Update: iPhone Location Data EULA

My previous post got me wondering what Apple’s EULA says about location data collected by and on the iPhone. Like most people I breezed past the 1.1.3 EULA agreement without studying it, and then found I had to dig around online to find the iPhone License Agreement, which I finally did on Apple’s site.

Section 4(b) is the relevant piece:

4. Consent to Use of Non-Personal Data.
(a) You agree that Apple and its subsidiaries may collect and use technical and related information, including but not limited to technical information about your iPhone, computer, system and application software, and peripherals, that is gathered periodically to facilitate the provision of software updates, product support and other services to you (if any)
related to the iPhone Software, and to verify compliance with the terms of this License. Apple may use this information, as long as it is in a form that does not personally identify you, to improve our products or to provide services or technologies to you. 

(b) Apple may provide certain services through your iPhone that rely upon location information. To provide these services, Apple and its partners may collect, maintain, process and use your location data, including the real-time geographic location of your iPhone. By using or activating any location-based services on your iPhone, you agree and consent to Apple’s and its partners’ collection, maintenance, processing and use of your location data to provide you with such services. The location data is collected in a form that does not personally identify you. You may withdraw this consent at any time by turning off the location-based feature on your iPhone or by not using the location-based features. Turning off or not using these features will not impact the functionality of your iPhone.

 

A couple of basic points here. First, Apple asserts that they may collect and share with its partners location data from the phone. They secondly assert that the location data is collected in a way so as not to “personally identify you.” I am not sure I agree with that statement based on my previous post, but let’s give them the benefit of the doubt for now.

Second, they go on to say that the user can “withdraw their consent at any time” by “turning off the location-based feature.” How? Where is that button in the preferences?

Third, they make the statement that “turning off or not using these features will not impact the functionality of your iPhone.” Uh, yeah it will (assuming it were possible). I won’t have location-based services or maps, which is a real reduction in the functionality of the phone.

Let’s take a look at the newly published iPod Touch January ’08 Software Upgrade License Agreement, which we would expect should address the newly-added location features specifically.

Once again, the same section 4(b) contains the same text as the iPhone Software License Agreement. So, they consider the location services in the iPhone and iPod Touch to be legally equivalent, which is interesting to note.

Seems to me Apple’s in an interesting place with this location data business. The location data that is collected is packaged in HTTPS, so we can’t inspect it. It is theoretically possible that it contains nothing that can identify a given user “personally,” but what does that mean?

Does it contain an iPhone serial number, or an IMEI number, or a phone number? How is this data stored? While that data, by itself, may not personally identify you, could it be correlated with data that does? Is that possibility covered by the SLA as written?

I will assume that Apple and its lawyers have thought this through. However, there are some interesting issues raised here. Now that the iPhone/iPod Touch has location support, we should expect Apple, and possibly third party developers, to leverage that location data in interesting ways.

The most interesting ways involve tying identity to location, so if anything is going to happen down this path, then the SLA, as written, is not going to suffice.

In the meantime, you can bet that somebody is going to consider whipping up a class action suit because there is no clearly marked way to turn off the location-based services, and because “turning off LBS” does affect functionality — your phone doesn’t know where you’re at!

And keep an eye on that SLA for future versions — you can bet that the wording on the location data is going to evolve.

Apple Knows Where You Are: Sniffing the iPhone Location Service in 1.1.3

When Apple announced yesterday that the iPhone would now be “location-aware” with the release of their 1.1.3 software, I was curious how they had done it.

I’ve been working with location information quite closely (see Twittervision, for example) for the last year or so and have had some conversations with different companies about how Apple might geo-enable the iPhone.

There are three options available:

  • GPS
  • Cell Tower ID
  • Wifi Access Points

GPS is not an option at present. E911 laws in the US have required carriers to provide location information for some time, but that could be via GPS or from cell tower triangulation data. TruePosition makes this their entire business, and is the primary location information provider for AT&T and T-Mobile in the US. A pretty cozy gig, eh? They do this by way of tracking cell tower information within the network, from what I understand.

GPS may be an option later if Apple adds an AGPS (assisted GPS) chipset to the iPhone or supports external Bluetooth GPS units, but external bluetooth will never be a true mass market phenomenon, and AGPS is at least going to have to wait for the next iPhone refresh, probably not til next year.

Cell Tower ID is another option. Carriers know where their cell towers are (we hope), and by comparing the signal strength and the intersection of multiple cell tower antenna distribution patterns, you can make a pretty fair guess about where the user is. It’s not always spot-on accurate, but it’s pretty close.

Wifi AP’s are the third option. There are millions of Wifi AP radios running around the world at this point, and for the most part, they tend not to move around that much. They do, however, come and go from time to time. However, there are a lot of them, and with a modest investment in driving around populated areas, one could build up a pretty accurate database of what APs are where. Then they could sell that database to people who want to know where their Wifi client radios are.

This is exactly what my friends up at Skyhook Wireless have done. You can try out their Loki service for your laptop (Firefox/IE plugin). Suddenly, if you have Wifi, you also have a pseudo-GPS capability.

Judging by the fact that Skyhook invited me to stop in and see them today at MacWorld (which I would have loved to do, but am sadly unable due to my being at home in Maryland this week), it seems Skyhook got the contract to provide some location data to Apple. Apparently, the iPhone uses both Cell Tower ID and Wifi (Skyhook) data for location, while the iPod Touch uses Skyhook exclusively. Good Job, guys!

This explains why when I went to see Skyhook in June and said that a company like Apple might be very interested in their technology, there was a definitive “no comment.” This happens a lot; companies like to protect what might be a very early-stage negotiation, or even an intention, a lot of the time. But in this case it looks like Skyhook bagged what might be their killer deal.

Yesterday, I succumbed to the hype and “Revirginized” my iPhone (we had been engaged in some unsavory hacking) so I could safely install the new 1.1.3 software update that Steve said would be available. The revirginizing and upgrade went as clean as could be, and now my phone is running 1.1.3.

I thought I might “inspect” what the phone is doing when you do a location lookup. I have a bunch of resources on my home network, including a multipurpose Linux server, so I thought if I could pass the iPhone’s traffic through the Linux box, some tools like ngrep and tcpdump might reveal what exactly happens when the iPhone tries to position itself.

Well, turns out I was mostly right. In typical Apple fashion, though, they’re keepin’ it real with HTTPS, revealing nothing very interesting about how the location information works.

The iPhone is 192.168.1.199 and my proxy is 192.168.1.10.

Here’s what I saw:

T 192.168.1.199:49311 -> 192.168.1.10:2525 [AP]CONNECT iphone-maps.apple.com:443 HTTP/1.0.Host: iphone-maps.apple.com.User-Agent: Apple iPhone v1.1.3 Maps v1.0.0.4A93.

T 192.168.1.10:2525 -> 192.168.1.199:49311 [AP][..HTTPS DATA...]

T 192.168.1.199:49311 -> 192.168.1.10:2525 [AP][..HTTPS DATA...]

So, alas, nothing to see here, really… move along. However, we do now know that Apple is grabbing data from the phone via HTTPS, processing it network-side, and rendering a response to the phone about its position. We do not, for example, see a variety of calls to Skyhook, Google, or elsewhere, which is not inconceivable without verifying it.

After the HTTPS call, we see this unencrypted call:

T 192.168.1.199:49313 -> 192.168.1.10:2525 [AP]POST http://iphone-wu.apple.com/glm/mmap HTTP/1.1.Accept: */*.Accept-Language: en.Accept-Encoding: gzip, deflate.Cookie: s_vi=[CS]v1|46B904DB00003607-A290B210000599B[CE]; s_nr=1199572400032.User-Agent: Apple iPhone v1.1.3 Maps v1.0.0.4A93.Content-Type: application/x-www-form-urlencoded.Content-Length: 145.Connection: keep-alive.Proxy-Connection: keep-alive.Host: iphone-wu.apple.com.

...

T 192.168.1.199:49313 -> 192.168.1.10:2525 [AP]..*..m..DN..en_US..com.apple.iphone.1.0.0.4A93......@.......?...&_...>....&`...>.......&]...>....&^...>....&\...>....&_...>....&[...>....&`...>.

T 192.168.1.10:2525 -> 192.168.1.199:49313 [AP]HTTP/1.1 200 OK.Date: Wed, 16 Jan 2008 12:38:31 GMT.Server: GFE/1.3.Content-Type: application/binary.Content-Length: 113.Cache-control: private.Connection: close.

Not sure what this all is, but it looks like it has my iPhone serial number in there. It’s so nice that Apple wants to know so much about my phone, its serial number, its position. Why, if DHS ever has any doubts about me, perhaps they could simply just ask Apple? Maybe they know where I am.

What is Apple’s position (pun intended) on customer privacy, now that they seem to be in the location data business?

Other firms like Boost Mobile’s Loopt service have gone to great (ridiculous) lengths to inform their customers about location data privacy and to protect collected data. So as to avoid potential problems, Loopt does not even save a location track for its users, but instead stores only the current location of the user. (This was the case when I spoke with them in May 2007.) They figure this makes them less of a honeypot for DHS types, and keeps their customers happy.

I have never believed that consumers are as paranoid about location data as the press (and the most paranoid among us) would have us believe. Most people are willing to generate, share, and publish some limited amount of location data if it provides some value to them in return and they can control the data sufficiently.

What seems like a simple software update for the iPhone is actually the consent of millions (4M+ according to Steve) of users to potentially publishing their location information. And not just for the iPhone, but for the iPod Touch as well.

Now the question is what a theoretical 1.2.0 software release might hold: location of your iChat buddies? Location-enabled Twitter clients (using the Twittervision API)? Your friends conveniently plotted on the Google Maps client? All of this is now theoretically possible with the iPhone and iPod Touch now, and Apple holds the keys.

It will be very interesting to see how the iPhone SDK (Software Development Kit) works next month. If Apple opens up this location service to third party developers, we can expect to see some very interesting applications emerge this year.

The fact that the location service is not down to meter-accuracy is irrelevant (it put me, alternately, within a few feet of my house and across the river at the Annapolis Mall — I suspect because it was alternating between an accurate Wifi position and a more general cell tower position). To make social location services work, all we really need to know is generally where someone is (nearby) and that they are really there (device has reported location).

There are plenty of apps where approximate location is sufficient (stores nearby, friends nearby, homes for sale nearby, etc). Only for driving-direction or aviation applications do you need meter-accuracy. A later update to the iPhone hardware with an AGPS chipset will solve that problem, but even without that, this opens up an amazing array of possibilities.

Mostly, great credit should go to Apple for pushing out a technology so seamlessly, so effortlessly, that so many others have found so problematic and full of legal and perceived landmines. This is a big deal. Skyhook, Loopt, uLocate, Nokia, Navizon, and dozens of others have been grasping for this holy grail for some time, and they’ve been told variously that it’s “impossible to get the data,” or that “consumers won’t go for it”, or that “no one would fund it.”

Apple did it via iTunes with a software update. Agree? Kudos, Steve.