Tag Archives: privacy

German regulators want details on Apple’s use of Carrier IQ

Apple was probably hoping that its statement on Thursday about Carrier IQ, the software found to be installed on many devices that reports and records user activity, would be enough to reassure people any potential danger had passed. Some regulators, however, think Apple needs to do more reassuring.

The Bavarian State Authority for Data Protection, a German data regulator, sent a letter to Apple on Friday requesting that the iPhone maker provide more details about the software and its use, according to a Bloomberg interview with the regulator organization’s chief, Thomas Kranig.

Apple said in its statement on the matter that its use of Carrier IQ was limited to diagnostic information and was opt-in only. If you’ve recently set up an iOS 5 device, you may remember the request made during the setup process to allow your device to send diagnostic and usage information to Apple. You can check if you’re sending data by navigating to General > About > Diagnostics & Usage in your iOS device’s Settings app and either opt in or opt out. On this screen, Apple says it uses the information to “improve its products and services.” Apple further stated that Carrier IQ has been removed for most devices in iOS 5 and will be taken out completely in future updates.

Kranig says that “if Apple decided to cease the use [of Carrier IQ], all the better,” but the organization is still seeking more information. Senator Al Franken (D-Minn.) also called (PDF) for Carrier IQ to release details to the public about why exactly its software tracks and records the information that it does. Franken previously pursued Apple and Google for more information about how customers’ personal location information was being gathered and used on iOS and Android devices.

This Carrier IQ situation could result in another round of scrutiny by regulators in the U.S. and abroad, and I doubt that Apple has seen the worst of it yet.

Related research and analysis from GigaOM Pro:
Subscriber content. Sign up for a free trial.

Apple says it dumped Carrier IQ software in iOS 5

Apple admitted on Thursday that it has used and supported in the past the CarrierIQ software that has the mobile tech world up in arms for its ability to track information on users’ smartphones. Apple says the software is opt-in only for its customers and it hasn’t used it for tracking keystrokes or messages. The company says it stopped supporting this software “in most” of its products with the latest version of its iOS mobile operating system. Now, after complaints regarding the level of detail the software can record about a user — and questions being asked by U.S. lawmakers — Apple says it will remove the software from all of its mobile devices through a software update.

In a statement, the company said:

We stopped supporting CarrierIQ with iOS 5 in most of our products and will remove it completely in a future software update. With any diagnostic data sent to Apple, customers must actively opt-in to share this information, and if they do, the data is sent in an anonymous and encrypted form and does not include any personal information. We never recorded keystrokes, messages or any other personal information for diagnostic data and have no plans to ever do so.

Sprint has admitted to receiving data from CarrierIQ’s software, but it denies using it to track its customers, as has AT&T, which says it uses the information for network management. Verizon, on the other hand, has denied using the software, as has Google on any of the Android phones it makes.

Related research and analysis from GigaOM Pro:
Subscriber content. Sign up for a free trial.

Lion Introduces New Privacy And Location Services To Mac OS X [OS X Tips]

Lion has introduced some new yet basic privacy settings. The new settings control how you share your location and collect usage data to send to Apple. Although now it seems to be fairly basic I think it is still important to know what if any apps on your Mac are accessing location services on Mac OS X.

I’ll show you how to find out if they are or not in this tip.

Open System Preferences and open Security & Privacy.

Look for the Privacy tab and select it. You’ll see a basic preferences panel that looks like this:

As you can see, Safari is the only app today that asked Mac OS X for my location information. I don’t know of any other apps which I own that would use these services. By applying the check mark next to Safari, I’ve told Mac OS X to always provide Safari with location access whenever it asks for it.  If you don’t check that box, then each time Safari needs location information Mac OS X asks for permission:

You can choose to give apps 24 hours of access to location services versus the permanent check mark via this dialog box.

These new settings in System Preferences are handy, but they seem to be an initial offering, since some of the system help documentation didn’t seem to be complete when I tried to view it.

The most important thing to take away from this tip is the fact that location services exist and you may want to take control of them to protect your privacy.

Similar Posts:

How to manage your privacy with Lion’s “Resume” feature

With OS X Lion’s incredible success and high adoption rate, Apple customers and repair technicians such as myself are facing higher than usual rates of embarrassment thanks to Lion’s ability to restore your windows exactly as they were when an app was closed.

For example, if you were surfing a number of sites in Safari before you quit, those windows will return when you reopen the program. Some windows we may not want to share with others. I’m not talking just “adult” items, but for example a job search or dating site. Most Mac OS customers are used to having the more obvious digital debris of their life excised upon quitting an app. Unfortunately, in Lion, any application that supports resume (including most system apps, iWork and many more on the way) could unearth some embarrassing secrets.

There are a few quick solutions. When possible, close the Safari window or tab you’d rather keep private before you quit the application. Additionally if you hold down the option key while choosing Quit from the application menu, or hold down Command+Option+Q, that will “Quit and Discard Windows” for this particular session.

If you forgot to do that and find yourself needing to close those open windows without launching the app, you can remove this information manually. To do this, first choose “Go to Folder” from the Go menu. Type ~/Library/Saved Application State/ and that will take you to the folder that contains your saved windows. If you want Lion to forget the last windows left open in Safari, look for com.apple.Safari.savedState and then delete that folder. That will remove the last session’s windows and tabs.

If you decide you really don’t like applications automatically remembering previously open windows and tabs, you can turn this feature off system-wide by opening the System Preferences application, and under “General” making sure “Restore windows when quitting and re-opening apps” is unchecked.

So the next time you go shopping for that wedding ring, remember that the next person who opens Safari might see the window and ruin the surprise. These tips should keep you out of hot water. And if you’re surfing for something else on your computer, the next person who has to use or repair it will thank you for keeping your private info private.

Related research and analysis from GigaOM Pro:
Subscriber content. Sign up for a free trial.

One win could cost Apple lots of won in South Korean lawsuit

Apple could face a number of payouts in South Korea based on its methods of iPhone location information collection and storage. The company ran into trouble when researchers discovered iPhones were maintaining a local, unencrypted database of nearby cell towers earlier this year, and a South Korean lawyer who won himself one million South Korean won ($936 U.S.) based on the issue is now looking to help others cash in.

The lawyer in question, Kim Hyung-suk, won the decision in South Korean court in May, and the funds were reportedly withdrawn from Apple Korea’s bank account by the court after the company refused to voluntarily comply. Kim now has 27,000 signatures on a web-based petition seeking co-complainants for a class-action suit in South Korea designed to “protect privacy” rights, according to the AP. Of that number, 26,691 are now listed as plaintiffs in the civil suit filed by Kim’s firm on Wednesday, and 921 are minors and are seeking parental consent before being added to the list.

The iPhone’s locally stored database of nearby cell towers, along with a bug that continued to gather location information even with location services turned off resulted in both Kim’s successful suit and a three-million-won fine ($2,808 U.S.) from the South Korean communications regulator earlier this month. Apple has since released a software update that resolves the issues cited by Kim and security researchers who discovered the problem.

Even with nearly 27,000 thousand plaintiffs, the total cost of a ruling against Apple would only amount to around $24.6 million, which is barely a dent in the company’s $75.9 billion in cash reserves. But Apple is already facing multiple lawsuits in the U.S., too, and it probably doesn’t want this sort of thing to catch on.

Related research and analysis from GigaOM Pro:
Subscriber content. Sign up for a free trial.

How to take the extra step to secure your iPad’s data

When you establish a secure passcode on your iPad, the expectation is that no one can access any information without knowing said code.  There are cases where this is not necessarily true. In fact, any user account on the Mac that you use to sync your iPad can fully access all of the data stored on your iPad without knowing the passcode, including the Guest account.

iPad passcode configuration

Even though it isn’t 100 percent foolproof, securing your iPad with a passcode is a good first step for security. On my iPad 2, I configured security to use the longer alphanumeric passcode, and I make sure that it will lock the iPad immediately when the cover is closed by doing the following:

  1. Open Preferences and navigate to the General settings.
  2. Set Auto-Lock to 2 minutes.
  3. Turn the Passcode on and set Require Passcode to “Immediately.”
  4. Turn the Simple Passcode off.
  5. Turn Erase Data On to wipe the iPad after 10 failed logon attempts.

After you sync your passcode protected iPad with your Mac, you should notice that any user account on that Mac can still access the data on your iPad using any of the following methods. Attach that same iPad to any other Mac that has not accessed any data on that iPad in the past, and you will get an error indicating that the device is protected with a passcode.

Protecting your data in the real world

You may be surprised at how easy it is to access your iPad’s information even after you’ve set up a passcode when it’s connected to a Mac.  If you really don’t want others to have access to your information, there isn’t much you can do short of setting a hands-off policy. You may want to sync your iPad to a dedicated Mac which only you have access to. Anyone with access to both your iPad and the Mac it syncs with can see all of your data. You can avoid potential theft worries by keeping the iPad and Mac in separate cases, and by disabling the guest account on your Mac so that a user has to know your passcode to login.

Related content from GigaOM Pro (subscription req’d):

Franken offers bill to protect consumer mobile privacy

Sen. Al Franken (D-Minn.) and Sen. Richard Blumenthal (D-Conn.) introduced new legislation Wednesday that would required platform operators like Apple and Google, as well as app developers, to ask for explicit consent before sharing user location info with third parties. The bill is based on hearings held in May by the Judiciary Subcommittee on Privacy, Technology and the Law.

It looks like those hearings could result in more than just stern warnings and requests for mobile companies to voluntarily comply with its suggestions.

The Location Privacy Protection Act, as proposed by Franken and Blumenthal, would close a loophole that allows “smartphone companies, app companies and even phone companies offering wireless Internet service to freely share their customers’ location information with third parties without first obtaining customers’ consent.” Cable and phone companies are already barred from doing so, and Franken and Blumenthal think that restriction should apply to mobile users as well.

Apple’s iOS and Google Android apps already seek permission from users when an app wants to use their location information, but few users are aware that by granting permission, they are also allowing developers to share said info with other parties for marketing and other purposes. Nearly half of the top 101 apps for both iPhones and Android smartphones share a user’s location with third parties, a December 2010 investigation by the Wall Street Journal  revealed.

Location-aware apps are now omnipresent, even when it isn’t immediately apparent why they should offer such functionality. And although there’s some indication that most users haven’t been particularly worried about how location data is used, alarm bells certainly started to ring after the discovery that Apple’s iPhone stored location information in an unencrypted file until a recent update.

It’s unclear what the implications of the bill will be if it becomes law. Most likely, app developers and platform operators like Apple will have to inform users every time an app or service wants permission to share your location information with third parties. This could theoretically be handled by an altered permissions alert upon app launch, but the bill would also apply to other instances, too. For instance, when you browse the Internet on your smartphone, your wireless provider is free to disclose location information about your whereabouts while browsing.

Regardless of whether you think location information is worth worrying about or not, the fact remains that increasing consumer awareness about how this info gets used can’t really be considered a bad thing. Developers might disagree however, as the ability to sell anonymized info to marketers can provide a key revenue stream. Still, let’s hope that if this bill does get passed, it results in changes that make mobile data collection more transparent for the average smartphone user.

Related content from GigaOM Pro (subscription req’d):