Wade Meredith

InteractionWeb Designer/Developer

The Real (UX/UI) Problem with iPhone Location Tracking

The issue:

The news that iPhones keep a historical log of triangulated location data in an unencrypted file spread like wildfire in the last week or so. If you’re backing up your phone to iTunes then there’s also a copy of this file your computer. It may or may not be encrypted depending on your settings.

The topic is getting a lot of attention. The over-coverage of tech darling Apple cuts both ways (see: Antennae Gate) and it’s in full force now. The new media echo chamber is up in arms, applications to access it are being open-sourced, ways to scrub it are being published (jailbreakers only need apply) and there’s a lawsuit. (Oh and Al Fraken is pissed concerned.)

The Fake Problem:

A couple of quick reasons I don’t care about this, before I talk about why I do…

I’m going to steal Andy Ihnatko’s reasons because he already said it better than I could:

  • This database isn’t storing GPS data. It’s just making a rough location fix based on nearby cell towers. The database can’t reveal where you were…only that you were in a certain vicinity. Sometimes it’s miles and miles off. This implies that the log file’s purpose is to track the performance of the phone and the network, and not the movements of the user.
  • A third party couldn’t get access to this file without physical access to your computer or your iPhone. Not unless you’ve jail broken your iPhone and didn’t bother resetting its remote-access password…or there’s an unpatched exploit that would give Random Person On The Internet root access to your phone.
  • It’s pretty much a non-issue if you’ve clicked the “Encrypt iPhone Backup” option in iTunes. Even with physical access to your desktop, a no-goodnik wouldn’t be able to access the log file.

So it’s unlikely that anyone will get this information from you unless they actually steal your hardware. If they do steal your hardware, you probably have bigger fish to fry anyway. This technology isn’t accurate enough to put you in the parlor with the candle stick because it wasn’t designed for that. When I looked at my log it couldn’t even put my in the right county in a lot of cases.

The Real Problem

Will this affect anyone else besides the neck-beards and the tech-blog pageview whores? At what point is this broken for the normal user? The answer is at the interface level, which is trouble for Apple because interface is their bread and butter.

As I see it, the real problem lies in iPhone iOS Location Services Preference Panel:

iPhone iOS Location Services Preference Panel

One of the golden rules of usability is don’t make promises you can’t or won’t keep. The Location Services Preference Pane in iOS makes an implicit assertion that you can eliminate location services, full stop. There’s no asterisk or other hedging language here. It just says ON/OFF. If I slide that to OFF I’m now operating under the auspices of geo-privacy.

In what universe would the expected behavior of switching this setting to OFF not turn off a historical log tracking my location? I don’t know, but it’s certainly not this one.

At least it wasn’t until now.

Apple is known globally for setting exacting expectations and then meeting them. It’s made them tens of billions of dollars and earned them a legion of brand advocates. User interfaces that set and meet expectations well over and over build trust with users. Doing it across an multiple product lines for a decade builds that elusive UX magic they’re known for.

I trust an Apple product to be worth my hard earned cash because of a track record of putting their users first and making interfaces that do what I want and what I expect. (They actually put themselves-as-users first and everyone else be damned, but that’s a subject for another post.)

Having this preference screen flat out not work is bad and chips away at their UX. It hurts my likeliness to recommend an iPhone over something else. (Android collects this information in the exact same way, but it doesn’t keep a historical log of it. It sends it off to Google and then deletes it.)

The security threat from this location tracking log for most users is slim to none, because most user are not jailbroken and storing unencrypted backups. It certainly doesn’t affect me.

My problem with the iPhone location tracking log is that there is a user interface on the iPhone that specifically says I can opt out of behavior like this and it doesn’t work. That’s bad UX and bad UI design. This is a big ball-drop in an area that is Apple’s core strength, and they need to fix it ASAP.


Apple’s Q&A response style press release on this topic came out this morning.

The iPhone is not logging your location. Rather, it’s maintaining a database of Wi-Fi hotspots and cell towers around your current location, some of which may be located more than one hundred miles away from your iPhone, to help your iPhone rapidly and accurately calculate its location when requested. Calculating a phone’s location using just GPS satellite data can take up to several minutes. iPhone can reduce this time to just a few seconds by using Wi-Fi hotspot and cell tower data to quickly find GPS satellites, and even triangulate its location using just Wi-Fi hotspot and cell tower data when GPS is not available (such as indoors or in basements). These calculations are performed live on the iPhone using a crowd-sourced database of Wi-Fi hotspot and cell tower data that is generated by tens of millions of iPhones sending the geo-tagged locations of nearby Wi-Fi hotspots and cell towers in an anonymous and encrypted form to Apple.

They aren’t tracking squat. the files everyone has been freaking out about are a subset of a massive WiFI hotspot and cell tower database that the phone stores locally for performance reasons.