QA: Jobs and Apple Execs on Tracking Down the Facts About iPhones and Location
Although Apple was silent for several days after researchers raised issues about location information being stored on the iPhone, that wasn’t because it was ignoring the issue.
Apple CEO Steve Jobs told Mobilized that the company wanted to figure out exactly what was and wasn’t happening, and then figure out the best way to explain a complex set of issues to its customers.
“We’re an engineering-driven company,” Jobs said in a telephone interview Wednesday. “When people accuse us of things, the first thing we want to do is find out the truth. That took a certain amount of time to track all of these things down. And the accusations were coming day by day. By the time we had figured this all out, it took a few days. Then writing it up and trying to make it intelligible when this is a very high-tech topic took a few days. And here we are less than a week later.”
During the phone interview, Jobs and senior vice presidents Phil Schiller and Scott Forstall talked about what information the iPhone is and isn’t collecting, some lessons learned and the need for the industry to do a better job of explaining things to customers.
Jobs declined to say whether he thought Google or others needed to do a better job on privacy issues, but did note that Apple’s approach is different.
“Some of them don’t do what we do,” Jobs said. “That’s for sure.”
Jobs said that the company is leading the way when it comes to privacy and said Apple looks forward to testifying before any congressional inquiries on such issues. During the talk, the execs also touched briefly on the release of the long-delayed white iPhone. Also, Jobs declined to comment on when he might return full time to Apple.
Here is an edited transcript of the interview:
One of the challenges here is that, by their nature, location-based services require location information, but that information is highly sensitive and can be used in a lot of ways. How does Apple approach this balance?
Jobs: I think we do two things. Number one is we get consent from users if we are going to use location, or we never use location. That’s what we do. It’s very straightforward.
We haven’t been tracking anybody’s location and the files they found on these phones, as we explained, it turned out were basically files we have built through anonymous, crowdsourced information that we collect from the tens of millions of iPhones out there.
We build a crowdsourced database of Wi-Fi and cell tower hot spots, but those can be over 100 miles away from where you are. Those are not telling you anything abut your location. That’s what people saw on the phone and mistook it for location.
Is there anything that you guys have learned over the last week or so and take away from this?
Forstall: One thing I think we have learned is that the cache we had on the system–the point of that cache, is we do all the location calculations on the phone itself so no location calculations are done separately. You can imagine in an ideal world the entire crowdsourced database is on the phone and it just never has to talk to a server to do these calculations (or) to even get the cache.
What we do is we cache a subset of that. We picked a size, around 2MB, which is less than half a song. It turns out it was fairly large and could hold items for a long time.
We had that protected on the system. It had root protection and was sandboxed from any other application. But if someone hacks their phone and jailbreaks it, they can get to this and misunderstand the point of that.
It’s all anonymous and cannot be traced back to any individual phone or person. But we need to be even more careful about what files are on the phone, even if they are protected.
Jobs: As new technology comes into the society there is a period of adjustment and education. We haven’t, as an industry, done a very good job educating people, I think, as to some of the more subtle things going on here. As such, (people) jumped to a lot of wrong conclusions in the last week. I think the right time to educate people is when there is no problem. I think we will probably ask ourselves how we can do some of that, as an industry.
A bunch of folks on the regulatory side, both in the U.S. and elsewhere, said they are going to look into this. Do you guys plan on testifying before Congress? How active do you personally and does Apple want to be?
Jobs: I think Apple will be testifying. They have asked us to come and we will honor their request, of course. I think it is great that they are investigating this and I think it will be interesting to see how agressive or lazy the press is on this in terms of investigating the rest of the participants in the industry and finding out what they do. Some of them don’t do what we do. That’s for sure.
It seems like one of the issues is on the app level. You have apps that do as little, on the Android side, as providing battery information and want access to the dialer and location information. Do you think consumers ought to be paying attention to the individual apps they are using and what sorts of permissions those apps (require)?
Jobs: We think so, and that’s why we were the first to institute a procedure that cannot be worked around by applications where if any application wants access to location data, it has to ask the user first. It has to get the user’s permission on a per-application basis.
You mentioned in the statement today that Apple is using the collective location data to build a collective traffic database. At our D8 Conference last year you talked about the importance of full disclosure by the industry. Do you think Apple and other companies need to let people know specifically what you guys are doing with the information and choose whether to participate in these commercial projects, or do you think Apple and others should have fairly broad use of anonymized data?
Jobs: If people don’t want to participate in things, they will be able to turn location services off. Once we get a bug that we found fixed, their phone will not be collecting or contributing any crowdsourced information. But nor will it be calculating location.
Schiller: Sometimes it helps people to understand an analogy that describes what these things are like because they are so new. I would think an analogy of a crowdsourced database is every time you walk into a retail store, many retailers have a clicker that counts how many people come in and out of the store. Nobody really cares about that because it is completely anonymous. It is not personal data. It is not anything to worry about. It’s not something that people feel is private because it is really not about them. It’s a coagulated total of all traffic. These crowdsourced databases are sort of like that.
Things like that aren’t so scary when you think about them in everyday terms.
Is traffic the only thing you are using that collective data for, or do you have other plans?
Jobs: We mention the traffic service and I think that is all we are going to mention at this point in time before we have something to announce.
But you are not saying that is the only thing you might use it for?
Jobs: We are building a crowdsourced database based on traffic and that is what we are saying.
Is there a need for any finer level of control, or is the on-off switch the right way to go?
Forstall: We are really vigilant about privacy and location and we have worked really hard to make the experience as transparent as possible and give the user full control. As you say, whenever any user wants any application to access their location, the user has to approve that on a per-application basis. That’s even true for Apple’s built-in applications.
In addition, whenever any application uses location, an indicator appears in the status bar. In settings, you can see a list of every single application on the phone that a user has approved for location and the ones that they have not approved for location. They can actually go and turn it off temporarily for an app, if they like. In addition, any application which has used location within the last 24 hours is shown, with an indicator in settings. So a user can know which applications that a user has approved for location have actually used location recently. We think this is incredibly fine grain and the best out there.
Steve, how active have you been in examining this issue over the past couple of weeks?
Jobs: It hasn’t been a couple of weeks. This all started last Wednesday and we put out our response this morning. It took us slightly less than a week. Scott and Phil and I have worked together over this last week, first to investigate the problem.
We’re an engineering-driven company. When people accuse us of things, the first thing we want to do is find out the truth. That took a certain amount of time to track all of these things down. And the accusations were coming day by day. By the time we had figured this all out, it took a few days. Then writing it up and trying to make it intelligible when this is a very high-tech topic took a few days. And here we are less than a week later.
I was curious if you have an ETA about when you would be coming back full time?
Jobs: Look, we’re here to talk about location today, not me.