Apple is facing a class action suit over the location data that two security researchers recently publicized.
The two named plaintiffs are Vikram Ajjampur and William Devito. They filed their suit in the U.S. District Court for the Middle District of Florida in Tampa, Fla. Ajjampur lives in Florida, Devito in New York State.
Apple has come under some fire recently after two security researchers at O'Reilly Radar, Alasdair Allan and Pete Warden, found an unencrypted file that contains location data on iPhones running the latest versions of iOS. After an initial splash of attention, others in the field noted that the location data wasn't that exact and seems to track users' general areas, rather than exact locations.
The lawsuit says that because the location data -- whatever its quality -- is being gathered without consent Apple is violating the privacy of users in violation of the law. In California, for example, it is illegal to track a person's location without their knowledge.
The suit also says Apple doesn't say it is tracking users and in its user agreements doesn't allow for informed consent.
Another interesting point is that Apple said more than a year ago, in a letter from its general counsel to members of Congress, that it needed to collect location data to make some of the services (such as finding local businesses) function. This lawsuit says that Apple collected that information on its own and in addition to that collected for those applications. The plaintiffs say they want an injunction forcing Apple to disable such tracking.
The suit says Apple violated the Computer Fraud and Abuse Act, as well as state trade practices rules. The fact that most users don't delve into their user license agreements - and that Apple knew they wouldn't -- is evidence that Apple acted deceptively, the suit says.
One issue that may come up is the part of the suit that says it is possible that Apple is using GPS to get a user's location. But research by independent consultant David Lefty Schlesinger and the Alex Levinson of the Rochester Institute of Technology seems to indicate otherwise.
The location data is often far removed from a user's location. Schlesinger says he thinks it may be picking up cell towers and WiFi hotspots, neither of which will necessarily be that close to a person with a phone. Schlesinger and Levinson both say the tracking would not be much use in finding a certain person. The real issue is that the file is unencrypted when it is synced to another device.
Schlesinger notes that getting to the data is not that easy in any case - the file consolidated.db has a name that would appear as a series of near-nonsense letters, and it would take some kill to find it and extract the information.
Apple has yet to respond to requests for comment.