Apple has released an iOS update that changes the way its mobile operating system treats the database cache at the heart of the recent kerfuffle over the Jobsian location services. On Wednesday, Steve Jobs and company pushed out iOS 4.3.3, saying it contains three changes to the operating system's "crowd-sourced location …
So, now if you're paranoid, here is what you'll be thinking:
That new Spook 60 Megawatt Data Center is simply a newer, more capable vacuum machine to scrape and collate what the phone software vendors are otherwise compelled by user demand to remove from the users' PHONES. Meanwhile, that now-reduced cache just, under national security letter (substitute with letter your own country names), routes directly to the various government agences. Only the key officers and duly-screened programmers will REALLY know that a given piece of "update" coded does, or what modules of code are slipped in. There's pretty much NOTHING you can do unless you root your phone and your carrier and OS developer have no unique-phone hacks that no one knows about....
Neither Apple nor any other telecoms giants can afford to deprive state governments of this lucrative data they've until now enjoyed accessing due to user ignorance, carelessness, or indifference. If such companies do not appease governemnts, they will just likely lose their local operating charters or permits.
Just some thoughts...
It's good that Apple has addressed some of the issues of it's very popular product. It's telling that Apple didn't have the interests of the customers in mind during development. Without a moral /ethical compass how can they hope to get ahead of the curve.
On the contrary
You're assuming it wasn't a bug, even though it (i) was a 'feature' that explicitly wasn't used — the problematic data wasn't posted to anybody or harvested in any way; and (ii) turned up for the first time in a major OS version revision.
Fine, don't trust Apple, but the evidence that this was deliberate is relatively flimsy and the harm it will have done to others will have involved malicious third parties. I'd therefore rate it alongside any other security bug, such as the dozens that crop up in all of the major operating systems and typically lead to malicious code execution, privilege escalation, etc. So it's something that should have been caught, and it may affect your opinion of competence, but it was quite probably just an oversight.
It's what the companies that have the locations updated to them across the network in real time (I think all three of Apple, Google and Microsoft?) are doing with that data that's more scary.
Let me know...
When Google fixes their OS... and delivers it to all their customers.
Latest prediction: 5 months
Number of Users delivered to: 4%
Looks like you'll need to buy a new phone.
"When Google fixes their OS... and delivers it to all their customers."
Google doesn't need to fix anything - the option that Apple has just added has been in Android from the start.
"Google doesn't need to fix anything - the option that Apple has just added has been in Android from the start."
.. but Apple doesn't actually do anything with that data - it's interesing they got the flack despite being the one out of the three that have as yet to show any signs of abusing personal data.
So, as Ogle Fanboy you will naturally not be interested in this actual quote:
"Google intends to rely on its users’ handsets to collect the information on the location of WiFi networks that it needs for its location-based services database. The improvements in smart-phone technology in the past few years have allowed Google to obtain the data it needs for this purpose from the handsets themselves."
This was Ogle's argument in Canada why it no longer needed to steal data via Streetview WiFi grabbing, see http://www.priv.gc.ca/media/nr-c/2010/let_101019_e.cfm - point 47.
So, translated, it appears to be a good idea to ban any Ogle fanboy from being near my house, because I have no idea what data will be grabbed for their US overlords - it grabs MY information, not just that of the fanboy.
Where is the evil Google icon? You know, devil's horns on the two "o"s?
Plenty to fix
They need to make the data that they collect anonymous for starters!
The file in question is a cache of location assistance data *received* and used to speed up the time required to determine your location when using maps and other location services.
The file in question is a sqllite database which had a default size of 2MB, this sounds small but it turned out to be too big for the data in question. This has been reduced in size. It is also not backed up now.
iOS sends information about cell masts and WIFI hotspots to assist Apple in building their own alternative to SkyHook. This data is anonymised.
Google sends the same data but a unique identifier is present on it. So if anyone needs to get their shit together it is Google.
But I'm sure Google are analysing and selling this data on, it could be useful to mobile operators to see where people are most of the time and where they need mobile coverage.
"Never ascribe to malice that which is adequately explained by incompetence" - Napoleon Bonaparte.
So Apple (and other vendors) have a way to cache data locally on the phone to assist your aGPS needs. And if they didn't, the chatter from the phone to the network would increase your data transfer dramatically -- jacking your bill for that traffic. But you'll whine anyway, because that's what you do. All of you.
Oh dear, fanboy zerg rush!
Downvoting Apple-critical comments, upvoting Apple-worshipping and/or Android-bashing comments.
Android and WinPhone 7 have had the same behavior that iOS will have with this patch from the beginning. Unless the "gathering data when location services are disabled" hasn't been confirmed yet.
Have no doubts; Apple did this 'coz the US gov't was going to crack down on 'em. Though it is quite possible that the German gov't will crack down hard on all three of 'em!
Why Apple got flack
@Fred Flintstone I agree with most of what you say but not at all this ... "but Apple doesn't actually do anything with that data - it's interesting they got the flack despite being the one out of the three that have as yet to show any signs of abusing personal data."
Apple got flack because:
(1) The data was collected at all. People were annoyed it was collected at all and they were annoyed that once collected, the data could then be used and abused by 3rd parties.
(2) Its right that *everyone* collecting this data gets flack. Therefore its not just Apple at fault. Any company doing what Apple did are also wrong.
(3) Apple applied for a patent which showed their intention to use this data.
Also point (3) invalidates any claim this was just a "tracking bug", because they intended to use this tracking data.
For example, Apple's Patent Application *in their own words*:
There in Apples own words, they show their intention to use this data. Lets see Apple fans close their mind to that fact. It shows Apple's attempts to call this a bug is a lie and a very annoying lie at that. It was intentional to collect this kind of data because they intended to use this kind of data. Test code or not for that list, their patent shows *they intended to uses exactly this kind of data*.
Therefore Apple have multiple reasons to deserve flack, so its annoying any attempt to down play that flack.
But as usual I can see on here Apple fans showing all too typically how they close their mind as soon as they read anything critical of Apple. That same criticism of data collection applies to all companies who collect this location data, but Apple fans all too often show they only assume people are being critical of their beloved Apple.
At the same time us non-fans are getting sick of the Apple fans all too often subjecting us to their superior gleeful condescension over everyone who doesn't get what Apple are trying to do. Bullshit because (A) we are sick of suffering the superior gleeful condescension and (B) we saw what Apple were doing and we didn't like it, the same as we didn't like what Google done and what TomTom done in selling their data.
Pity they're quashing this 'bug', as I rather like it - because I'm NOT PARANOID.
It's rather interesting - for example here's the holiday I've just been on; http://twitpic.com/4tevwd
I'm sure there are other ways to record a trace of where you have been.
The location data in the phone was just assistance data, it did not show where you had been. I have never been to Bristol or London with my iPhone yet it said I had. This is because the actual data can be quite a considerable distance away.
I have an iPad and an iPhone so that's *two* 666Mb downloads, and iTunes barfs with an error if you try to do them both at once.
Well that opens up a whole load of new conspiracy theories!
You spend the time waiting for the downloads by posting your rant here.
Took two minutes to download on 50MB cable and as a bonus I don't need to pay the BT tax.
But you're happy to give Ole Beardy more cash for the extra bandwidth and the kudos/bragging rights to state to all and sundry how "fat your pipe is" ( ooerr Misssus! )?
Anything above 10MB is overkill in my book unless your a) an avid gamer who needs as close to zero latency as possible and loads of updates and downloads for said games or b) a thieving git sitting sucking half the media content from "da tubes" via torrents!
I have 10MB VM line and I probably shift a max of 50MB a week, if that! I give Ole Beardy the least amount possible and wait until they bump me up to a faster speed on a free upgrade!
( Cue downvotes from other freetards defending their right to rip-off media to build their own media corps sized home NAS servers! )
"According to tests by independent security researcher Samy Kamkar, the iPhone was also collecting new data on cell tower and Wi-Fi networks when location services were off, and sending this data back to its servers. It's unclear whether the update stops these collections as well. According to Skyhook's Morgan, the collection of the data and the downloading of the cache to the phone typically work hand-in-hand."
Didn't you get to this paragraph?
I don't get it - if Samy Kamkar can determine reliably and unequivocally that a 4.3.2 iPhone sends data "...back to its servers..." (what servers - very mysterious), then surely (s)he can easily determine whether a 4.3.3 iPhone does the same or not?
Obviously, Apple is an immoral company.
This 'BUG' fix changes nothing. People can still access where you have been if they steal your phone, its not encrypted, data is still being transmitted from the phone on your location.
Oh please. The data stored on the phone is not your current location. It is data of cell towers and WIFI access points up to a 100 mile radius in some cases!
The ultimate in consumer choice.
[checks calender, confirms it's the year 2011]
Why-oh-f**king-why can't they issues smaller patches for iTunes and iOS, like everyone else in The Known Universe? Are the software coders at Apple really *THAT* stupid? [Yes, apparently.]
Even with moderately-reasonable Internet speeds, it's still a huge PITA to update when they STUPIDLY insist on downloading the entire damn thing each-and-every time.
iOS 4.3.3 is not 666MB in size
How do I know? Because iTunes downloaded it last night and I watched it download.
Granted, the stupidity of having to download a whole image instead of just a patch is immense, but then again, there are worse things in the world.
And FYI - I'm NOT a fanboy. I use the device only because it does what I need it to for my work.
I don't think one of those would tell you the date.
a machine in which cloth, paper, or the like, is smoothed, glazed, etc., by pressing between rotating cylinders.
a machine for impregnating fabric with rubber, as in the manufacture of automobile tires.
If you are going to post on spelling
Maybe you should reconsider the way you spell your name?
Re: iOS 4.3.3 is not 666MB in size
Sure it is - at least, for the iPhone 4. 666.2MB, to be precise (well, as precise as iTunes' download status meter is, at least). How do I know? Because I'm waiting for it to download now...
Evil Steve, obviously...
The spelling of my handle is intentional
I only bring up this particularly grating example as there is a very popular kind of computer program which one will find installed on almost all users' desktops. This program is probably open right on the screen along with the browser in which the user is commentarding.
On my screen at this precise moment is an example of such a program which is currently displaying the word 'Calendar' in no less than ten locations. I therefore find spelling this specific word incorrectly demonstrates a certain level of ignorance which in my opinion is inexcusable.
I also find it quite comical as it always reminds me of a Tom and Jerry cartoon where Tom is fed through a mangle and comes out like a pancake! Once you have an image related to a word it's quite hard to shift it.
That's a new definition of a bug for me - a program doing exactly what it was designed to, but subsequently found to be bad for PR when users discovered what it did on the sly.
Back in the day, we used to call that an 'undocumented feature' rather than a bug.
Re: Re: Bugs
We used to call them FDD - Features of Dubious Desirability.
Black helicopter 'cause it kinda looks like a bug...
> According to Apple, the update reduces the size of the cache (by an unspecified amount)
> Apple said it needed to store only about seven days' worth of data.
Reading comprehension stops you looking like a cut-and-paste hack with an Apple grudge.
What Apple *said* was necessary is not necessarily what was implemented.
I guess you need some help too...
...my point had nothing to do with Apple's actions, but everything to do with the article's author contradicting himself.
At the top of the article he claims that Apple does not specify the amount by which the cache has been reduced (they do), and then goes on to quote Apple saying iOS will now only cache 7 days worth of data. Given that the nature of the cache and Apple's response is the central point of the article, it was a pretty sloppy mistake to make.
Not worth my time
I'm not going to waste an hour of my time with an update designed to placate the paranoid. I'll be waiting for something more substantial before I update my phone again.
...where you live.
Still know where you are 3Gers
It's worth noting that iPhone 3G users don't get the security upgrade, as per Apple's EOL policy, so stuck at 4.2.1.
This was introduced in iOS 4.x
I believe any iPhone that is EOL'd and OOW, should probably be jailbroken, if you care about security, receiving new features, etc.
We're not doing it ...
... but we're going to stop on Wednesday.
I wonder if they will also "bug fix" the patent they made, that describes the behaviour they have just removed...
Re: Still know where you are 3Gers
Neither do 2G or 1G users get the update either if I'm correct? I have a 3G but am in no rush to upgrade because Apple needs to release new phones just to add new features which should have been there from the start. They did it with the iPad. The features in the iPad 2 were deliberately left out of the iPad 1 because Apple like to keep the fanboys buying the new gear for new features to screw money out of them.
Sly marketing that should be classed as rip off fraud in my book. My 3G is a phone and a high tech PDA, no need for me to upgrade, except to a HTC when the time is right. I hate sly brand locking, and snobbish companies like Apple. Exactly the reason I like that jailbreaking is legal, I'll do what I want with my device that I paid for, thanks. And that includes being able to go where I want without being tracked too clearly.
Agile Product Management
The reason the original IPhones and Ipads were released "incomplete" is that Apple wanted to get their product to market fast and be first in. The best way to do this is to focus on core features, and get it shipping, and then finding out what exactly your customers want you to add.
There may be things they don't want to add for a) technical reasons, b)cost reasons, c) control reasons. That's generally why they produce their products the way they do. Quite honestly, what really is now missing that most people would use on the iphone?
I understand moving away from an iphone if it no longer meets your needs, it will be my consideration this year, but two years ago nothing matched the 3gs.
You're retarded & AC on Calender etc.
PS: Apple are still stupid for not understanding how to fix their software with little patches.
Ah for crying out loud
Can we stop perpetuating the myth that the cache is the 'location data' that is the problem. There are _multiple_, say again, _multiple_ tables in consolidated.db. One contains cell tower info, another wifi base station info and so on. Have apple said which of these tables has a 'bug'? No. They've successfully deflected the issue entirely.
Someone with an iphone please confirm whether or not the table 'CdmaCellLocationLocal' is still being updated. That is the table containing locations of the phone itself. The other three tables, are CdmaCellLocation WifiLocation which contain short lived data, used for aGPS, probably what Apple is referring to. The fourth is LocationHarvest contains a _cache_ of seen locations but is very short lived.
Again, check data in table 'CdmaCellLocationLocal' in consolidated.db. Is it still being updated or not? What about when location tracking is off? That is the issue, anything else serves to deflect from the issue and expands job's reality sphere.
Still waiting for Microsofts explanation of Windows Phone 7 recording users precise locations (rather than cell tower data) and submitting it to Microsoft along with a unique phone ID, and an associated "fix." I'm sure they'll be announcing it real soon now.
- Boffins attempt to prove the UNIVERSE IS JUST A HOLOGRAM
- Review Reg man looks through a Glass, darkly: Google's toy ploy or killer tech specs?
- MEN WANTED to satisfy town full of yearning BRAZILIAN HOTNESS
- +Comment 'Stop dissing Google or quit': OK, I quit, says Code Club co-founder
- Apple tried to get a ban on Galaxy, judge said: NO, NO, NO