Apple Inc.'s iPhones and Google Inc.'s Android smartphones regularly transmit their locations back to Apple and Google, respectively, according to data and documents analyzed by The Wall Street Journal—intensifying concerns over privacy and the widening trade in personal data.
Google and Apple are gathering location information as part of their race to build massive databases capable of pinpointing people's locations via their cellphones. These databases could help them tap the $2.9 billion market for location-based services—expected to rise to $8.3 billion in 2014, according to research firm Gartner Inc.
In the case of Google, according to new research by security analyst Samy Kamkar, an HTC Android phone collected its location every few seconds and transmitted the data to Google at least several times an hour. It also transmitted the name, location and signal strength of any nearby Wi-Fi networks, as well as a unique phone identifier.
Google declined to comment on the findings.
Until last year, Google was collecting similar Wi-Fi data with its fleet of StreetView cars that map and photograph streets world-wide. The company shut down its StreetView Wi-Fi collection last year after it inadvertently collected e-mail addresses, passwords and other personal information from Wi-Fi networks. The data that Mr. Kamkar observed being transmitted on Android phones didn't include such personal information.
Apple, meanwhile, says it "intermittently" collects location data, including GPS coordinates, of many iPhone users and nearby Wi-Fi networks and transmits that data to itself every 12 hours, according to a letter the company sent to U.S. Reps. Edward Markey (D-Mass.) and Joe Barton (R-Texas) last year. Apple didn't respond to requests for comment.
The Google and Apple developments follow the Journal's findings last year that some of the most popular smartphone apps use location data and other personal information even more aggressively than this—in some cases sharing it with third-party companies without the user's consent or knowledge.
Apple this week separately has come under fire after researchers found that iPhones store unencrypted databases containing location information sometimes stretching back several months.
Google and Apple, the No. 1 and No.3 U.S. smartphone platforms respectively according to comScore Inc., previously have disclosed that they use location data, in part, to build giant databases of Internet WI-Fi hotspots. That data can be used to pinpoint the location of people using Wi-Fi connections.
Cellphones have many reasons to collect location information, which helps provide useful services like local-business lookups and social-networking features. Some location data can also help cellphone networks more efficiently route calls.
Google also has said it uses some of the data to build accurate traffic maps. A cellphone's location data can provide details about, for instance, how fast traffic is moving along a stretch of highway.
The widespread collection of location information is the latest frontier in the booming market for personal data. Until recently, most data about people's behavior has been collected from personal computers: That data generally can be tied to a city or a zip code, but it is tough to be more precise. The rise of Internet-enabled cellphones, however, allows the collection of user data tied with much more precision to specific locations.
This new form of tracking is raising questions from government officials and privacy advocates. On Wednesday, Rep. Markey sent a follow-up letter to Apple asking why the company is storing customer-location data on its phones.
"Apple needs to safeguard the personal location information of its users to ensure that an iPhone doesn't become an iTrack," Rep. Markey said in a statement.
Google previously has said that the Wi-Fi data it collects is anonymous and that it deletes the start and end points of every trip that it uses in its traffic maps. However, the data, provided to the Journal exclusively by Mr. Kamkar, contained a unique identifier tied to an individual's phone.
Mr. Kamkar, 25 years old, has a controversial past. In 2005, when he was 19, he created a computer worm that caused MySpace to crash. He pled guilty to a felony charge of computer hacking in Los Angeles Superior Court, and agreed to not use a computer for three years. Since 2008, he has been doing independent computer security research and consulting. Last year, he developed the "evercookie"—a type of tracking file that is difficult to be removed from computers—as a way to highlight the privacy vulnerabilities in Web-browsing software.
The Journal hired an independent consultant, Ashkan Soltani, to review Mr. Kamkar's findings regarding the Android device and its use of location data. Mr. Soltani confirmed Mr. Kamkar's conclusions.
Transmission of location data raises questions about who has access to what could be sensitive information about location and movement of a phone user.
Federal prosecutors in New Jersey are investigating whether smartphone applications illegally obtained or transmitted information such as location without proper disclosures, the Journal reported in April, citing people familiar with the matter.
A spokeswoman for the Office of the Privacy Commissioner of Canada said the office "had concerns" about using cellphones to collect Wi-Fi data and has expressed those concerns to Google. "The whole issue of the tracking capabilities of new mobile devices raises significant privacy issues," she said.
The business of collecting location information began in 2003, when Boston-based Skyhook Inc. launched and began the practice of "wardriving"—cruising around in cars to collect information about Wi-Fi hotspots. Comparing the names and signal strengths of nearby Wi-Fi hotspots against a database allows for a cellphone's location to be determined within 100 feet, in many cases, Skyhook says.
"For the first four or five years, people thought we were nuts," said Ted Morgan, Skyhook's founder and CEO. "We invented this whole concept of driving around and scanning for Wi-Fi and tuning these algorithms."
In 2007, Google began building its own Wi-Fi database, using the StreetView cars. Last year, Apple switched from using Skyhook and began creating its own database of Wi-Fi points for use on its newest phones, although it still uses Skyhook data for older phones and Macintosh computers.
Skyhook's Mr. Morgan says the company attempts to protect users' privacy by collecting data via cellphone only when a person requests location from its servers—for instance when they are actively looking at a map. Each time a user requests location, the information is encrypted and gathered without any identifying user numbers, Mr. Morgan says. That means Skyhook can't follow a person from one location to the next, he says.
Google seems to be taking a different approach, to judge from the data captured by Mr. Kamkar. Its location data appears to be transmitted regardless of whether an app is running, and is tied to the phone's unique identifier.
In its letter to Congress last year, Apple said that it only collects location data from people who use apps that require location. It doesn't specify how often a person must use the app for intermittent collection to occur.
Apple also said in the letter that it collects Wi-Fi and GPS information when the phone is searching for a cellular connection. Apple said the data it transmits about location aren't associated with a unique device identifier, except for data related to its mobile advertising network
Apple gathers the data to help build a "database with known location information," the letter says. "This information is batched and then encrypted and transmitted to Apple over a Wi-Fi Internet connection every twelve hours (or later if the device does not have Wi-Fi Internet access at that time)," the company wrote in the July letter to Congress.
The letter, which is available on Rep. Markey's website, became newsworthy this week in light of findings from two researchers who uncovered a file on iPhones that keeps a record of where the phone has been and when it was there. The file is unencrypted and stored by default.
The discovery of this location file touched off a furor among iPhone owners who could see for the first time a trove of location data about themselves stored on their phones. The researchers, Alasdair Allan and Pete Warden, said that they had no evidence that the file was being transmitted to Apple.
COMMENTARY: If you have been following my blog posts, you know that I find any unauthorized tracking and privacy violations distasteful. On December 28, 2010, I commented on an article about the investigation by The Wall Street Journal of 101 mobile apps that were tracking us and providing highly personal ID information to the mobile game company and being shared with their advertising agencies.
On March 14, 2011, I commented on an article concerning Twitter's settlement with the FTC over privacy violations. Twitter could've paid a huge fine of $16,000 per violations, which could'be put the site out-of-business, but the settlement placed Twitter on a 20-year probation. The settlement -- a 5 to 0 vote -- means the company must establish a stricter information security policy and have it audited every two years by an independent third party. Twitter will need to pick up the bill.
On March 30, 2011, I commented on an article about Google's settlement with the FTC over privacy violations. Google was also placed on 20-year probation and is required to establish stricter information security policy have it audited every two years by an independent third party.
I was aware that the cellular service providers can track us. That's almost a given, with the advent of GPS mapping and location-based check-in services, which require this in order to provide their services. Those are opted-in services, but in my opinion Apple and Google are tracking us illegally. God only knows what they will use that data about us. This definitely has the appearance of illegal search and seizure. I don't need my personal whereabouts tracked. That's my business, and I don't care if the cellular service providers have cut a deal with Apple and Google to provide them this information. I want to know about it, and have an opportunity to opt-out of such tracking. This is so disgusting to me, that my blood pressure is begiinning to rise again.
Google is already under the eyes of the FTC for privacy violatioins stemming from Buzz, a social networking add-on service to GMail, so find this development most troubling. That 20-year probation was broken so quickly, it sort of reminds you of an alcoholic telling you he promises not to drink ever again.
I am really going to look into the tracking activities of both Google and Apple, and try to determine exactly what information the cellular phone companies are providing them. I sure as hell do not want my personal life tracked to this extreme. I am glad that Congress is stepping in and looking into this matter. In the meantime, if you feel the same way about this flagrant invasion of privacy, I urge you to contact your elected congressman or senator and let them know that you don't like it, wish to know what information about us is being tracked, how long this has been done, and if these practices are not ended, then the cellphone owner should have the right to opt-out of being tracked by Apple, Google and any other company invading our private lives.
Courtesy of an article dated April 22, 2011 appearing in The Wall Street Journal Technology
What's up, I want to subscribe for this webpage to take most up-to-date updates, therefore where can i do it please help out.
Posted by: Virginia Villareal | 10/11/2012 at 04:08 PM
I'm pretty sure that it is in the terms and conditions saying that you will be tracked at any time
Posted by: Call Recording | 04/24/2012 at 03:29 AM
They should resolve this problem as soon as possible. Thanks.
Posted by: guitar tabs | 12/15/2011 at 11:29 PM
Thank you for sharing this information, this is why I don't buy those types of units.
Posted by: call recording | 12/12/2011 at 06:56 PM