by Daily Mail Reporter
22 April 2011
from
DailyMail Website
-
Google's Android HTC phone transmitted
data back to Google several times an hour
-
Apple slammed for user locations being
stored in iPhone and iPad
-
Google and Apple are using location data
to build databases of Wi-Fi hotspots
-
Data from Apple devices syncs with
computer, meaning anyone with access can see
-
Representative Edward Markey questions
whether the practice may be illegal
Tests
An Android HTC phone was
found to track its location every few seconds
and transmitted the data back
to Google several times an hour
The row over the privacy of mobile phone users
escalated today as it was revealed that Google devices regularly transmit
user locations back to the company.
The new revelations come after Apple was this week slammed by several
Congress members for the way user locations are being stored in unencrypted
databases on the iPhone and iPad, sometimes stretching back several months.
In
Google's case an Android HTC phone tracked its location every few seconds
and transmitted the data back to Google several times an hour, according to
new research by security analyst Samy Kamkar for the Wall Street Journal.
It also transmitted the name, location and signal strength of any close
Wi-Fi networks and the phone's unique identifier.
Both Google and Apple have previously admitted they are using location data
to build massive databases of Wi-Fi hotspots.
This can then be used to pinpoint individual's locations via their mobile
phones, which in turn could help the companies tap into the huge market for
location-based services, currently worth $2.9billion.
This figure is expected to rise to a staggering $8.3billion in 2014,
according to research company
Gartner.
Location data is some of the most valuable information a mobile phone can
provide, since it can tell advertisers not only where someone's been, but
also where they might be going - and what they might be inclined to buy when
they get there.
A spokeswoman for the Office of the Privacy Commissioner of Canada told the
Journal the office 'had concerns' about using mobile phones to collect Wi-Fi
data and had expressed those concerns to Google itself.
Concern
Apple was slammed by several
Congress members for the way
iPhone and iPad users'
locations are being kept under secret surveillance by Apple
'The whole issue of the tracking
capabilities of new mobile devices raises significant privacy issues,'
she said.
In the past Google has pointed out that its
collected Wi-FI data is anonymous and that it deletes the start and end
points of every trip it uses for traffic maps.
But, the data, provided to the Journal exclusively by Mr Kamkar, contained a
unique identifier linked to an individual's phone.
Mr Kamkar developed a tracking file called 'evercookie' that once installed
on a computer, was difficult to get rid of, in order to highlight the
privacy vulnerabilities in web-browsing software.
The Journal then had an independent consultant test out the program on an
Android device and its use of location data. It worked.
A graphic of iPhone location data from Washington D.C. to New York City
Secret surveillance
The map shows the locations
and phone use of a journey taken by Alasdair Allan and Pete Warden,
the researchers who
discovered the capability on the device
Now watch the video of the trip from Washington
D.C. to New York:
Washington DC to New York from Alasdair Allan on Vimeo
The news that both Google and Apple have these capabilities is a worry,
especially after the Journal's findings last year that some of the most
popular smartphone apps use location data and other personal information
aggressively - in some cases sharing it with third-party companies without
the user's consent or knowledge, the paper found.
Representative Edward Markey and Senator Al Franken have both expressed
concern about the way Apple may use its location data.
Their anger was prompted by a report from researchers Alasdair Allan,
research fellow at University of Exeter in the UK and Pete Warden, the
founder of
Data Science Toolkit.
Both Google, led by Chairman and CEO, Eric Schmidt, right, and Apple, led by
CEO Steve Jobs,
have previously admitted they are using location data to
build massive databases of Wi-Fi hotspots
Anger
Senator Al Franken, left and Representative Edward Markey, right,
have both expressed concern about the way Apple may use its location data in
a letter to the company
A TOOL FOR THE POLICE?
The police could certainly benefit from the location data stored on the
iPhone with a simple high tech device called
Cellebrite UFED.
This is a box that connects to almost any personal mobile phone and
downloads its entire contents, including call logs, texts, photos and web
history even if it has been deleted.
Michigan State Police yesterday defended their use of the device arguing
that it was an effective tool in fighting crime.
But the Michigan branch of the ACLU disagrees and fears police are using it
on routine arrests and even traffic stops, according to Fox News.
Michigan State Police spokesman
Tiffany Brown told FoxNews.com the devices
are only used to gather evidence for serious cases such as crimes against
children however.
'The (department) only uses the device if a search warrant is obtained or
with consent,' Brown added.
The pair found the Apple devices save the latitude and longitude of users'
locations, along with a time stamp, then copies the data to the owner's
computer whenever the two are synchronized.
They were able to build an extraordinary detailed map of where they had
been, but said they had no evidence the file was being transmitted to Apple.
They have since built a program that individuals can download for free to
see what location data has been stored on their own phones.
And after talking to people in the Android community Mr Warden and Dr Allan
were told that
Android phones had something similar to Apple, but that only
a couple of weeks of rolling data was kept.
On their website the pair speculate whether Apple may have built the feature
in for future developments but add:
'The fact that it's (the data)
transferred across devices when you restore or migrate is evidence the
data-gathering isn't accidental.'
They highlight that the location data is stored in an easily-readable form
on a person's computer.
'By passively logging your location without your permission, Apple have made
it possible for anyone from a jealous spouse to a private investigator to
get a detailed picture of your movements,' they write.
Other mobile phone providers collect similar data but it's kept securely
behind their firewall, they write.
This data ordinarily requires a court order to gain access to it, whereas
the data from Apple devices is there for anyone who uses that person's phone
or computer to see, they add.
WHAT ABOUT BUSINESSES?
Many companies hand out business mobile phones and increasingly iPads to
their colleagues.
The revelations about data storage could prove to be a headache for
companies in terms of security, not to mention employees who may use the
devices for business and personal use.
Michael Sutton, a security researcher with
Zscaler, found that
JotNot
Scanner Pro, an iOS application, stores passwords for other applications
unprotected in the iTunes backup database.
In a blog post, Sutton said:
'Unfortunately, the authentication credentials
stored for Evernote, Google Docs, Apple's iDisk and any WebDav enabled
server are stored in plain text.
'Therefore, anyone that gained access to this backup file, would then have
your username/password for these services.'
Senator Al Franken said the issue raises 'serious privacy concerns,'
especially for children using the devices.
He said:
'Anyone who gains access to this single file could likely determine
the location of a user's home, the businesses he frequents, the doctors he
visits, the schools his children attend, and the trips he has taken - over
the past months or even a year.'
Representative Edward Markey questioned whether the practice may be illegal
under a federal law governing the use of location information for commercial
purposes and said consumers weren't properly informed.
He said:
'Apple needs to safeguard the personal location information of its
users to ensure that an iPhone doesn't become an iTrack.
'Collecting, storing and disclosing a consumer's location for commercial
purposes without their express permission is unacceptable and would violate
current law.'
Mr Markey, who is the co-chair of the House Bipartisan Privacy Caucus, sent
a letter to Apple CEO Steve Jobs on Thursday in response to the research.
Specifically, Markey wants to know if Apple developed the feature
intentionally to keep a log of users' whereabouts. And if it did mean to
collect this information, what did it intend to do with it? He also wants to
know if Apple has notified consumers that this information is being
collected.
He said he's seeking answers to his questions by May 12.
Apple said it 'intermittently' collects location data, including GPS
coordinates, of many iPhone users and nearby Wi-Fi networks and sends that
data to itself every 12 hours, according to a letter the company sent to Mr
Markey and Representative for Texas, Joe Barton, last year.
A spokesman for Google said:
'All location sharing on Android is opt-in by
the user. We provide users with notice and control over the collection,
sharing and use of location in order to provide a better mobile experience
on Android devices.
'Any location data that is sent back to Google location servers is
anonymized and is not tied or traceable to a specific user.'