The document (PDF), drafted by Apple’s general counsel and SVP Bruce Sewell, goes into great detail about how, why and when Apple is collecting location data. Some of this information isn’t new, but it is laid out in a pretty comprehensive fashion.
First of all, Apple lays out exactly what devices/programs it is collecting location data from: iPhone 3G/3GS/4; iPad Wifi+3G; iPad Wi-Fi; iPod Touch; Mac computers running Snow Leopard; Windows or Mac computers running Safari 5.
Apple insists in the document numerous times that users always have the option of toggling off location services on all of their devices and that when a third-party apps wants to use the user’s location, that they always provide a pop-up prompt.
According to the document (everything in bold is our emphasis),
“For devices running the iPhone OS versions 1.1.3 to 3.1, Apple relied on (and still relies on) databases maintained by Google and Skyhook Wireless to provide location-based services. Beginning with the iPhone OS version 3.2 released in April 2010, Apple relies on its own databases to provide location-based services for diagnostic purposes.”
“Apple maintains a secure database containing information regarding locations of cell towers and Wi-Fi access points,” the document goes on to say. Another interesting point that the document reveals is that “Apple collects diagnostic information from randomly-selected iPhones and analyzes the collected information,” and, “Apple may also collect signal strength information to identify locations with receptions issues.” Apple contends that all of this diagnostic information is only collected with expressed consent from the user.
More interesting statements abound in this document. For example, it states that, “Apple collects GPS information…[which] may be used, for example, to analyze traffic patterns and density in various areas.” Turn-by-turn iOS 4 navigation anyone?
Regarding iAds, the letter states that for users that haven’t opted-out of iAds:
“Apple collects information about the device’s location (lat/long coordinates) when an ad request is made. This information is transmitted securely to the Apple iAd server via a cellular network connection or Wi-Fi connection. The lat/long coordinates are converted immediately by the server to a five-digit zip code…Apple stores only the zip code…then uses the zip code to select a relevant ad for the customer.”
More on iAds:
“Apple does not share any interest-based or location-based information about individual customers…In some cases, an advertiser may want to provide more specific information based on a device’s actual location…the [location] information is not provided to the advertiser.”
Also detailed is that when a GPS enabled device is turned on that has previously enabled the “On” switch for location-based services, Apple:
“…automatically collects Wi-Fi access point information and GPS cooridinates when a device is searching for a cellular network, such as when the device is first turned on or trying to re-establish a dropped connection. The device searches for nearby Wi-Fi access points for approximately thirty seconds. The device collects anonymous Wi-Fi access point information for those that it can “see.” The information and the GPS coordinates are stored (or “batched”) on the device and added to the information sent to Apple. None of the information transmitted to Apple is associated with a particular user or device.”
Other than collecting data for diagnostic and iAd purposes, Apple is also unsurprisingly collecting the data to build out it’s overall knowledge of Wi-Fi hotspots and cell towers.
In response to a direct question by the government that states: “Is Apple sharing consumer location information collected through iPhones and iPads with AT&T or other telecommunications carriers?” Apple responds with a “No.”
Also, at the end of the document, Apple states in response to the question: “Does Apple believe that legal boilerplate in a general information policy, which the consumer must agree to in order to download applications or updates [i.e. iTunes TOS], is consistent with the intent of Section 222, and sufficient to inform the consumer that the consumer’s location may be disclosed to other parties?” Apple answers:
“While Apple is not a telecommunications carrier or service provider subject to Section 222, we believe the privacy protections described in detail in this letter are consistent with the intent of Section 222.
Apple is committed to giving our customers clear notice and control over their information, and we believe our products do this in a simple and elegant way.”
A very interesting document indeed.
Here’s what we think Apple will end up doing with all this information. What do you, our readers, think about all of this?