Affiliate Disclosure
If you buy through our links, we may get a commission. Read our ethics policy.

Apple, Google detail mobile privacy policies before US Senate subcommittee

Apple Vice President of Software Technology Guy L. "Bud" Tribble spoke to members of the U.S. Senate on Tuesday, and reiterated his company's position that it makes user privacy one of its highest priorities. He also revealed methods the company uses to ensure developers follow the rules, including random audits of App Store software.

Tribble recapped much of what his company revealed in late April, when Apple issued a public statement on the Location Services feature of the iOS mobile operating system, which powers the iPhone and iPad. The Apple executive stated clearly that his company does not track users' locations, and does not share personally identifiable information with third parties for marketing purposes without a user's consent.

"Apple is strongly committed to giving our customers clear and transparent notice, choice and control over their information, and we believe our products do so in a simple and elegant way," Tribble said Tuesday in his remarks before the Judiciary Subcommittee on Privacy, Technology and the Law.

The hearing, held Tuesday morning, was entitled "Protecting Mobile Privacy: Your Smartphones, Tablets, Cell Phones and Your Privacy." Its existence was sponsored in part by concern over a location database file that was stored on users' iPhones and 3G connected iPads.

"Apple was never tracking an individual's location from the information residing in that cache," the Apple executive said. He added that Apple did not have access to the cache, and the information was also protected from other applications on a user's phone.

Tribble noted that Apple has a comprehensive privacy policy that is available from a link on every page of Apple's website. He also said that Apple devices, like the iPhone, do not transmit to Apple any data that can be uniquely associated with the device or that customer.

He explained that Apple has a crowd-sourced collection of cell phone towers and Wi-Fi hotspots that aid in allowing users' iPhones to assess their location quickly, before a GPS signal can be obtained.

Sen. Al Franken, D-Minn., asked how Apple is using the data to help handsets assess a user's location more accurately, and yet Apple Chief Executive Steve Jobs has said that the data collected is not the person's actual location. Jobs said in interviews with the press that the cell tower and Wi-Fi hotspot location data could represent points that were up to 100 miles away, but Franken said he believes the fact that the data is used for location services makes Jobs' statements seem contradictory.

Franken, who is chairman of the Judiciary Subcommittee, also asked if both Apple and Google would require application developers to commit to a fixed privacy policy in their respective mobile application stores. Tribble said that Apple's current developer agreement does not currently require a privacy policy, and said that the addition of a policy likely wouldn't go far enough.

Tribble said he believes that indicators need to be put in the user interface to make it clear to users what is being done with their information. He noted that when an application is using location data in Apple's iOS, a purple icon appears in the upper right of the screen so that users are aware.

Senate 2

"Transparency here goes beyond just what's in the privacy policy," Tribble said. "It's designing into the app and the system itself information for the user."

Tribble also told members of the committee that Apple takes pride in responding promptly to issues. He acknowledged that the location services data was stored for too long in the iOS software, and Apple addressed the bug last week with the release of iOS 4.3.3.

The Apple executive also detailed how his company conducts random audits on applications to make sure they're playing by the rules. He admitted that Apple does not audit every single one of its 350,000 iPhone applications, just like it would be impossible for the federal government to audit every single taxpayer.

Apple also keeps an eye on blogs and its "active community" of application users for potential violations. If a violation is discovered and the issue cannot be resolved, applications will be removed within 24 hours and the developer will be notified.

In most cases, Tribble said, developers quickly correct the issue, as they want to keep their application available in the App Store.

iOS 4.3.3

Last week, it was revealed that Tribble would take part as a witness in Tuesday's congressional hearing. Tribble served as the manager of Apple's original Macintosh software development team, and helped design the original Mac OS and user interface. He also joined Apple Chief Executive Steve Jobs as one of the founders of NeXT, and rejoined Apple and Jobs in 2002.

Tribble was part of the second panel that appeared in Tuesday's hearing, and was joined by Alan Davidson, Google's director of public policy for the Americas. Davidson was grilled on Google's past controversial collection of Wi-Fi hotspot data with its "Street View" vans that capture imagery for the Google Maps service.

Sen. Richard Blumenthal, D-Conn., asked Davidson about patents that Google has applied for that mention the collection of Wi-Fi data for building more robust mapping services. Davidson restated his company's stance that the Street View Wi-Fi data collection was unintentional and was not done to improve its Maps product.

"It was a mistake, and we certainly never intended to collect payload information," Davidson said.

Update: Following Tuesday's hearing, Google also issued a statement in response to Blumenthal's question: "The technology in that patent has nothing to do with the collection and storage of payload data and is entirely unrelated to the software code used to collect Wi-Fi information with Street View cars," a Google spokesman said.

Davidson, in the hearing, also said that unlike Apple, Google does not actively comb applications that are available for its Android operating system once they are available on the marketplace. He said that the open source nature of Android means the search giant would prefer to take a hands-off approach.

To protect users, Davidson said that they are prompted with a list of features, including location services, that software downloaded from the Android Market might use. Users are given that information when they install new software on their Android-powered device.

Other members of the second panel were Justin Brookman, director for project on consumer privacy at the Center for Democracy and Technology; Ashkan Soltani, independent researcher and consultant; and Jonathan Zuck, president of the Association for Competitive Technology.

Location Data
iPhone location data plotted | Source: O'Reilly Radar

The first panel in Tuesday's hearing included Jason Weinstein, deputy assistant attorney general of the Criminal Division at the U.S. Department of Justice, and Jessica Rich, deputy director for the Bureau of Consumer protection at the Federal Trade Commission. Franken asked Rich if Apple was "deceptive" by stating in its iPhone user agreement that turning off Location Services would stop the collection of data even though, until last week's release of iOS 4.3.3, that was not the case.

Rich declined to comment on one company, or Apple's particular situation. However, she did add: "If a statement is made by a company that is false, it is a deceptive practice."

Tribble noted that last week's release of iOS 4.3.3 made it so switching off the Location Services feature on an iPhone would delete the database file and cease collection of information about nearby Wi-Fi hotspots and cell towers. He also said that in the next major release of iOS, location information would be encrypted on iOS devices.