The Apple iPhone feature of logging and storing users’ location information has attracted worldwide attention.
But discussions about location privacy aside, a more basic question needs to be asked: how private is any of the data on your iPhone?
First, it’s worth acknowledging that Apple has taken significant steps to protect users’ private and sensitive data, prohibiting iPhone applications (apps) that transmit data without a user’s consent.
In order to be available for download (through the iTunes App Store), an app must have been approved by Apple, in so far as it complies with the relevant license agreements and privacy policy.
Nothing to worry about then, right?
Unfortunately, Apple does not disclose the details of the App Store approval process and there have been two well-known examples where that approval process didn’t detect unwanted behavior:
1) An app that masqueraded as a torch was, in fact, an app that enabled users to share their iPhone’s internet connection with a computer.
2) The iPhone developer Storm8 created an app that collected and transmitted user’s phone numbers without notification or consent. Storm8 apologised, describing the app’s functionality as a “bug”.
Last year, software engineer Nicolas Seriot asked himself the question: what private data could a rogue application harvest without the user’s knowledge and consent?
He set himself the challenge of developing an app that did what it promised while still secretly accessing the user’s private data and transfering it to the app developer.
The thing that surprised Seriot was not just that it’s possible to build such an app, but rather that a mountain of data is available if you know where to look.
He found that all data in the iPhone’s Address Book can be accessed without a user’s knowledge, including friends’ phone numbers and other details stored there.
More subtly, he found specific data from other apps on a user’s phone can be read by a rogue app.
Although Apple effectively prevents apps reading data from one another – a security mechanism known as a [sandbox](http://en.wikipedia.org/wiki/Sandbox_(computer_security) – certain data, including system and app preference files, are still readable.
Some of this data contains personal information, including the keyboard cache, which contains all words (except passwords) that have ever been entered on a user’s iPhone.
Although the goal of the cache is to enable prediction of words without needing to type them in full, the flip-side is the cache might contain private data, such as a user’s bank account number, credit card details or a reminder for a certain prescription.
Peeking into system and app preferences, a rogue app could learn:
- your name (from your email account settings, say),
- the last number you called,
- some of your interests (from your YouTube history, your recent internet search queries, or the positions of your Geotagged photos).
It is even possible to approximate a user’s location by inspecting the iPhone’s last location in the Maps app.
So, are these privacy threats real or merely academic?
A research paper published earlier this year aimed to answer that question.
The researchers developed a tool that helped them to investigate whether a program transmits private information from an iPhone to a third party.
They looked at more than 1,400 iPhone apps and found that most apps seem to respect sensitive information stored on the iPhone.
But a few of the applications were accessing the iPhone’s Address Book, and one social networking app (called Gowalla) sent the entire Address Book back to the developer without informing the user.
Some 21% of the apps were found to be sending the iPhone ID, a piece of information which can be linked to a user.
(It is important to note the study looked at less than 1% of all available apps, and it’s not clear if the investigated apps are a representative sample of the remaining apps.)
But if you are concerned about data on your iPhone, there are a few simple things you can do:
1) Limit the amount of information in the Address Book to what is necessary.
2) Do not put confidential information such as PINs in clear text on your iPhone as they could be read from the keyboard cache.
3) Wait until an app has a reasonably large number of positive reviews on Apple’s iTunes App Store before you use it, as spyware and other unwanted behavior is typically discovered quickly.
If you wish to protect your data even further, you can delete cookies and the cache from the Safari web browser and turn off the auto-correction feature to completely disable the keyboard cache.
If you are concerned about your location privacy, you could occasionally turn off the Location Services, which would delete the iPhone’s internal cache of crowd-sourced Wi-Fi hotspots and cell towers.
Beyond this? Well, that’s probably up to you.