Google and Apple have both been in the news lately over details of how both companies’ mobile operating systems store and transmit geolocation data. Following a class-action suit brought by two Tampa men targeting Apple over alleged user tracking, Google is facing a similar class action lawsuit filed in Detroit on Wednesday.Last week it was revealed that iOS devices cache a large amount of location data in a file that is backed up to users’ computers. The file is hidden from normal access on iPhones and iPads, but is unencrypted, and unless users also opt to encrypt iOS backups in iTunes, the file is also unencrypted. While someone would need physical access to either device to get the information, concerns were raised that the information could be used to track individuals, thereby compromising their privacy.
Apple later explained that the data was a cache of nearby cell tower and WiFi access point locations downloaded from Apple, which iOS devices can use to more quickly narrow down a users location when GPS signals are weak or nonexistent. The company admitted that the cache was designed to collect more data than was necessary, and said that an upcoming iOS update would restrict the size, encrypt it on the device, and keep the data from being backed up to users’ computers when syncing with iTunes.
Furthermore, Apple explained iOS devices do in fact collect GPS coordinates for cell tower locations and WiFi basestations to expand and refine Apple’s database if users elect to send anonymous diagnostic data to Apple when setting up a new device. That data is periodically sent to Apple—about every 12 hours, according to a letter sent to Congress last year. The data is encrypted and does not include any device IDs, making it impossible for Apple to track any particular user with this information.
Last week developers also revealed that Android devices keep a similar cache of cell tower and WiFi data, though Android limits the amount of data to 50 recently accessed cell towers and 200 recently accessed WiFi networks. Like iOS devices, a person would need to “root” (similar to “jailbreaking”) an Android device to get the data, but in contrast to iPhones this data isn’t synced to a computer.