Why Are Apple, Google Tracking Your Phone?

April 22, 2011— -- Just days after researchers demonstrated that some Apple iPhone and iPad owners have had their locations tracked by their devices, another security researcher revealed that Android phones, which use Google's mobile operating system, store users' geographic information in a very similar manner.

Citing security analyst Samy Kamkar, the Wall Street Journal today reported today that Google has been collecting location data from its Android smartphones.

When the phone recognizes a wireless network (regardless of whether or not it's encrypted), it sends information, including GPS coordinates, "up to the mothership," Kamkar wrote on his website.

In a statement, Google said, "All location sharing on Android is opt-in by the user. We provide users with notice and control over the collection, sharing and use of location in order to provide a better mobile experience on Android devices. Any location data that is sent back to Google location servers is anonymized and is not tied or traceable to a specific user."

On Wednesday, researchers Alasdair Allan and Pete Warden revealed that, since Apple released its latest iOS4 mobile operating system, the iPhone and iPad 3G have been storing unencrypted and unprotected logs of users' geographic coordinates in a hidden file.

In a post about their finding, Allan and Warden wrote, "We're not sure why Apple is gathering this data, but it's clearly intentional, as the database is being restored across backups, and even device migrations."

Apple has not responded to requests for comment from ABCNews.com.

Apple Letter Shows Company's Location Data Policies, Practices

Their research sparked criticism from digital rights activists and questions from lawmakers (not to mention a minor media frenzy).

But though the "discovery" was eye-opening for many Apple customers, it seems that the company had previously disclosed its location data practices in a letter to congressmen a year ago.

In response to a June 2010 letter from Congressmen Edward J. Markey, D-Mass., and Joe Barton, R-Texas, inquiring about Apple's privacy policy and location-based services, the company's general counsel Bruce Sewall wrote a letter explaining how and why the company gathers location data. The letter, dated July 2010, was unearthed and posted online by Wired magazine.

After emphasizing Apple's commitment to users' privacy, Sewall's letter said that to provide location-based services, Apple, its partners and licensees, may collect, use and share customers' precise location data, including GPS information, nearby cell towers and neighboring Wi-Fi networks.

But he added that the information is collected anonymously and the devices give users controls for disabling the location features. In addition to giving Apple customers the ability to turn off all location features with one "on/off" toggle switch, Apple requires applications to get explicit customer when it asks for location information for the first time.

Apple also stores the location information in a database only accessibly to Apple, the letter says.

But though Apple says that its location data practices support the services its customers want, analysts and activists say the practice still raises serious questions.

Aaron Higbee, chief technology officer and co-founder of mobile security firm Intrepidus Group, said that by collecting and storing information about users' locations, instead of just letting their phones rely on GPS technology, Apple and Google are able to speed up navigation applications and other popular location-based services.

"The theory is that by using this data, the phone can roughly figure out where it is quicker and enhance the experience for the user," he said.

Analyst: Who Else Could Access Your Location Data?

For Apple, other possible motivators could be targeted ads based on location or geographically-informed market analysis, Higbee said.

"But the bigger question is who else will find creative uses for this data in the future?" Higbee asked, adding that even though Apple may be using the information in a responsible manner now, there's no guarantee that things won't change in the future.

While Apple and Google may say the data is safe as long as users don't install malicious applications, it's still possible that crooks could create malware intended to access and exploit that location information.

And research shows that smartphone users are worried about sharing their location through their phones.

On the heels of this week's Apple news, research firm Nielsen released data suggesting that the majority of smartphone app users, especially women, are concerned about giving up their location via their mobile phones. In a blog post Thursday, the company said that 59 percent of women and 52 percent of men expressed privacy concerns when asked about location-sharing.

Peter Eckersley, a senior staff technologist at the Electronic Frontier Foundation, earlier told ABCNews.com that as people realize how many different parties can access their location information, they "will be horrified."

"Location data is very sensitive," he said. It can reveal where you live and work, where you frequent for movies and dinner and even if you've spent the night at someone else's house.

Once people realize where their location data is going, he said, we will need to redesign our phones so that we can benefit from location-based services "without phoning home to 10 different mother ships showing where we are."

"The phone is such an intimate window into our lives," he said. "It needs to be treated with an appropriate level of caution."