Apple just issued its first public statement regarding the iPhone location tracking scandal -- it's a 10-question Q&A that opens directly with "Apple is not tracking the location of your iPhone." The company goes on to say that the controversial location data stored on the iPhone is actually a cache of crowd-sourced WiFi and cell tower positioning data that's used to speed up GPS calculations and locate the phone when GPS satellites aren't available. It sounds reasonable -- Apple switched from Skyhook to a proprietary WiFi and cell positioning system in iOS 3.2, and the phone needs to maintain a cache so it can locate itself quickly.
We're also told that the iPhone's propensity to continue updating its location cache even after Location Services are turned off is an iOS bug, as is the sheer size of the location cache -- over a year in some cases. Apple says an iOS update due in "the next few weeks" will reduce the size of the on-device cache to just seven days and delete it entirely when Location Services are turned off. The update will also stop backing up the cache to your computer, which will make apps like the now-infamous iPhone Tracker much less useful. Apple also says that the next major iOS release will also encrypt the cache, and that it's currently collecting anonymous traffic data so it can launch an "improved traffic service in the next couple of years."
All of this makes perfect sense -- and we certainly applaud Apple's forthright tone and promises to take corrective action -- but we've still got some lingering questions. First, the exact relationship between the location cache downloaded to the phone and the phone's current location is still a little unclear. Apple says the iPhone doesn't track your location, but it certainly appears that the net result of updating a "database of WiFi hotspots and cell towers around your current location" with user-specific timestamps comes awfully close to... tracking your location. And let's talk about those timestamps -- why does the iPhone append user-specific timestamps to location data? They're what make this whole thing creepy, after all; a big list of nearby WiFi hotspot and cell tower GPS coordinates that's disconnected from user activity wouldn't have raised any eyebrows. We've got a number of theories -- network troubleshooting, that traffic monitoring system -- but a specific explanation from Apple would go a long way. Let's hope we learn the answers to those questions when Apple goes to Congress for questioning on the matter.
Overall, though, it appears that Apple's next iOS update will address the majority of the issues. Removing the unencrypted location cache from your computer will solve the biggest immediate problem, and reducing the size of the on-device cache to just seven days will address some of the privacy concerns, as will the ability to disable the caching entirely. Encrypting the on-device database in the next major update should take care of the rest -- at least until the next minor scandal breaks out, anyway. In the meantime, you should definitely encrypt your iPhone backups in iTunes, if you haven't already -- a little peace of mind is just a checkbox away.