Apple has released an official Q&A on Location Data.
Companies that take privacy seriously actually test their software before shipping it to customers. Software should have unit tests and integration tests that prove it works and performs to its specifications.
7. When I turn off Location Services, why does my iPhone sometimes continue updating its Wi-Fi and cell tower data from Apple's crowd-sourced database?
It shouldn't. This is a bug, which we plan to fix shortly.
MPG: But this response does NOT address the issue of turning location services ON, and then having the tracking file still maintained. The RIGHT solution is a “Do not keep location history” setting. This Apple is not volunteering to do.
3. Why is my iPhone logging my location?
The iPhone is not logging your location. Rather, it's maintaining a database of Wi-Fi hotspots and cell towers around your current location, some of which may be located more than one hundred miles away from your iPhone, to help your iPhone rapidly and accurately calculate its location when requested. Calculating a phone's location using just GPS satellite data can take up to several minutes. iPhone can reduce this time to just a few seconds by using Wi-Fi hotspot and cell tower data to quickly find GPS satellites, and even triangulate its location using just Wi-Fi hotspot and cell tower data when GPS is not available (such as indoors or in basements). These calculations are performed live on the iPhone using a crowd-sourced database of Wi-Fi hotspot and cell tower data that is generated by tens of millions of iPhones sending the geo-tagged locations of nearby Wi-Fi hotspots and cell towers in an anonymous and encrypted form to Apple.
MPG: How is a database of hotspots and cell towers “around my location” effectively any different than my location? Other than a degree of precision? See the notes from the reader from Belarus on how the KGB uses this information.
Why can’t Apple do what it needs to do with a day’s worth of data? Why does it need to remember that I was in Death Valley National Park 3 months ago? Why is there no “Erase History” as with the Safari web browser? Apple goes on to say that 7 days is enough— but I want to choose for those times I really want Location Services (never) and I would not choose 7 days.
5. Can Apple locate me based on my geo-tagged Wi-Fi hotspot and cell tower data?
No. This data is sent to Apple in an anonymous and encrypted form. Apple cannot identify the source of this data.
MPG: The “encrypted” piece is a misleading red herring: Apple decrypts this information or it would be useless. Encryption in theory protects the information over the air, but if the key is compromised (by a hacker or secret court order), the information is then available in real time. The anonymous part has been shown with so many other technologies on the web to be little impediment, along with a few other pieces of information, to identifying specific users, especially if a history is involved.
And how does Find My iPhone work? And what prevents that feature from being hacked or mis-used at any time?
10. Does Apple believe that personal information security and privacy are important?
Yes, we strongly do. For example, iPhone was the first to ask users to give their permission for each and every app that wanted to use location. Apple will continue to be one of the leaders in strengthening personal information security and privacy.
a) What has Apple done to encourage phone companies to not store location history?
b) What has Apple done to promote privacy legislation that prohibits (with felony penalties for companies or the government) the collecting of location history for mobile phone users by networks or phone companies? Anything? Anything at all?
Apple has considerable leverage to effect policy. It’s disingenuous to look past the more serious problems and not be proactive in doing the Right Thing. Which might also happen to be great for business.
The iPhone/iPad are accessories to a more serious problem
I don’t want Location Services, I don’t want to be tracked directly or indirectly, I want an OPT-OUT feature both in the phone and at the phone company.
Apple’s blithe assumptions that anonymous location information cannot be de-anonymized are simply wrong as proven with other web technologies today.
But the serious problem is at the phone-company end, and there, Apple could use its considerable leverage towards legislation to that end.