NEW YORK — Apple denied that the iPhone has a privacy problem Wednesday – and then promised to fix it. It took the technology giant a week to respond to a brouhaha over how the devices log their owners’ movements.
Privacy concerns erupted last week when security researchers said a file found on PCs linked to iPhones allowed them to create maps of the phones’ movements for up to a year. Combined with similar questions about Google’s Android smartphone software, the news left privacy-conscious smartphone users wondering how much information they were unknowingly giving up.
Apple denied claims that it was keeping tabs on its customers, saying the file records Wi-Fi hot spots and cell towers in the general area of iPhones, not the whereabouts of their users.
The company implied that the privacy concerns raised by that file were partly based on a misunderstanding. But it also said that a software error was the reason the files are storing up to a year’s worth of information, and that it would fix that issue and others in a few weeks.
“Users are confused, partly because creators of this new technology (including Apple) have not provided enough education about these issues to date,” Apple said in its first comprehensive response to the allegations. It had revealed the nature of the location file in a letter to Congress last summer following an earlier round of questions about its location-tracking practices.
The data help the phone figure out its location, Apple said. They allow the phone to listen for signals from hot spots and cell towers, which are much stronger than signals from GPS satellites. Wi-Fi signals don’t reach very far, which means that if a phone picks up a signal it recognizes, it can deduce that it’s close to that hot spot.
Taken together, this means navigation applications can present the phone’s location faster and more accurately than if the phone relied on GPS alone, Apple said.
However, it’s still not clear why the files are so detailed that they allow the reconstruction of the phone’s movements.
Article continues after gallery:
In its 10-point question-and-answer statement, Apple didn’t address why the files contain “timestamps” that link a phone to certain hot spots and cell towers at a certain time. Those timestamps are what allowed the researchers Alasdair Allan and Pete Warden to construct animated maps of a phone’s movements over a year.
Warden said that as far as he could tell, Apple could have used the location data productively without storing timestamps. He said he’s pleased the company is applying software fixes to safeguard the data.
Marc Rotenberg, executive director of the Electronic Privacy Information Center, a Washington-based privacy rights group, commended the company for quickly making significant changes to the iPhone operating system.
But Larry L. Smith, the president of the Institute for Crisis Management, a public relations company, said Apple should have responded to concerns last week even if it didn’t have all the answers ready.
Questions such as “Is Apple tracking my iPhone’s location?” are not entirely unexpected, and Apple should have had some standby statements ready to go, Smith said.
Apple’s reaction is reminiscent of its response last summer, when Consumer Reports and others reported that the iPhone 4 suffered from signal loss when held a certain way.
Apple stayed quiet for a week after the launch of the phone, then denied there was a hardware problem but said it would fix how the iPhone displayed its signal bars. Two weeks later, it offered free protective cases that insulated the antenna, mitigating the signal loss. It still denied the design was flawed. The phone’s appeal stayed intact.
Apple is not the only technology company addressing allegations that it’s tracking customers. Google Inc. acknowledged last week that phones running its Android software store some location data directly on phones for a short time from users who have chosen to use GPS services. Google said that was done “to provide a better mobile experience on Android devices.”
Apple said iPhone data are stored for up to a year because of a software error. The company said there’s no need to store data for more than seven days, and a software update in the next few weeks will limit the size of the file.
The iPhone will also stop backing up the file to the user’s computer, a practice that raised some concerns. Computers are much more vulnerable to remote hacking attempts than are phones.
A third planned fix is to encrypt the file, and to stop downloading the data completely to phones that have all “Location Services” turned off, Apple said.
Sen. Al Franken, D-Minn., chairman of the Senate Judiciary subcommittee on privacy, technology and the law, said he still has questions about why Apple didn’t tell users what it was doing.
“This has raised larger questions of how the locations of mobile devices are tracked and shared by companies like Apple and Google, and whether federal laws provide adequate protection as technology has advanced,” Franken said Wednesday. He plans a hearing on cellphones and privacy next month.
The way an iPhone stores its own location appears to be at most a minor privacy threat. A snoop would need access to the victim’s phone or PC, both of which usually store lots of other personal information. Phones contain texts, emails and lists of phone calls. PCs contain such information as tax returns, logs of websites visited and passwords.
There’s a separate issue of smartphones like the iPhone transmitting their location wirelessly to corporate servers. In Wednesday’s statement, Apple reiterated that iPhones regularly send their location to Apple, but do so anonymously, so the company isn’t able to track users.
IPhones can also transmit a user’s location to companies that run applications with location-based services, with the user’s consent. Companies that buy ads through Apple’s iAds advertising system can also locate users, but only ones that specifically approve of a location request from a particular ad.
Apple shares fell 27 cents to $350.15 on Wednesday.