Blog post

Follow-up to “The iPhone, Location, Collections, and Consistent Protection”

By Ian Glazer | April 27, 2011 | 2 Comments

Apple has just released a response to the iPhone location database issue. I highly suggest you read the response in its entirety, but for you impatient types, here’s the net result of what Apple said:

  • Apple receives anonymized data from the iPhone (which is what they stated in their ToS and told Congress)
  • The local cache of this data was too big due to a bug (which is what John Gruber reported)
  • Apple will produce a fix that
    • Reduces the size of location cache
    • Ceases backing up the cache to the desktop machine
    • Deletes the cache entirely when Location Services is turned off on the iPhone

For me, the last point is huge. Apple has provided an opt-out. Hurray for meaningful choice! Further, Apple will bring Location Services’ behavior in iOS inline with Location Services’ behavior in OS X.

In the spirit of a Jobs presentation, one last thing… here is Apple’s response to the question of why people are so concerned about the iPhone and this location data (emphasis added is mine):

2. Then why is everyone so concerned about this? 
Providing mobile users with fast and accurate location information while preserving their security and privacy has raised some very complex technical issues which are hard to communicate in a soundbite. Users are confused, partly because the creators of this new technology (including Apple) have not provided enough education about these issues to date.

Users’ confusion is natural as they have been ill-informed as to how data they disclose and the data their devices generate are being used. Apple and other devices vendors should take this opportunity to educate consumers globally about device location and other privacy matters. However, Apple and other device vendors must go further and connect this education to the choices these devices afford users. Vendors must draw a direct connection between customer privacy concerns, device behavior, the ways customers can express their privacy preferences, and the ways those preferences are respected holistically.

The Gartner Blog Network provides an opportunity for Gartner analysts to test ideas and move research forward. Because the content posted by Gartner analysts on this site does not undergo our standard editorial review, all comments or opinions expressed hereunder are those of the individual contributors and do not represent the views of Gartner, Inc. or its management.

Comments are closed


  • Jay Heiser says:

    The anti-malware industry has long used the term ‘PUP’ to refer to Potentially Unwanted Programs. Its meant to refer to all those little ETs, stashed in your PC, phoning home whenever you boot, or even worse, staying constantly resident in the process tables and system resources. The vendor attitude has been one of “What they dont’ know, won’t hurt them.” In most cases, it doesn’t. However, each one of those hidden phone-homers degrades performance and reliability ever so slightly, and ratchets up the potential for a loss of privacy.

    Whatever the actual impact of Apple’s approach to this data, at best it can only be characterized as sloppy coding. Instead of neatly solving the problem, they just assume infinite capacity on the part of their customer hard drives. And Apple didn’t explain what they were up to, let alone ask permission. Why should the users be satisfied with that situation?

  • Ian Glazer says:

    Jay –

    I’d agree there was some sloppy coding at work, and strictly focusing on that, as an iPhone customer expecting and receiving a fix is mandatory.

    As for Apple not explaining what they were up to – that’s not entirely accurate. They did and do state that they collect location data. Of course they do so in the midst of their huge ToS. As Jobs said (and was repeated in Apple’s press release) Apple did not provide an easily understood explanation nor did they provide it in an easy to find way.

    Privacy is a social issue and a design issue. Apple with its design resources could set the gold standard for designing privacy preserving systems and choice preferences. But they have to do so.