By Marty Feuerstein
For the past several months, controversy has raged over the revelation that Apple and Google tracked mobile subscriber location movements and stored that information in an unencrypted file on the handset, where it was potentially vulnerable to hacking and other inappropriate usage. The resulting Location-gate scandal highlights the sometimes tenuous control of mobile subscriber information versus the business objectives of dominant platform and applications providers. These business objectives may include immediate revenue opportunities from the subscriber being tracked or broader self-interest initiatives, such as collecting marketing data that may be valuable to third parties like advertisers, or building subscriber-reported Wi-Fi access point databases.
Furthermore, while much has been written about the privacy impacts of the collection and use of consumer location information, few articles have clearly outlined the technologies behind Apple and Google’s tracking activities. It is important to fully explore and understand these technology methods, and how they differ from other location technologies in use, in order to properly evaluate the threat posed by Location-gate and to develop responses that maintain privacy while enabling the benefits of location-based services.
Location, Tracking, and Storage
iPhone and iPad subscribers had previously been aware that Apple tracked their location via GPS, because the company notified subscribers when an app required the use of GPS to identify location, and asked them to opt-in. However, soon after Location-gate erupted, Apple’s vice president of software technology, Bud Tribble, testified to Congress in May 2011 that Apple also had been tracking device locations over time using triangulation between nearby Wi-Fi access points and wireless base stations. Triangulation is the moderately accurate method in which the mobile device measures the nearby cell site or access point identifications and possibly signal strengths, typically pinpointing device location to within a few hundred meters.
Following this revelation, Apple’s initial response was that “users are confused” and that it was simply “maintaining a database of Wi-Fi access points and cell towers around your current location…to help your iPhone rapidly and accurately calculate its location when requested.” Soon after Apple location tracking activity was revealed, it became known that Google was doing essentially the same thing, although to a slightly lesser degree (Android phones stored only the 50 most recent coordinate fixes and up to 200 Wi-Fi access-spot locations), and using a similar triangulation method without the subscriber’s explicit knowledge. Google Android devices also have GPS capability.
Why, if both OS providers embedded or leveraged GPS in their phones, would they resort to a less accurate location method, triangulation?
Neither company has provided an answer. We know that the triangulation method uses less battery power than GPS, conserving battery life for other uses while filling in performance holes for GPS in urban and indoor environments. Also, unlike with GPS, mobile subscribers are either not able to disable triangulation or must disable it separately. More relevant is the fact that triangulation allowed the OS providers to identify location automatically and track it over time in the background without the subscriber’s knowledge, for purposes such as building and maintaining a subscriber-reported database of Wi-Fi access points.
From a privacy perspective, there is a dramatic difference between tracking someone’s location over time (the bread crumb trail that Apple and Google used), versus locating one’s position for a specific purpose and handling the location information only within the confines of a secure wireless network. Useful applications that are universally accepted, such as E911 for safety-of-life situations, employ the latter method.
Other players in the mobile ecosystem, such as wireless network operators, have collected subscriber location information as well, but not by storing it in the device as historical files in the same way that Apple and Google did. Some information exists on the network side in association with billing records for calls (call detail records or CDRs), but this is not bread-crumb tracking of cell-IDs. E911 calls have records stored for use by public safety agencies, but most users never make an E911 call. Other messages containing coarse location may exist on a transitory basis (for example, location area updates), but these are not typically aggregated or stored for later processing.
Alternative Geo-Location Methods
There exist location methods that provide far greater privacy and security than the location tracking and handset storage that Apple and Google have utilized. Standard methods exist for performing location using the wireless service provider’s network elements. These are called control-plane methods, which follow standards developed by 3rd Generation Partnership Project (3GPP) and 3GPP2. Other standard methods exist using IP transport from the client phone to a location server. These are called user-plane methods, such as the Secure User Plane Location (SUPL) standard from the Open Mobile Alliance (OMA). Both control- and user-plane location standards incorporate mechanisms for data security and user privacy. These standard control- and user-plane methods differ from the proprietary methods used by many client applications and OSs, which are inherently user-plane in nature but with non-standard implementations.
Methods using a client application with handset-based location on the mobile device, also called user-plane methods, bypass the carrier’s wireless network elements and instead rely on an IP connection to transmit information from the client application to a server on the Internet. These user-plane location methods, such as client applications for handset-based A-GPS, as discussed, are already widely in use for location-based services. Handset applications are inherently vulnerable to hacking and privacy intrusions, as the recent spate of mobile viruses on Android has highlighted.
A-GPS is highly accurate at identifying location in direct line-of-sight conditions with the satellites (open sky conditions), as found in suburban and rural areas, but performs less well in challenging dense urban and indoor environments. GPS in the phone can be easily disabled by the end user, and the receiver chip in the handset can cause significant battery consumption when used in demanding applications, such as navigation and monitoring geo-fences. A-GPS, as used by wireless network operators for navigation and other location-based services, does not usually store unencrypted files of historical location information in the handset, as Apple and Google did.
Alternative, network-based, or control-plane, methods make use of the wireless services provider’s network elements to keep location information wholly behind the security of the operator’s firewall, employing highly standard protocols for security and privacy. Control plane location methods are used for today’s safety-of-life applications, like E911, where security and privacy are prime considerations.
One example of a network-based location technology that can work in control-plane is RF pattern-matching (RFPM), which is the only high accuracy, software-based, scalable location solution that requires no additional hardware changes/additions to the mobile device or at the base stations. It compares mobile measurements (signal strengths, signal-to-interference ratios, time delays, and so on) against a geo-referenced database of the mobile operator’s radio environment. RFPM boasts a 100 percent security record for subscriber mobile location information it produces, for critical applications such as E911 emergency call and law enforcement location applications.
Location information for growing consumer uses deserves the same privacy and security protections that other standards-compliant control-plane solutions provide for today’s mission-critical and safety-of-life location applications. RFPM works extremely well in non line-of-sight conditions such as dense urban and indoor environments, where GPS-based solutions face challenges. RFPM also offers low battery consumption and geo-fencing capabilities, which makes it ideal for providing location for the growing opportunity in location-based advertising and other location-based services (widely believed to be the true driver behind Apple and Google’s location tracking activities).
As Location-gate clearly illustrates, there is no shortage of methods to identify and track one’s location via mobile device. Now that the issue has been raised, it is imperative that the entire mobile ecosystem — network operators, OS providers, regulators, and subscribers — clearly understand what methods are used, when one’s location is being identified and tracked, and what is being done with that data. Breadcrumb trails are useful if you’re trying to find your way out of the forest, but not if Big Brother is tracking you.
Marty Feuerstein is chief technology officer of Polaris Wireless, where he leads research into new products, algorithms, system performance, and regulatory activities. He has a Ph.D. in electrical engineering from Virginia Tech.