On Apr 20, two researchers presenting at the “Where 2.0″ conference disclosed that Apple iPhones (and 3G iPads) were found to contain accessible location tracking histories. The “Apple is tracking you” meme spread like wildfire on the Internet and by nightfall had made its way to the evening news, complete with overly simplified technical hand-waving and obligatory man-on-the-street outrage.

In the clearer light of day, some revelations:

  • Yes, tracking data is on the phone. But it goes nowhere and is not shared with anyone. Not with Apple, not the carriers, not “big brother”. It is data used solely within the phone, for a purpose that Apple has not yet commented on.
  • No, it is not actual GPS location data, but rather cell tower data. Meaning your exact location is never reviewable, but only an approximation by the nearby cell coordinates. But there is no comfort in technicalities.
  • The data is in a well-secured portion of iOS – inaccessible by any app, and available only by jailbreaking the device to run a custom proof-of-concept utility.
  • The data’s existence has been well-known, as documented in earlier research papers and forensic analysis books. So it is not so much that this is ‘new’ news, just presented to a more receptive audience.

So maybe it is not quite as sensationalistic as originally portrayed. Does any of that somehow make the revelation excusable? Not necessarily. The data is held long-term, it is not just a question of recency. Why not a circular data structure that just logs recent movement? And the data is maintained across backups/restores, which also means that iTunes has now dumped a copy on the syncing computer, greatly increasing the odds of accidental exposure. Why is it persistent?

Reasonable questions, and ones that Apple must address. But hardly (IMHO) cause for the Chicken Little panic of Wed. Within 24hrs of the big reveal, there was a call for Senate investigation and an Apple boycott. It wouldn’t even surprise me if someone was busy organizing a class action lawsuit as we speak. And why? Is this an invasion of privacy? I don’t think so.

An invasion of privacy implies the collection of extraneous data, without consent, that is secondary to the main purpose, and a sharing of that data beyond the point at which it was collected. Given that the data never leaves the phone, it fails the latter test. And as for the extraneous aspect, while I wish Apple would clarify the true purpose, I would have to assume that given the function of the phone’s location services, the data is somehow relevant to that purpose. It’s almost like complaining that the car odometer is an invasion of privacy because it measures how far you drive. What about consent? Here’s where it becomes a grey area. Privacy advocates argue that the tracking should be subject to approval. But if you buy a phone with GPS, are you really surprised that it collects such data?? Isn’t your consent implied?

Apple should be faulted for not doing a better job of erasing or protecting the data, because what someone might ultimately do with that info is what would be considered the true ‘invasion’. Other smartphones probably have similar tracking functions, but, like Android, they probably managed to do it correctly. And most importantly, Apple needs to come clean now on the what-for and how-long questions. Maybe then the idea that location data goes hand-in-hand with a GPS device will go back to being a ‘duh’ moment.