Making news this week was Apple and its iPhone tracking and storing the location data of its users. If you haven't followed the news, here is what's happened, according to an article on Mashable.com:
Apple's iPhone keeps track of a user's location and saves that information to a file that is stored both on the device and on a user's computer when they sync or back it up in iTunes.
The data, which is stored as a log in a file called "consolidation.db," contains longitude and latitude coordinates along with a timestamp. Right now, it appears that Apple has been recording this information since iOS 4.0 was released last June. Although it isn't always exact, it can give a very detailed overview of where an individual (or their phone) has traveled over a period of time.
I can't say this surprises me, and it wouldn't surprise me to see that it happens on other mobile platforms. (Surely, I'm not the only one who cringes a bit when I read what an app needs to know about users?)
Forrester expert Julie Ask wrote on her blog that the iPhone tracking isn't something we should be worried about. It's not like this is an issue that is unique to mobile devices. She said:
Our credit cards track where we are and what we spend. The carriers know where we are all the time-they aren't storing the information as far as we know, but they could be. Our cars can be tracked. We buy plane tickets and make flight reservations online. What's a bit different is that many different entities have our information, but not necessarily one.
I call this context-information about who we are, our behaviors and our environment. We'll gladly give up this information in exchange for convenience-just like we do with our credit cards. It will be gradual. We won't notice.
On the other hand, researchers at Zscaler think that the iPhone issue and mobile apps might be "the Achilles heel of Web security." For example, one app (likely one of many), called JotNot Scanner Pro, was found to be lacking in security protocols. When Zscaler extracted the backup archive, usernames and passwords were easily found. All of the best security practices you take can be destroyed with one bad app. Of course, it would be nice if we knew what we were dealing with before we downloaded the app, but as the Zscaler blog said:
Unfortunately, as a user, you really have no way of knowing which apps have incorporated appropriate security controls. Despite the fact that Apple must bless all apps before hosting them in the App Store and is very willing to take a 30% cut for doing so, they're clearly concerned more with blessing the 'user experience' as opposed to security.