Apple Location Data Collection Policies: What You Need To Know

Apple Location Data Collection Policies: What You Need To Know
Your iPhone, iPad and Mac computers are helping Apple build a location information database, according to a recent letter Apple sent to two concerned congressmen. The letter was in response to concerns raised over how the company collects location data information from Apple devices, and what the company is doing to safeguard user privacy. At issue was a recent change in Apple's privacy policy that said the company was collecting and storing location data. The issue was first reported by the Los Angeles Times in late June.

Soon after the Times' report, Reps. Edward J. Markey (D-Mass.) and Joe Barton (R-Texas) sent Apple CEO Steve Jobs a letter asking Apple's chief to explain Apple's location data collection policies in detail. Congressman Markey has now posted Apple's response (PDF) on his Website.

Here's what you need to know about how Apple is handling your location data.

Apple is building a location database

Like most cellular device makers and providers, Apple uses information about surrounding Wi-Fi access points and cell towers to get a more accurate fix on where your device is located whenever you use location-based services. Apple used to rely on the databases of Skyhook Wireless and Google to obtain this information, but started building its own database with the introduction of iPhone OS 3.2.

Apple was careful to point out that it does not collect any personally identifiable information about the Wi-Fi access points it scans such as your Wi-Fi router's nickname. Apple also says it doesn't collect samples of any data transmissions from Wi-Fi routers, such as a person's Web browsing information. Apple was likely careful to point this out since Google recently landed in hot water after announcing it had mistakenly collected data transmissions from unencrypted Wi-Fi routers through its Street View mapping project.

Apple crowd sources its database

To build its database of location-based information, Apple uses data collected by any of its customer-owned devices that use location-based services. For the most part this means devices like the iPhone and iPad running iOS 3.2 or later. For Apple to collect the location data, however, you must have your location services setting turned on and you must use an application that requires location-based information such as Foursquare or Google Maps. If both conditions are met, your device will intermittently collect information about surrounding cell towers and W-Fi access points. This information is collected anonymously, encrypted and sent back to Apple over Wi-Fi approximately every twelve hours.

If you don't want your device to participate in this data collection you can opt-out by turning off your location-based services (see instructions below).

Snow Leopard

If you have a Mac running Snow Leopard or Safari 5 you may also be contributing to Apple's database any time you turn on location services for your Mac. If, for example, you have configured your Mac to set your time zone automatically based on your location, then your computer collects anonymous information about the Wi-Fi access points you use and sends that information back to Apple. The same thing happens if you use location features in Safari 5 such as My Location in Google Maps. It should be pointed out, however, that to use features like Google's My Location you have to expressly permit your browser to transmit your location data.

GPS

Apple is also collecting information about "traffic patterns and density in various areas" from Apple devices that have embedded GPS chips including the iPhone 3G, iPhone 3GS, iPhone 4 and both the Wi-Fi and 3G versions of the iPad. Similar to the cell tower and Wi-Fi data collection, Apple only collects information from your device if you have your location services turned on and you use an application that requires GPS functionality. Again, Apple says this information is collected anonymously, encrypted and sent to the company every twelve hours via Wi-Fi.

iAds

When you use an application that uses iAds, Apple's new advertising platform introduced with iOS 4, your device may transmit your location information so that you can be served an ad that is relevant to your location. Your device will send your location information as your latitude and longitude, but Apple says it immediately converts your precise location into a corresponding ZIP code. So if you were on the Upper West Side of New York City, Apple would not see your precise location, but only your approximate location expressed as the ZIP code 10025.

Apple does, however, maintain a database of the iAds that have been sent to your device. The company says it does this to avoid sending you "overly repetitive and/or duplicative ads and for administration purposes." Apple says this information is stored in a secure database that is only accessible by Apple.

You can opt out of iAds entirely by going to https://oo.apple.com/ using your iOS device's Web browser.

Third-party Apps

As for third-party apps found on the iTunes App Store that use location information, Apple says developers can use and disclose your location information. But to do so they must obtain your prior consent and provide "a service or function that is directly relevant to the use of the application."

How you can control your location information

If you want to know more about what location information your iOS device is using you can always check it out by tapping on Settings>General>Location Services. There you will be able to activate or deactivate location services, as well as see which applications have used your location information in the past 24 hours.

If you are using Snow Leopard, and don't want your Mac transmitting location data, open your System Preferences and select Security>General>Disable Location Services.

If you would like to read Apple's entire response you can download the PDF here.

Connect with Ian on Twitter (@ianpaul).

Subscribe to the Security Watch Newsletter

Comments