Apple's location-cache issue resolved - but iOS 4.3.3 already jailbroken
Let’s pick up where we left off, shall we? In my previous blog entry, I remarked on the fact that a file had been discovered in the back-end of devices running iOS4 that stored location data pertaining to the device: this led, unsurprisingly, to a rather loud outcry in the media (and from members of the US government) that this was most definitely an Undesirable Thing, and wanting to know precisely what Apple was Up To: this outcry was accompanied by a polite request from Senator Pat Leahy, Chairman of the Senate Judiciary Committee to testify next week before a Subcommittee on Privacy, Technology and the Law, at a hearing with the promising title of “Protecting Mobile Privacy: Your Smartphones, Tablets, Cell Phones and Your Privacy." In letters to Steve Jobs and to Google CEO Larry Page, Leahy said that: “Like many Americans, I read with deep concern recent press reports indicating that [Android Phones and iPhones] collect, store and track user location data without the user’s consent… As Congress considers updates to the Electronic Communications Privacy Act and other Federal privacy laws, it is essential that the Senate Judiciary Committee have full and accurate information about the privacy risks posed by this new technology.” Perhaps sensing that there was another Antennagate in this offing (indeed, at least one blog has already dubbed this Locationgate), Apple issued a public Q&A statement on the same day (April 27) which in the first instance explained that it wasn’t tracking iPhones but that (a) it was calculating location via WiFi, cell towers to enable location-based services (which is fair enough) and (b) was downloading this information into a cache on each iPhone (which is what caused the rumpus). Apple went on to say that “The reason the iPhone stores so much [location] data is a bug we uncovered and plan to fix shortly... We don’t think the iPhone needs to store more than seven days of this data.” So, it’s a bug. Which, thanks to the latest update from Apple, is apparently a thing of the past. iOS 4.3.3, released yesterday, not only reduces the storage time to seven days as per Apple’s missive, but ends cache backup to iTunes: thereby both providing a rapid response to consumer complaints but also enabling Apple – should it choose to appear before the subcommittee – to provide a clear demonstration of its commitment in this area. But for all Apple’s efforts in this area, they still haven’t defeated the hackers. In less than a day, hackers have released software enabling consumers to perform an untethered jailbreak on devices running 4.3.3. Apple’s own turnaround of iOS update in the face of privacy concerns was impressive; the hackers response to it, positively breathtaking – and, given the ease with which they unpicked Apple’s platform, somewhat unnerving. The jailbreakers are rather like the sneezing boy in Lewis Carroll’s poem: they only do it to annoy, because they know it teases; thus, they tweak the nose of Apple by allowing consumers to visit unauthorised app stores (such as Cydia). So far, so good schoolboy fun in that regard. But if they can crack the iOS so quickly, what is the potential for others, with far more malice and criminal intent in their hearts, to make merry?