iPhone app unwittingly transmits location data

Recently, it came to light that an iPhone app, Pumpin Maker, gathers location data without asking users’ permission. Greystripe, a US advertising network, has found a way to circumvent the Apple’s protocol that states that user approval must be sought before an app can determine the current location. The developer of Pumpkin Maker stated he used Greystripe’s software to build his app. That is common practice: applying such kits make it easier for developers to serve ads with their app to help recoup their investment in their (free) apps. For advertisers, a user’s location is valuable information because the location can be used to better target ads.

The common means for determining an iPhone’s location is to use the GPS signal. When apps want to check and use their location, they need to asks for the consent of users.

However, the IP address can also be used to determine the phone’s location. For computers, this is the usual method. It is also Greystripe’s way of finding out where you are. This way, Greystripe slips through the net of Apple’s APIs. The method is a lot less discriminate than is GPS, however. In a Wall Street Journal test, the iPhone’s location was determined with an accuracy of up to five kilometres, compared to about six meters that is common for GPS.

A spokesperson of Greystripe claimed not to do anything wrong and to operate in compliance with Apple’s rules.

It is not known how widespread this practice is. Of the 101 apps that the Wall Street Journal tested, Pumpkin Maker was the only to gather location data without a user opt-in.