Your smartphone is tracking you, and you said it was okay

The Internet nearly exploded this morning after O’Reilly filed a report indicating that users of Apple’s iPhone and 3G iPad were being tracked. A file, found in the filesystem of the aforementioned devices running iOS 4 or higher, contains a list of time-stamped GPS coordinates that correlate with the device’s location. The only issue I have with Apple’s methodology is that the file used to store said locations is unencrypted. Am I apathetic about my personal privacy? No, not at all. So why don’t I care? Because I agreed to let Apple do this. And you if you have a smartphone of any kind, there is a high likelihood you did too. Read on to see exactly what you agreed to.

From Apple’s iPhone Terms of Service:

Apple and its partners and licensees may provide certain services through your iPhone that rely upon location information. To provide and improve these services, where available, Apple and its partners and licensees may transmit, collect, maintain, process and use your location data, including the real-time geographic location of your iPhone, and location search queries. The location data and queries collected by Apple are collected in a form that does not personally identify you and may be used by Apple and its partners and licensees to provide and improve location-based products and services. By using any location-based services on your iPhone, you agree and consent to Apple’s and its partners’ and licensees’ transmission, collection, maintenance, processing and use of your location data and queries to provide and improve such products and services. You may withdraw this consent at any time by going to the Location Services setting on your iPhone and either turning off the global Location Services setting or turning off the individual location settings of each location-aware application on your iPhone. Not using these location features will not impact the non location-based functionality of your iPhone. When using third party applications or services on the iPhone that use or provide location data, you are subject to and should review such third party’s terms and privacy policy on use of location data by such third party applications or services.

From Google’s Privacy Policy:

Google offers location-enabled services, such as Google Maps and Latitude. If you use those services, Google may receive information about your actual location (such as GPS signals sent by a mobile device) or information that can be used to approximate a location (such as a cell ID).

[...]

In addition to the above, we may use the information we collect to:

• Provide, maintain, protect, and improve our services (including advertising services) and develop new services; and
• Protect the rights or property of Google or our users.

Google only shares personal information with other companies or individuals outside of Google in the following limited circumstances:

• We have your consent. We require opt-in consent for the sharing of any sensitive personal information.
• We provide such information to our subsidiaries, affiliated companies or other trusted businesses or persons for the purpose of processing personal information on our behalf. We require that these parties agree to process such information based on our instructions and in compliance with this Privacy Policy and any other appropriate confidentiality and security measures.
• We have a good faith belief that access, use, preservation or disclosure of such information is reasonably necessary to (a) satisfy any applicable law, regulation, legal process or enforceable governmental request, (b) enforce applicable Terms of Service, including investigation of potential violations thereof, (c) detect, prevent, or otherwise address fraud, security or technical issues, or (d) protect against harm to the rights, property or safety of Google, its users or the public as required or permitted by law.

If Google becomes involved in a merger, acquisition, or any form of sale of some or all of its assets, we will ensure the confidentiality of any personal information involved in such transactions and provide notice before personal information is transferred and becomes subject to a different privacy policy.

From Motorla’s BLUR Privacy Statement:

Motorola may also passively collect information (i.e. without you knowing) from you, or your device, including without limitation, your wireless phone number, location-based information obtained from your device’s wireless network, GPS transmitter or software, or other location-based software, the type of device or mobile network you are using, your device’s IMEI number or SIM card ID, your contacts, calendar, account credentials and settings, and preferences, or other personally identifiable information.

[...]

The information collected by Motorola is used a) to operate the MOTOBLUR Software and Services, including interaction with third party social networking sites and other third party websites and services; b) to provide support for the MOTOBLUR Software, including without limitation, system restores and back ups, location-based services, remote diagnostics and troubleshooting, device location, remote erase, and any other services performed, provided or enabled by or through the MOTOBLUR Software; c) as described in the MOTOBLUR Terms of Service and Software License Agreement; d) to serve advertisements directly to your Device; e) for other Motorola business purposes, including without limitation, to send you information about the MOTOBLUR Software or Services, your account, or about Motorola or other products and services (whether those of Motorola or a third party) which Motorola believes you may find of interest, to resolve disputes and collect fees owed, to comply with applicable laws, and to help Motorola customize and/or improve the MOTOBLUR Service for all of our customers; and f) as otherwise described at the time such information is collected.

From HTC’s Sense Privacy Statement:

To provide location-based services, HTC and its partners may collect, use, transmit, process, store and share precise location data about your device. Location information may be transmitted even when you are not using a third party location-sharing service. This information may include but is not limited to your device ID and name, device type and real-time geographic location of your device. This location data is collected anonymously in a form that does not personally identify you and is used by HTC and its partners to provide and improve location-based products and services. You may also be able to submit to HTC location data such as “Points of Interest,” voice notes to share with friends, and other information. HTC may also supplement the information it collects with information obtained from other companies. HTC may share geographic location data with application providers when you opt in to use their location-based services. By enabling or using the location-based services or features (such as displaying your phone location, posting Footprints, etc.) and applications that depend on location-based information, you agree and consent to HTC collecting, using, transmitting, processing, storing and sharing information related to your account and the devices registered to your account for purposes of providing such location-based services or features to you. You may withdraw this consent by turning off the “HTC Locate” function in the location settings (as applicable) on your device. Some location-based services that HTC offers, such as the “HTC Locate” feature and remote lock or remote erase functions, require your Personal Information for the feature to work. If you use third party services that use or provide location data as part of the Service, you are subject to and should review the third party’s terms and privacy policy regarding the third party’s use of location data. Location data provided by the Service is not intended to be relied upon. HTC and its partners do not guarantee the availability, accuracy, completeness, reliability, or timeliness of location data or any other data displayed by the Service. The “HTC Locate” feature is intended for your personal use only to locate, send a message to, or remote lock or remote erase your own device. The location-based services are not intended or suitable for use as an emergency locator system.

From RIM’s License Agreement:

In addition to other personal information described in this Agreement, when You use Your Handheld Product or enable data services or location-based functionality, Handheld Product location information (including, without limitation, GPS information, carrier ID, tower ID and signal strength of visible WiFi or cell towers) may be communicated to RIM Group of Companies. RIM Group of Companies may use such information to provide You with locationbased services, including, without limitation, services facilitating the sharing of Your Handheld Product location information with other persons, including without limitation, Third Party Services used with Your BlackBerry Solution. You should give due consideration before agreeing to have Your personal information disclosed to other persons. We may also use such information to create data in which Your personal information has been aggregated or made anonymous, and may use it to provide location-sensitive advertising.

From Microsoft’s Windows Phone 7 Privacy Statement:

On Windows Phones, “location services” refers to the phone software and online service that is used to determine the approximate location of your phone and provide location to the applications you allow to access your phone’s location.

If you allow an application to access your phone’s location, each time that application requests location, information about nearby cell towers, Wi-Fi access points, and available Global Positioning System (GPS) information may be collected by Microsoft’s location service and used to help determine the approximate location of your phone.

For example, if you have Wi-Fi enabled on your phone, the Media Access Control (MAC) addresses and signal strength of Wi-Fi access points available to your phone will be collected by Microsoft’s location service.  If you are connected to a cellular network, identifiers of the cell towers available to your phone will be collected.  If GPS is available, the latitude, longitude, speed, and direction of the phone provided by the GPS may be collected.  Again, Microsoft collects this information only if you allow an application to access your phone’s location.

Based on the information received, the location service will determine your phone’s approximate location and provide it to the requesting application.  The location service provides the latitude, longitude, speed, direction, and altitude of your phone to requesting applications.  It does not provide the requesting application information about available cell towers or Wi-Fi access points or any phone identifiers.

Microsoft recommends that you review the privacy policies and practices of the applications that you allow to access your phone’s location to learn about how they use the location information they request.

The information your phone sends to our location service when an application asks for location includes a unique ID that is randomly generated and stored on your phone.  The unique ID does not contain any personal information and is not used to identify you.   This unique ID is stored by our location service for a limited time in order to distinguish location requests, which helps us deliver more accurate and reliable location.  We do not store any information that could directly identify you, such as your name, phone number, email address, or address with the information received by our location service and we don’t use any information received by our location service to identify or contact you.  The information received and stored by our location service only is used to provide location to requesting applications and to update and improve the accuracy, efficiency, and reliability of the location service.

From HP/Palm’s Privacy Statement:

Personal information is information directly identifiable to you, such as your name, address, email address, and phone number, as well as other non-public information associated with such information. Some examples of how we collect and use personal information include:

• On-Device Services. If you use services we provide through your Palm mobile device, we will collect information relevant to providing the services and as you designate. For example:
  • Remote Diagnostics and Updates. When you use a remote diagnostics or software update service, we will collect information related to your device (including serial number, diagnostic information, crash logs, or application configurations) as required to help identify and troubleshoot issues, and to provide such services.
  • Back-up and Restore. When you use a back-up and restore service for data stored on your device, we will collect the contacts, calendar, memo, tasks, and other information on your device to help enable retrieval of that data when restoring or replacing your device.
  • Location Based Services. When you use location based services, we will collect, transmit, maintain, process, and use your location and usage data (including both real time geographic information and information that can be used to approximate location) in order to provide location based and related services, and to enhance your device experience.

[...]
We generally use the personal information we maintain about you to provide you with the products and services you request; customize your experience; troubleshoot and provide updates; measure interest in our products and services; provide offers that might interest you; resolve disputes; collect fees owed; detect and protect against error, fraud and criminal activity; comply with applicable law, regulations, legal processes or enforceable governmental requests; enforce our terms of use and for other legitimate business purposes; and as otherwise described to you at the time of collection.

2. Sharing and Transfer

We may share, disclose, or transfer your personal information as follows:

• To Palm affiliates and subsidiaries to support business operations and sales, marketing, and customer support processes;
• To third party service providers and suppliers acting on our behalf to provide products or services
• to you; and to other third parties for purposes you have allowed.