Apple, Google at mobile privacy hearing: We’re not tracking you

Both Google and Apple denied their smartphones track consumers’ locations at a Tuesday hearing on mobile privacy in front of the Senate Judiciary Committee’s new privacy subpanel.

Sen. Al Franken (D-Minn.) called the first hearing of the Subcommittee on Privacy, Technology and the Law in response to recent reports that both Apple and Google smartphones compile unencrypted data on users’ locations and transmit that information back to servers at the two firms.

{mosads}“I just want to be clear that the answer to this problem is not ending location-based services. No one up here wants to stop Apple or Google from producing their products or doing the incredible things that you do,” Franken said.

“What today is about is trying to find a balance between all of those wonderful benefits and the public’s right to privacy. And I for one think that’s doable,” Franken said.

Apple vice president for software technology Guy “Bud” Tribble said the firm is “deeply committed” to protecting the privacy of its customers and said Apple has never tracked user locations and has no plans to do so.

Tribble said the data stored on iPhones is not the location of the phones but the location of Wi-Fi hotspots and cell towers recently used by the phone.

“Apple was never tracking an individual’s location from the information residing in that cache,” Tribble said.

According to Tribble, calculating a phone’s location by GPS can take a long time but it can be done relatively quickly using data on nearby cell towers. That data is then added to a central database of cell towers and Wi-Fi hotspots maintained by Apple without including any details that could identify the phone or the user.

Tribble noted that Apple requires that applications obtain consumers’ consent before using their location data in any way.

Google director of public policy for the Americas Alan Davidson said the Android platform requires an opt-in for all location-based services.

“A small amount of location information regarding nearby Wi-Fi access points and cell towers is kept on the Android device to help the user continue to enjoy the service when no server connection is available and to improve speed and battery life,” Davidson said.

“This information on the device is likewise not tied or traceable to a specific user.”

However, Davidson said Google “does not decide which applications can access location or other user information form the device.”

Unlike Apple’s iOS, in which apps must obtain consumers’ consent before using location data, the Android platform requires developers to inform consumers about use of location data before they download the app.

Davidson suggested that users who install the apps are consenting to have their location data used and can remove the app if they change their minds.

“The user may choose to trust the application by completing the installation or the user may choose to cancel the installation,” Davidson said.

In response to a question from Franken, panel witness and independent researcher Ashkan Soltani said the devices store fairly accurate data on users’ locations, generally within 100 feet.

He also suggested combining the data with a timestamp would allow someone to track a user’s location and said claims that users are not identifiable by the data are “not really sincere.”

Senate Judiciary chairman Patrick Leahy (D-Vt.) said current law doesn’t apply to mobile technologies in most cases and he plans on unveiling an update to the Electronic Communications Privacy in the coming weeks.

“Like many Americans, I am deeply concerned about the recent reports that the Apple iPhone, Google Android Phone and other mobile applications may be collecting, storing, and tracking user location data without the user’s consent,” Leahy said.

“The collection, use and storage of location and other sensitive personal information has serious implications regarding the privacy rights and personal safety of American consumers.”

Justin Brookman, director of the Center for Democracy and Technology’s Project on Consumer Privacy testified that current law allows companies to share data however they wish so long as they don’t do something they previously promised not to, which would be a violation of the Federal Trade Commission Act.