Love the fact that they grabbed the money from Apple's account!
Apple is facing legal action from thousands of iPhone users for tracking their movements via their phones' location – and it has already been forced to make one payment on the same issue. Lawyer Kim Hyung-suk won one million South Korean won – or a disappointing £568.38 – from Apple last month. Or to be precise, Korean …
It's a location assist cache. It lists data around where you have been, sometimes miles away.
For instance, I had data saying I had been to London when I hadn't. So what use is this data for tracking anyone if it lists loads of places you've never been to? All it really shows is what country you were in on a particular date.
Not to mention, you have to have access to their phone or computer to get the data.
Of course, there was a patch a while back that reduced the cache size and stopped it being backed up. But why let that get in the way of a court case eh?
Good luck if the police decide you took part in the riots, someone there was of the same sex, and your phone showed you were there. Heck, if someone who was convicted of rioting has your phone number and your device shows you were near there you're almost definitely stuffed.
The above hold for any acts of terrorism or any other crime-du-jour you care to mention.
Just an example of a problem which could be caused by this, of course, I'm sure other people will think of others.
>>"Good luck if the police decide you took part in the riots, someone there was of the same sex, and your phone showed you were there. Heck, if someone who was convicted of rioting has your phone number and your device shows you were near there you're *almost definitely stuffed*."
So presumably, given that many looters were locals, and are likely to have the numbers of any number of innocent locals on their phones, that means a good fraction of the innocent people who happen to live in affected areas will end up being convicted despite a lack of any actual evidence?
As far as I can see, so far convictions seem to have largely resulted from people being physically caught in the act, or on CCTV, or in possession of stolen goods.
When it gets to convictions being based on too-vague location data from mobiles and nothing else, I'll start to worry rather more than I'm currently doing.
>>"The above hold for any acts of terrorism or any other crime-du-jour you care to mention."
I'm sure that the police have totally failed to learn any lessons at all from gigantic and well-known past mistakes, and in the event of terrorism, high-profile murder, etc are always just going to grab the first people they can find irrespective of whether there's actually any meaningful evidence of guilt.
>>"Just an example of a problem which could be caused by this, of course, I'm sure other people will think of others."
I'm sure some people will.
However, is the data Apple might have kept for years really greatly more risky in the hands of the obviously existent Great Totalitarian State than data that any old mobile telecoms provider will have?
While I agree with you about this being exaggerated, the case is for Apple's past actions.
The original purpose of this cache was most likely benign, but Apple made two mistakes which a customer could seek damages for: 1. they collected this information about the customer without permission; and 2. having collected this information, they did not take adequate precautions to prevent it being abused.
The later fixes in iOS remedy both points, but there's still the problem that Apple did do this in the first place. People who feel aggrieved by this behaviour are certainly entitled to *ask* for compensation.
Personally, I don't think the real scale of the damages should even amount to the £500-odd awarded, unless there's genuine evidence of someone coming to harm because of this. For just the vague feeling of being betrayed by Apple, there shouldn't be money handed out at all; realising that a corporation doesn't love you back as much as you may love them is a valuable life lesson, I'd have thought.
I also got the feeling that the first award was a narky judge giving Apple a slap for ignoring his court. So while the price of a new iPhone, or an alternative phone if they were so mortally shaken by their experiences that they can't ever trust Apple again, was a nice award for the claimant, these 27,000 won't be anywhere near as lucky...
Re: the story's "Apple had stored their iPhones' location data" and your "Apple ... collected this information about the customer without permission; and ... did not take adequate precautions to prevent it being abused."
I think the sort of wording people are using is prone to give a false impression: Apple never had the data in their possession. Their OS collected it and it remained on your handset and in your iTunes backups, potentially exposing it to malicious third parties. Nobody alleges that Apple did this on purpose so far as I can make out, but by the same token if your new-build home fell down then you'd be able to sue the builders even if they didn't do it on purpose.
I'm all for devices being built with sufficient competence not to leak information about me to others so if that's the basis on which the court awarded damages then I'm in favour of it.
How about not storing information on any persistent media at all unless the customer* asks for it to be so? If transient data is required for functionality it can be stored in volatile memory. Also - if it can be programatically written it can be programatically deleted.
And while they are at it - how about building a comms device that comms only with those parties that the customer asks to comm with?
We've had the technology for quite a while now - are Apple really saying that they are so crap at tech that they cannot manage this? You would have to be pretty crap to accidentally create a whole phone-home routine and not realise you did it even after all that extensive error testing.
*I was going to say owner but we all know that you never own an iDevice
recap: It is (was) a cache of base station locations that you looked as if you might go near, often as much as 50 miles away from where you actually went - so that internet access is not required to deliver a quick initial response from location services on the phone. It was being held for weeks/months, and grew to a large size.
As such it was pretty useless for tracking you (far too vague). But now the cache has been reduced in size, it's info much more precise about where you've recently been.
Of course the worst thing is: if I get hold of your iPhone, I can tell you EXACTLY where it is. It's an outrage that Apple is shipping a device configured to reveal its own location to anyone who as much as sees it.
Knickers Twist In A (re-arrange)
Molehill Out Of Mountain Making A (re-arrange)
It's too easy to sue over this and that - hardly think Apple were trying to profit from it. People are becoming far too litigious these days but what happens is A sues B, B sues C and C sues A - what goes around comes around - now that's enough idioms for one day.
So, after the "iPhone tracks your movements" fiasco, I recall another El Reg article about Android phones also "storing" location data.
Now with Android being available on many different brands, who would this Korean lawyer target next? Google? Samsung? HTC? Garmin?
Perhaps if the end users bothered to read the EULA correctly they would understand that this infromation is kept b ut not [always] shared by many devices.
It's just another layer to the laminated bullshit that keeps this litigious industry ticking...
"So, after the "iPhone tracks your movements" fiasco, I recall another El Reg article about Android phones also "storing" location data."
There's a subtle difference - Android only tracks your data if you agree to it, it's not buried in T&C's either, it's fairly explicit in it's explanation.
Also it's anonymous.
IIRC Android collects data and sends it back to Google, whether you have location services on or not, and whether you like it or not. Every Android phone is essentially a siphon of information for Google. Google=Evil
Apple's "mistake" was letting it be unencrypted and backed up in unencrypted form, thus opening the door to abuse. Apple fixed it pretty quickly once it became ugly and public. AFAIR Apple never sent the info back to HQ. Apple=Incompetent
"There is a reason Japanese do not prefer Korean products."
Right, because they have their own industries that directly compete with Korea and have one sided laws that do not allow fair competition from outsiders for one reason.
South Korea is a Republic and sued Apple within their own laws. I have no issue with that or the result.
Jesus H. Christ. Is that all? That's about a thousand bucks, American. Sounds to me as if a "crazy" US-type settlement might well be in order here. For this, Apple needs to have its goddamn ass kicked until it walks funny.
Oh, and I love the excuse, too. It's a "bug" -- kinda like Google slurping everybody's Wifi addresses was a "bug". Not that I'm surprised, but, still, that's gotta be the lamest stock excuse ever. You'd think that with all the money they pay their PR people, they could come up with something a little more imaginitive than "duh, it was a bug" whenever they're caught pulling this shit. That sounds like one of those weak-assed Soviet official stories, you know, like "Comrade Minister was beink killed in hunting accident in Siberia, with pistol".
I gotta love how the settlement cash was taken out of Apple's South Korean accounts, though. Still, only a measly million Won; that's like an Italian suing somebody for a million lire.
The bug wasn't that it tracked the phone, that was deliberate functionality - same as Android, same as WP7.
The first bug was that it did it when it was supposed to be turned off and the second bug was that it didn't clear the cache often enough.
Both bugs were fixed by an update put out around 2-3 weeks after the story broke.
In neither case was any data sent to Apple, the data was on the phone and any backups. Note that this is in contrast with Android and WP7 which both send data back to the respective motherships (who both say they only use the data anonymously), but at least they need location services turned on.
Overall, all three systems are now back on roughly the same level as far as this functionality goes.
If it helps your perspective, imagine someone trying to sue Google *now* for a bug in Android 1.6 because they happened to be using it at the time, even though it never gave them a single problem.
the lawyer only needs to prove it once.. then his case can be used as a precedent.. if apple pays 550 equivalent for each of the 27k complainants that's 14.8M. Lawyers typically get 20% or more for this type of litigation and that'd be a cool 2.97M brit bucks.. that's not peanuts anymore.
Biting the hand that feeds IT © 1998–2019