locally" only (which is not confirmed) and not sent back to Apple. But then later you seem to suggest that Apple's EULA says they they do track users. Steve Jobs can't have it both ways, and neither can you.
That said, most of your argument is "Apple doesn't track you, your iPhone does. It only becomes Apple tracking you if they upload the file."
I feel like that's a pretty silly argument. After all, who told my iPhone (yes I own/use an iPhone) to track me? Apple, right? Therefore, Apple is the one tracking me. Whether they KNOW the information created by that tracking process or not, they're still doing the tracking and I have a right to know that.
What Apple's EULA references is a different type of data collection which I wouldn't really call tracking and IS NOT what is happening in this log file. This is not Apple taking my zip code *anonymously* and then using it to serve me a more relevant iAd with no record of this created that can later be used against me. This is Apple keeping a fairly extensive log of my locations in an easy to access place that contains my UNIQUE device identifier which is linked to my full name and address for warrant purposes. This is not the sort of anonymized information gathering the EULA describes, at all.
Moreover, just FYI, if you run Lattitude on Android (which is the only thing that can really be described as "tracking" you since it's the only thing that keeps a record linked to your name), it warns you not only in the EULA but up front what it does and then routinely reminds you what it's doing in the background so that you don't forget you enabled something which tracks you. If you leave it on all the time, little warnings will pop up explaining it.
For the same purpose? To date, nobody has yet managed to divine the purpose that Apple does it. It's a complete mystery. Most likely, It's probably some old debugging relic with *no* actual purpose. In fact, had Apple just said "Whoops, it was a mistake. That file was not meant to be there. I would have totally believed them."
And again, here we have Steve Jobs saying "We don't do that" and you saying "Apple says they do it". You don't seem to have this story straight, at all. So let's get some things straight:
1) This data is not anonymized. It contains a device specific unique ID which can easily be tied to your name, address, and any other information you gave Apple at the time of purchase. 2) The data Apple admits to collecting is spelled out clearly and does not include this data. Apple, in effect, says they will collect your zip code, anonymously, in order to better serve you more relevant ad content (see, iADS). On a personal note I would not consider this usage to be "tracking". 3) It's unknown whether or not this data on the phone is ever sent to Apple. I'm inclined, however, to give Apple the benefit of the doubt and *assume* it's not--but who can say when Apple refuses to admit this data exists in the first place.
Slashdot Mirror
d) Convey the object code by offering access from a designated place (gratis or for a charge), and offer equivalent access to the Corresponding Source in the same way through the same place at no further charge. You need not require recipients to copy the Corresponding Source along with the object code. If the place to copy the object code is a network server, the Corresponding Source may be on a different server (operated by you or a third party) that supports equivalent copying facilities, provided you maintain clear directions next to the object code saying where to find the Corresponding Source. Regardless of what server hosts the Corresponding Source, you remain obligated to ensure that it is available for as long as needed to satisfy these requirements.
As far as I can tell, they only need to provide a link where the source may be found. There's no reason, as far as I can see, why said link couldn't just be a link to the original project they ripped off which has the original source code. I have no idea if any of these fly-by-night developers actaully do that, since I don't actually read any of the text they put in their license agreements.
As for the primary story here, my understanding of the system that was in place was this: Google hosts the source repository at android.com (source.android.com if you want a direct link). If manufacturers make changes, they submit them Google. Google may choose to roll them into the official release or not, but either way those submissions are still available from Google as the central android code repository. I feel like as long as this is happening, and the manufacturers give you a link to android.com at some point, they're probably fulfilling their obligations. I'm not sure they actually need to do anything beyond including that link, which seriously, has got to be there somewhere buried in all the hundreds of screens you have to click through or on some "about" page in the set up.
Whoever modded me down as redundant really should have noticed that my post was 40 minutes before the other one. The other just happened to be in response to one of the first threads posted. Bah, oh well!
Way to strawman, bro. How did you go from "the pictures I had on my iPhone got deleted in the firmware upgrade due to a bug" to "using my iPhone to backup important stuff"?
Nobody with sense would keep important files on any kind of phone as a backup, android or iOS--makes no difference in that discussion. I'm just talking about the pictures I took with the phone, and therefore naturally on the phone. You do understand that phones are cameras too these days, right?
But is he right? Only the kernel is GPL'ed, and the vendors are mostly doing UI skinning--do we even know if they're modifying any of the stuff that falls under the GPL?
This seems to be most common scenario:
1) Project A is GPL, releases binaries, releases code. It's totally free.
2) Project B is based on Project A. It sells binaries, does not release code.
3) However, while project B might change the name, they don't make any real modifications to the code. They're just selling the same crap you could get free elsewhere.
Since Project B doesn't have any modifications over Project A, and Project A's source code is widely available, is Project B off the hook when it comes to releasing the source code?
This is extremely common, and as far as I can tell, it's legal--though slimy. I can't abide any business model which depends on ignorance--in this case ignorance that the exact same product is already available for free under a different name.
Are the vendors actaully changing anything in the Kernel? It seems like most of the changes they are making are just UI skinning . . .
You've been taken in by Apple's FUD.
Both the App store and Android market are curated experiences, though Apple's version is obviously a lot more restricted. They have both rules, they limit what can be submitted, and they remove things that violate those rules. Both have had problems with apps doing more than they claimed to do that resulted in apps being removed after these violations were discovered. Pretty much every story about Android malware has a corresponding iOS story if you've been paying attention. But similarly, neither platform has any *significant* issues. The recent instance of Google kill switching some apps that violated their rules were not actual Malware apps, just apps posted by a security researcher to demonstrate that people will blindly install apps that ask permission to access contacts/location/etc even though they have no legitimate reason to be doing so. They weren't actually stealing user data, just demonstrating how it could be done.
What makes Android "open" is that if you don't like Google's rules, you can make your own App store like Amazon has done or you can just sideload anything you want. It's worth noting that just as many iOS malware stories involve jailbroken phones, most of the Google Malware stories have involved side-loading because like Apple, Google *DOES* curate the Android Market to keep Malware out and, though both have let some shady pieces of software through, both companies have done a pretty good job of keeping it out. Most of the malware that has slipped through on both platforms is just a matter of people not paying any attention to the fact that the Bobble Head app they just installed for some reason requires permission to access the contact list . . .
P.S. It's funny that you mention "which platform do you want to store your pictures on' because I recently had to do tech support for a relative who was quite saddened to discover that her iOS firmware upgrade had wiped all her pictures (which included many she had taken of her new puppy when it was growing). As an iPhone user myself, I've had this same bug happen to me in the past (when i upgraded my 3gs to firmware 4.0 before I got my iphone 4). I did the firmware upgrade and the pictures were simply gone afterwards . . .
This never gets old to me.
http://xkcd.com/327/
There's a difference between "running a totally secure web presence" and "exploited by an automated SQL injection tool". If an auomated tool could find it, then you have to wonder why the hell Sony hadn't just run the damn tool themselves. There are levels of insecurity, and this level is well below what a company like Sony should be at.
No, I guess I couldn't invent it. But I'm willing to bet I could patent it, and then sue whoever does actually invent it later. God Bless America!
Weak moderation, imo, but my Karma can take it. Sometimes the truth is the greatest flamebait of all.
Timothy would post something titled "Google fails to cure AIDS".
The ultimate point, however, is that Google's "Location tracking" is:
1) Opt-in, instead of Opt-out
2) Very clearly described at the time of opt-in
3) Anonymized and therefore not actaully "tracking" (though the anonymization may be taking place server-side instead of client-side)
These three things make this entire situation nonsense. If it anonymously submits the locations of Wifi networks it finds, who the hell cares? That's perfectly legitimate data to collect. It allows Google to replicate the service/functionality of Skyhook.
Yeah my guess is he's got to be hoping for upsells of some sort. Doing this much work for "free" is basically just getting his foot in the door, which may be more than he had before. Perhaps it will work out or perhaps it won't. Time will tell I suppose.
The cold is not a deal breaker. Remember how pressure impacts boiling/freezing points from high school chemistry? Consider the sub-glacial lakes of Antarctica, for instance: http://en.wikipedia.org/wiki/Lake_Vostok
Lake Vostok is liquid at a temperature well below freezing simply because of the pressure of the ice above it. As long as it remains under pressure, the freezing point is significantly lowered.
But, but, Steve Jobs said! And then two women sued! And then Verizon added warning stickers, even though the warnings are about VERIZON having your location data, not Google. There's so much smoke, surely there's fire! And now that South Korea has done it, there's even more smoke. So now there will be congressional hearings, again.
Once you get big enough, you make an easy target.
Google is already opt-in, instead of opt-out. This whole thing is ridiculous and baseless.
Google is opt-in, for god's sake. All this hysteria over nothing. The phone ships with location services off. During the set up, you must turn it on and when you do, it warns you that this will cause locational data to be sent to Google. Once Google gets the data, they anonymize it so it can't ever be linked back to a user. What more do you want? What should Google do that they aren't already doing? Tell me, oh wise one, how can they possibly be less evil?
Remember, these phones all use AGPS, which literally means they can't even figure out your damn location without sending it to another server. If you have one of those phones, your location is broadcast to someone, somewhere. It cannot be helped.
Except that increasingly, Google is finding that the perception of being evil is based on nothing more than being big. People inherently mistrust them. This is all smoke, and other than Steve Jobs throwing a barbecue, there's no signs of fire.
Or perhaps Google's not breaking the law and they're just a victim of ridiculous hysteria.
I would find it troubling if some piece of software (or the operating system itself) was keeping logs of everything I did on the internet and storing them locally for future diagnostic reasons without divulging it. A bit less troubling, perhaps, because its hard to do anything without some degree of transparency on a PC. I have, by default, full access to the file system after all. When my phone does this
Again, the major issue is saving the data unencrypted creates a liability for the user. But even though this is the major issue, it's not something I couldn't get past because I don't think it was done maliciously--I just find the twisting-of-words denial by Steve Jobs to be kind of outrageous. There was a clear and obvious intent to mislead in his words.
The reason your analogy breaks down is that this is something the device is doing without the users knowledge, consent or awareness. This is a hidden "feature" built into the device for (most likely) diagnostic reasons. In your analogy, nothing is at stake because the consumers fully informed and consenting participants.
A better analogy (completely hypothetical, as well, don't sue me Sony), using your terms, would be this: Sony's camera firmware includes a hidden "feature" where anytime the camera is significantly jostled (using an accelerometer, let's say), it snaps a picture and stores it in a user-inaccessible portion of the internal memory. This is discovered. Nobody really knows why Sony would do such an an odd thing, but the assumption is that it might be meant for warranty purposes to determine if a camera was dropped or otherwise "abused" in the moments leading up to its breakage.
The press jumps all over this and its discovered that since these photos accumulate over time, and there are literally millions of them, some of them are bound to be sensitive in nature. Worse still, there is no encryption of these photos, no mention of their existence in any documentation and nothing to stop Sony techs from copying and keeping any they find to be particularly interesting if you submit your camera for warranty service. There is also reason for concern that other people might abuse this illicitly stored information to spy on others.
The CEO of Sony is asked about this, and rather than acknowledge it or suggest it was an ill-considered feature which will be changed, he says, categorically, "Sony does not spy on it's customers" and leaves it at that.
Was his answer dishonest?
Not that the anonymous post you're responding to wasn't full of paranoia and frantic hand-waving, but I feel like you've got some facts wrong.
1) An android phone records the same data is a point that keeps getting erroneously made. Android phones do not record "the same data". They collect some locational data, and what they collect and what is stored is explicitly spelled out. Google Maps, for instance, will record some data while running related to determining traffic on the roads your driving. You can disable this, and its all anonymized. That's quite a different matter from this. Latitude, also, collects some data. Again, it warns you repeatedly that it's storing your location and offers you a chance to clear it out. And when I say repeatedly, I mean *repeatedly*. You don't even have to rerun the app, it will just remind you every couple of weeks what you're "still being tracked and you really might want to turn that off or clear your history if you're not completely comfortable with that."
Apple's EULA says they will gather anonymized locational data (like zip codes) so they can serve you more relevant ads. This is NOT that. This is something above and beyond what they asked permission to do in the EULA. This is not anonymized data.
2) My camera (on my iPhone, which is my primary device) asks permission EVERY TIME if I want to let it access my location. I don't get exif data in my phone pictures unless I allow it.
I don't know what his point was, but mine certainly isn't that I don't trust Apple. I'm pretty sure this file is intended for debugging purposes and its existence is an oversight or an error. At worst, its probably just really bad judgment rather than malice. But, that aside, I cannot abide Steve Jobs blatantly lying (or at least giving the truth a good roughing up, if you want to argue the semantics and assert he wasn't technically lying).
Apple needs just do what Google did with the whole Wifi sniffing thing and say "Hey, our bad. This file was meant to diagnose people's connection issues if they brought the phone in for service and we hadn't really considered the potential privacy implications of keeping this sort of a log that could potentially be taken into evidence or stolen by malicious software. We'll get right on a fix." None of this "'Tis but a scratch!" nonsense.
You seem to be doing some confusing line treading when you state try to have it both ways. Apple doesn't track you, according to you, because the file exists "locally" only (which is not confirmed) and not sent back to Apple. But then later you seem to suggest that Apple's EULA says they they do track users. Steve Jobs can't have it both ways, and neither can you.
That said, most of your argument is "Apple doesn't track you, your iPhone does. It only becomes Apple tracking you if they upload the file."
I feel like that's a pretty silly argument. After all, who told my iPhone (yes I own/use an iPhone) to track me? Apple, right? Therefore, Apple is the one tracking me. Whether they KNOW the information created by that tracking process or not, they're still doing the tracking and I have a right to know that.
What Apple's EULA references is a different type of data collection which I wouldn't really call tracking and IS NOT what is happening in this log file. This is not Apple taking my zip code *anonymously* and then using it to serve me a more relevant iAd with no record of this created that can later be used against me. This is Apple keeping a fairly extensive log of my locations in an easy to access place that contains my UNIQUE device identifier which is linked to my full name and address for warrant purposes. This is not the sort of anonymized information gathering the EULA describes, at all.
Moreover, just FYI, if you run Lattitude on Android (which is the only thing that can really be described as "tracking" you since it's the only thing that keeps a record linked to your name), it warns you not only in the EULA but up front what it does and then routinely reminds you what it's doing in the background so that you don't forget you enabled something which tracks you. If you leave it on all the time, little warnings will pop up explaining it.
For the same purpose? To date, nobody has yet managed to divine the purpose that Apple does it. It's a complete mystery. Most likely, It's probably some old debugging relic with *no* actual purpose. In fact, had Apple just said "Whoops, it was a mistake. That file was not meant to be there. I would have totally believed them."
And again, here we have Steve Jobs saying "We don't do that" and you saying "Apple says they do it". You don't seem to have this story straight, at all. So let's get some things straight:
1) This data is not anonymized. It contains a device specific unique ID which can easily be tied to your name, address, and any other information you gave Apple at the time of purchase.
2) The data Apple admits to collecting is spelled out clearly and does not include this data. Apple, in effect, says they will collect your zip code, anonymously, in order to better serve you more relevant ad content (see, iADS). On a personal note I would not consider this usage to be "tracking".
3) It's unknown whether or not this data on the phone is ever sent to Apple. I'm inclined, however, to give Apple the benefit of the doubt and *assume* it's not--but who can say when Apple refuses to admit this data exists in the first place.