Apple today denied that it tracks iPhone and iPad users, saying that "users are confused" about the issue.
In a statement posted on its Web site, Apple defended the practice, but admitted that there were bugs in its software that would be fixed "in the next few weeks" with an update to iOS, the mobile operating system that powers the iPhone and iPad.
A privacy expert applauded Apple's acknowledgement of the problem and its promise to make changes, but questioned the company's flat denial that it never tracked users.
"I'm glad that they are fixing what they call bugs," said Justin Brookman, the director of consumer privacy at the Center for Democracy & Technology (CDT), a Washington D.C.-based advocacy organization. "But I take exception with their strong denial that they track users."
Wednesday's statement was the first official response from the company since British researchers reported last week that iOS concealed an unencrypted file containing thousands of location data entries going back almost a year. The unsecured file was also backed up on users' PCs and Macs during synchronization.
Today, Apple said it does not track users.
"Apple is not tracking the location of your iPhone," the company said in its statement. "Apple has never done so and has no plans to ever do so."
The unencrypted file is not a history of the iPhone or iPad user's movements, said Apple, but is instead a subset of a database it maintains of cell tower and Wi-Fi network locations. Apple described the database as "crowd-sourced," meaning that it is compiled from numerous users.
"[This is] a database of Wi-Fi hotspots and cell towers around your current location ... to help your iPhone rapidly and accurately calculate its location when requested," said Apple. "Calculating a phone's location using just GPS satellite data can take up to several minutes. iPhone can reduce this time to just a few seconds by using Wi-Fi hotspot and cell tower data to quickly find GPS satellites, and even triangulate its location using just Wi-Fi hotspot and cell tower data when GPS is not available."
The database consists of data submitted to Apple by "tens of millions of iPhones," Apple said.
Apple loads a small portion of that database -- it's too large to store on a smartphone or tablet in its entirety -- on each iPhone and 3G-equipped iPad. "The location data that researchers are seeing on the iPhone is not the past or present location of the iPhone, but rather the locations of Wi-Fi hotspots and cell towers surrounding the iPhone's location," said Apple.
Although the company did not admit it tracked users, it did own up to what it called "bugs" in its current software.
Rather than retain months of location data in the unencrypted file, it said seven days worth of information would be sufficient to pinpoint the iPhone's location. It also said that the data should not be present on the device if the owner had disabled all location services, and said it would not only encrypt the file on the iPhone and iPad, but stop backing up that data to users' personal computers.
Some of those changes will take place "in the next few weeks," Apple said, when it updates iOS to reduce the size of the database, eliminate the backup and delete the data when location services are turned off.
Apple promised to encrypt the file on iPhones and iPads with the "next major iOS software release," which would presumably be iOS 5. Apple has not announced a release date for iOS 5, but will likely set a timetable either at its annual developers conference in early June, or shortly after.
In its statement, Apple also took a little-disguised shot at the media coverage of the issue, and blamed the controversy on confused users and its failure to educate customers.
"Providing mobile users with fast and accurate location information while preserving their security and privacy has raised some very complex technical issues which are hard to communicate in a sound bite," argued Apple. "Users are confused, partly because the creators of this new technology (including Apple) have not provided enough education about these issues to date."
Brookman supported Apple's decision to modify its location practice, but didn't buy the argument that the company never tracks users.
"They say that they're not tracking users' locations, and although [the data] may not show exactly where I am or where I've been, it shows a very strong approximation," said Brookman.
"The fact that the log is there does raise legitimate privacy concerns," Brookman continued. "It could be subpoenaed by the government, or even by a divorce attorney, to determine what part of town you were in."
Brookman said that Apple could soothe privacy concerns by giving users more control over what data is retained. "There may be some users who want to turn this off without disabling all location services," he said.
From Brookman's point of view, Apple essentially admitted to mistakes by promising bug fixes. "They're acknowledging problems, even though they don't say as much, by saying that they'll fix things," he said.
In the end, however, Brookman's take on Apple's response was more positive than negative.
"There are questions why this went on so long," Brookman said, noting that digital forensics experts have known about and reported on the database since mid-2010. "But they're limiting [the database] to just seven days, which is a strong improvement."
Gregg Keizer covers Microsoft, security issues, Apple, Web browsers and general technology breaking news for Computerworld. Follow Gregg on Twitter at @gkeizer or subscribe to Gregg's RSS feed. His e-mail address is firstname.lastname@example.org.
Read more about privacy in Computerworld's Privacy Topic Center.
Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.