by Sam MacKenzie (2014 cohort)
With continually increasing power in our smart phones, there is increased information at the tips of our fingers. However, as with all advances in technology, the question of convenience versus security arises. How much information about ourselves should we be willing to release to technology?
One big development over the last few years is location services. We are told where the nearest restaurants are, what the weather is and how far from home we are. Although this is incredibly convenient, there is a tradeoff; our phones monitor where we are at all times (Henry, 2013). The location data maintained by our phones are potentially a threat to our security. Before we worry about these potential dangers of location services, let’s take a look at how it works.
How Location Services Works
Apple iOS uses a three-stage algorithm in order to determine location through location services (Warner, 2012). The iOS system initially tries to find your location through a GPS satellite link. If the system cannot acquire a satellite, iOS attempts to use Wi-Fi. The final option for the system is the use of cellular tower data. If all of these options fail, then an error message pops up saying that the phone could not determine your location.
Apple keeps a detailed history of the users’ geographical locations on the phone in an unprotected file (Chen, 2011). In 2010, Apple’s general counsel explained its location-data-collection techniques. Apple only begins to track and transmit geodata when a customer turns on the location services in the settings. When the location services is off, no data is collected (B. Sewell, Senior Vice President of Apple, letter written on July 12, 2010).
Simply turning on location services under the iPhone’s settings constitutes agreeing to the terms and conditions, which may sacrifice some aspects of security for the user. Although it is incredibly unlikely that you have read all of Apple’s terms and conditions when you first got your iTunes or smartphone, it is important to recognize some of the potential dangers outlined in the fine print.
Apple claims the geodata is stored on the iOS device until it is transmitted over an encrypted Wi-Fi system to Apple (Chen, 2011). Thus, Apple cannot use this data to personally identify the iPhone user. Apple maintains that the purpose of storing the geodata is to provide quicker and more precise location services by maintaining a comprehensive location database. This means that the next time you are determining your location, the iPhone can pull from Apple’s database containing location data in order to more quickly find your location.
The problem is that the location data remains on the user’s iPhone in a file called “consolidated.db” (Mulazzani, Huber &Weippl, 2012). One cool aspect of this is being able to go onto your phone and see the different locations to which you have traveled. Unfortunately, with this information, a thief could also potentially figure out where you live and the places you often go. This is a serious security issue for people who care about their location privacy.
Furthermore, this location data could be available to anyone with “physical or remote access to your iPhone” (Chen, 2011). The idea that remote access to an iPhone could yield location data is very dangerous. When the iCloud hackings from just a few months ago are considered, it is especially a scary thought. Not only would the hackers have access to private photos taken by the celebrities, they would also be able to access location data. This is an important reason to have a secure iCloud account and to not release your personal information.
In order to explore the uses and dangers of location services, let’s think about a day in the life of one fictitious college student named Paige:
Paige is a senior at Vanderbilt University living in an apartment off campus. She wakes up one Friday morning and immediately checks her phone for the weather. She doesn’t need to update her location on her phone because the location services automatically looks up the weather for her current location, which is Nashville. It looks like it is going to be a beautiful day.
On her way out the door, Paige admires her small apartment. She is especially fond of an antique mirror, of which she has taken many pictures that she posted onto Flickr. Before leaving, Paige enters her school’s location into her phone and notices that there is a Starbucks only a block out of her way. Her phone tells her the walk will not be too long and she stops for a coffee knowing she will not be late. She loves her new iPhone
Paige excitedly anticipates for Friday night when she has plans to go to dinner and a movie with some of her girl friends. They are going to a nice restaurant in Franklin, Tennessee, followed by a trip to see a newly released movie. When it is finally time for Paige and her friends to go, they pile into Paige’s car and make the 30-minute trek to Franklin.
At the restaurant, Paige and her friends take a few pictures. One of the girls posts a picture to Facebook and tags all the other girls. After a delicious meal, the girls head to the movies. While waiting in line to purchase movie tickets, Paige tweets about her excitement for the movie and how long the line is to get into the theatre.
Late that night, Paige drops off her friends and finally heads home. It’s been a long, but very fun Friday for her and her friends. As soon as Paige walks in, she notices that her apartment has been robbed. A thief broke into her apartment and stole some of her valuables including her highly valued mirror. Paige attributes the robbery to bad luck, but in reality, there are some things she should have done to better protect herself.
Paige used location services frequently, even in cases where she might not have realized it. Although she used the location services system many times in beneficial ways, she also put out a dangerous amount of information about herself of which she should be more wary. Because Paige released location data about herself, a thief was able to reason that she was not in her apartment and took the opportunity to rob her. Had Paige been more aware of the dangers involved with geotagging and social networking, she might have been better able to secure herself.
Let’s break down geotagging: Geotagging adds GPS coordinates to things posted on smart phones, often without the poster even knowing about it (Komando, 2010). Although the consequences may not always be dire, geotagging can be a threat to privacy and security in peoples’ lives. People need to use discretion when posting photos of their loved ones at private locations because of potential hackings that can occur as previously discussed. Unintentionally providing information to a criminal to get to your house and family can be done through geotagging.
In Paige’s case, geotagging may have been potentially dangerous to her in a few different ways. A photo taken on an iPhone automatically geotags the photo and Instagram and Twitter can have posts geotagged (Flatow, Naaman, Xie, Volkovich & Kanza, 2014). If Paige did not take the proper steps to protect herself while posting photos in her apartment, it is no wonder that robbers targeted her. Photos taken on Flickr can also be geotagged, and Paige’s photo of her antique mirror may have led the robber straight to her apartment.
Another aspect to strangers finding information about the sender is social networking. Many of these problems converge on the most popular social media site in the world: Facebook (Profis, 2011). Unless this service is turned off, every post, whether a status or a picture, on Facebook automatically geotags the photo and includes the poster’s location with the status or picture. Although this is may not seem to be a big deal, the more information posted onto social media, the easier it is for a map to be made of your locations and activities. Beware of the layers of information you leave about yourself online.
In Paige’s case, Facebook very well may have contributed to her being targeted by a robber. Paige being tagged in her friend’s photo could have been her downfall. The photo that the friend posted would have automatically included the location, which was Franklin. Had the robber known both the location of Franklin and of Paige’s apartment, they would have known that the dinner would last a good amount of time including the 30 minutes it would take to drive all the way back to her apartment.
The photo on the left shows a Facebook status that is about to be geotagged in San Francisco. In Paige’s case, the photo she was tagged in was geotagged in Franklin, Tennessee. Although she was not too far from home, the robber may have been more comfortable breaking into Paige’s apartment when he was sure she would be gone for a stretch of time. Furthermore, had the robber followed Paige on Twitter, he would have known that she was at the movies and that he would have at least a few hours to break into her apartment.
A few steps should be taken to protect oneself from the potential dangers of Facebook use. Most social media sites have a range of security settings to protect the user. On Twitter and Instagram the user can control who follows them, and on Facebook users have access to many security settings including de-friending and blocking other users. It is also worth the effort for college students to look through their friends list and start to get rid of all those old and unknown friends who you would prefer not to have access to your information. Keeping your social medias on private mode will be beneficial to avoid any unwanted attention.
Flickr is an image hosting site that was created in 2004 and offers special privacy settings to protect its users from the potential dangers of geotagging. Flickr offers the ability to set up “geofences” that add an extra layer of security inside a certain boundary that the user can set up (Ryan, 2011). An example of this would be someone setting the fence around their home so that any picture taken within 10 miles of their home automatically erases the geotag. This way, pictures taken at interesting places outside of the geofence will still be geotagged for the viewer’s benefit, but pictures taken within the geofence will remain hidden. Most social media sites, like Flickr, will offer increased security settings to protect the users.
One reason why there are vulnerabilities in smartphones is because of how powerful they have become. There is so much data available in the ever-expanding world of smartphones; the security solutions are lagging behind the potential risks. This is because the security solutions were designed for smaller data systems and cannot handle the “scale, speed, variety and complexity of big data” (Kshetri, 2014). Developers focus so much on enhancing the capabilities of the smart phone, but these new features and data increase the chance of security breaches.
One lesson that should be learned from the history of cryptography is the underestimation of the enemy. This means that you may think, “what does it matter that some criminal may have location data about me?” But in reality, you shouldn’t be so relaxed about releasing this data. There is simply no way of knowing what new form of attack the criminals will use to accumulate information about victims and what they will do with that data.
My advice to the average college student is to take advantage of the benefits that location services provides. Use your phone to look up the weather much quicker and to check in at a cool location. However, also be aware of the potential trade-offs that may occur when this technology is being used. By turning your location services on in your iPhone, you are giving up privacy in exchange for convenience. If you decide that the benefits of location services do not outweigh the risks, keep your location services turned off and be confident that your location remains private.
Henry, A., PSA: Your Phone Logs Everywhere You Go. Here’s How To Turn It Off. Lifehacker.
Warner, T., Understanding iOS Location Services. QUE.
Chen, B., Why and How Apple Is Collecting Your iPhone Location Data. Wired.
Mulazzani, M., Huber, M., & Weippl, E., 2012. Social Network Forensics: Tapping the Data Pool of Social Networks. SBA-Research.
Komando, K., 2010. Location Services Pose Huge Security Risks. USA Today.
Flatow, D., Naaman, M., Xie, K., Volkovich, Y., & Kanza, Y., 2014. On the Accuracy of Hyper-local Geotagging of Social Media Content. Scirate.
Profis, S., 2011. How to Stop Facebook From Sharing Your Location. CNET.
Ryan, J., 2011. Flickr Intoduces Geofences To Protect User Location Privacy: Social Media Privacy Report. Private Wifi.
Kshetri, N., 2014. Big Data’s Impact on Privacy, Security and Consumer Welfare. Science Direct.
Sharon Vaknin (Photographer and poster). (2011). Screen shot. Retrieved on: December 9, 2014.