Call me old fashioned: I like to track my spending habits by writing down (with a pen and paper — more recently OmniOutliner) my purchases. The purpose in tracking your expenses by hand is so you can better verify your purchases against paper or digital statements you get in the middle or at the end of each month, and it also has the side-effect of making you better aware of the money you’re actually spending. If you’re buying a Starbucks coffee everyday, you’re running upwards of $150 a month, minus the lunch you eat out (an additional $400+ if we take $15 meals into account) and evenings spent out at the bar. Money adds up, and that’s not realized when you’re letting a computer do a lot of that work for you. Maybe you can afford it, but imagine how much money you could save to spend on all the awesome iOS apps we review? See.

(more…)

Yesterday I stumbled upon a Tumblr blog that, in spite of the subject, made me laugh for a few minutes. The “This Guy Has My MacBook” blog by Joshua Kaufman had pictures of a man using a computer that was stolen from Kaufman back in March — the photos, the descriptions and the fact that this man was using a MacBook not knowing the whole Internet was looking at him were kind of hilarious. All of this in spite of the fact that, yes, that was about a guy who just wanted his MacBook back.

Soon after I found out about Kaufman’s blog, the thing went viral as dozens of other websites picked it up and wrote about this guy monitoring his Mac’s thief using Hidden, a Mac app that’s a great tracking tool which can remotely snap photos through the iSight, take screenshots, grab location and send you other detailed information about your stolen computer. As the Internet began spreading the link and the photos, I had a feeling the Oakland Police Department had to do something — Kaufman’s originally wrote on his blog OPD couldn’t help him due to “due to lack of resources”. A few hours later, Kaufman tweeted that OPD had successfully taken in the computer and arrested the thief who, by the way, was a taxi driver, hence the pictures of a MacBook inside a car (one of the mysteries when the blog became popular yesterday).

Update: (May 31, 8:37 PM PST) ARRESTED! An Oakland police officer just called me to let me know that they arrested the guy in my photos! BOOYA! The police used my evidence (email which pointed to a cab service) that he was a driver and tricked him into picking them up. Nice work OPD!

Kaufam’s story is yet another example of how important it is nowadays to consider the installation of tracking and recovering software on our Macs. Apple provides a great, free solution on the iPhone and iPad that’s called Find My iPhone which is rumored to be coming to the Mac as well with Lion, but in the meantime I would recommend the aforementioned Hidden and the excellent Witness to detect motion in your room through an iSight and receive photos of what’s happening in front of your computer. The story also reminded of a popular YouTube video about a hacker that explained how he tracked down his old Mac years after it was stolen thanks to a background daemon like DynDNS that automatically finds a computer’s IP and associates it with a web address as soon as it’s connected to the Internet. It’ a great story, different from Kaufman’s — make sure to watch the video after the break if you missed it.
(more…)

At a U.S. Senate hearing this morning entitled “Protecting Mobile Privacy: Your Smartphones, Tablets, Cell Phones and Your Privacy”, Apple’s Vice President of Software Technology Guy L. “Bud” Tribble offered his remarks about Apple’s privacy policy, location tracking system implemented in iOS devices and App Store app control, reiterating many of the points already explained by Apple two weeks ago in the Q&A on Location Data.

As summarized by AppleInsider, Tribble testified before Senate members that Apple doesn’t collect personal information about its users nor does the company share any information with advertisers — rather, the cache file that was discovered by security researchers (which was incorrectly large in size and backed up to a computer during the sync process) is meant to store information about nearby cell towers and WiFi hotspots to enable iPhones and iPads 3G to quickly get signal without having to rely on real-time GPS data all the time. This is a crowd-sourced database that Apple keeps in a small amount on every device as an offline cache — personal data and device identifiers are never sent to Apple, Tribble explained.

Sen. Al Franken also asked both Apple and Google representatives at the hearing whether the two companies could add a fixed privacy policy to their app marketplaces to ensure users always know how their personal data is being treated, and what’s going on behind the scenes of an app. Tribble replied a privacy policy in App Store apps wouldn’t be enough as users are likely to skip that every single time — and that’s why Apple believed that adding actual graphical elements to the user interface would be a better, and more elegant solution to inform users about the usage of Location Services. In iOS, an icon in the status bar indicates when an app is sharing your location; every app must ask a user to share his location through a dialog box; in the Settings, users can revoke location access on app-by-app basis and manage other location preferences as well.

Tribble also went on to explain Apple does random audits on App Store apps and follows the tech press and iOS community to find out which apps are violating the privacy rules:

The Apple executive also detailed how his company conducts random audits on applications to make sure they’re playing by the rules. He admitted that Apple does not audit every single one of its 350,000 iPhone applications, just like it would be impossible for the federal government to audit every single taxpayer. Apple also keeps an eye on blogs and its “active community” of application users for potential violations. If a violation is discovered and the issue cannot be resolved, applications will be removed within 24 hours and the developer will be notified.

In most cases, Tribble said, developers quickly correct the issue, as they want to keep their application available in the App Store.

Tribble was joined today by Google’s Alan Davidson. A video of Senator Franken’s opening statement is embedded after the break. (more…)

Apple may have fixed the iPhone’s location tracking issues with the recent iOS 4.3.3 update, but The New York Times’ Research and Development Lab thinks this location data is still valuable in the way it provides users and researchers an historical archive of devices’ cellular triangulation points and WiFi hotspot databases. The NYT Labs, the same folks behind innovative iPad news reader News.me, have developed and released a web application called OpenPaths that allows iPhone users to register and anonymously share their location database. The web tool, available here, is touted as a way to ”securely store, explore, and donate your iOS location data”, Nick Bilton at The New York Times Bits blog reports. While it’s unclear how the web app works with the latest iOS software update (which stops iOS devices from backing up the location database to a computer, but still keeps an unencrypted copy stored on device), OpenPaths apparently finds a way to obtain this location data and reorganize it in a beautiful interface that also enables you to navigate maps, set specific times of a day, and browse by date.

People who participate in the project are asked to upload location information from their phone, which is then made anonymous and added to a database with the data from every other upload. People can then browse their own location data on an interactive map. At a later date researchers will be able request access to the collection of location uploads.

As for privacy concerns in regards to OpenPaths, the website’s homepage explains how the system works:

Our upload system is completely anonymous. We store your location data separately from your user profile. It is only with your express permission, combined with a unique passcode that only you know and that openpaths does not store, that we release your data to whom you approve. You will always have control over how much of your information is shared.

The main focus of OpenPaths is that of enabling you to donate your data to researchers around the world working on problems like “disaster preparedness, traffic flow, urban planning, and disease transmission.” You can choose to grant researchers access to portions of your data, or skip the process entirely and keep everything for yourself for personal purposes. It’ll be interesting to see whether this NYT Labs project will gain traction in the next weeks, and if future iOS updates will break its functionality with further location database encryption. In the meantime, you can sign up for OpenPaths here.

According to BGR, Apple is looking to roll out an iOS 4.3.3 update within two weeks and “possibly sooner” which, as previously announced, will improve the way iPhones and iPad 3G models handle the location database file required to quickly fetch nearby antenna and WiFi hotspot information.

We’ve been sent the OS and while we haven’t loaded it on our iPhone just yet, here is what we have been told it will address:

- The update will no longer back up the location database to iTunes.

- The size of the location database will be reduced.

- The location database will be deleted entirely when Location Services are turned off.

The website also reports iOS 4.3.3 will address battery life issues and introduce iPod bug fixes. On March 21st, BGR reported iOS 4.3.1 would be released within “one or two weeks” and they made a similar prediction for iOS 4.3.2, which came out on April 14th. Apple announced in its Location Tracking Q&A that an update coming out in the “next few weeks” would fix several bugs related to location tracking. With BGR posting a screenshot of the final firmware file, it’s very likely that Apple will release the update later this week.

Sometime in the next few weeks Apple will release a free iOS software update that:

- reduces the size of the crowd-sourced Wi-Fi hotspot and cell tower database cached on the iPhone,

- ceases backing up this cache, and

- deletes this cache entirely when Location Services is turned off.

In the next major iOS software release the cache will also be encrypted on the iPhone.

Update: as pointed out by one of our readers, the image above confirms build number of the new OS will be 8J2.

Apple has today responded to the intense media scrutiny over the iPhone and 3G iPad location log that researchers claimed logged extensive data, by posting a lengthy Q&A response. Jump the break for the full Q&A.

In its response Apple categorically states that “Apple is not tracking the location of your iPhone” and differentiates that the location log exists as a database to of Wi-Fi hotspots and cell towers around your current location so that when requested, current location data can be given quickly without waiting on the GPS which can take “up to several minutes” to calculate. By leveraging on Wi-Fi hotspots the iPhone can triangulate its location “within seconds”, these calculations are done with a crowd-sourced database of Wi-Fi hotspots and cell tower data that is “generated by tens of millions of iPhones sending geo-tagged locations of nearby Wi-Fi hotspots and cell towers in an anonymous and encrypted form to Apple.”

A portion of the crowd-sourced data (relevant to your location) is downloaded to the iPhone, and is left unencrypted – this is what the researchers discovered. “The location data that researchers are seeing on the iPhone is not the past or present location of the iPhone, but rather the locations of Wi-Fi hotspots and cell towers surrounding the iPhone’s location, which can be more than one hundred miles away from the iPhone”.

However Apple notes there are several issues that they plan to address in a coming software update in the coming weeks. These include ceasing the practice of syncing that location cache to a computer, reduce the size of the crowd-sourced Wi-Fi hotspot and cell tower data stored on the iPhone and delete the cache when Location services is turned off. The cache will also be encrypted on the iPhone in the software update.

Apple also addresses related privacy concerns, noting that “Apple will continue to be one of the leaders in strengthening personal information security and privacy.”. In particular it states that it does build a crowd-sourced traffic database but this is anonymised, as is everything else sent to Apple and as such can not be used to identify individual users. Furthermore third parties gain access to crash logs (which are anonymised) and the iAds system can use location to target specific ads, but this information is not sent to advertisers.

Jump the break for the full Q&A.

(more…)

Following yesterday’s debate on a file discovered by two security researchers that keeps track of your entire location history in the form of cellular triangulation data stored unencrypted in the iPhone’s backup, Daring Fireball’s John Gruber weighed in to suggest this might be a simple bug or “an oversight” on Apple’s part. He claims that a “little-birdie” told him the consolidated.db file acts as a cache for your location, and it’s not meant in any way to be used by Apple to track your location history and moves; the file is never sent to Apple’s servers, but is kept locally on your 3G device and on your computer — if you decided to back up an iPhone or iPad using iTunes. Moreover, the location data doesn’t rely on accurate GPS information — instead, it uses antennas’ triangulation, meaning that in most cases data can be miles off your actual location on a specific day.

The big question of course, is why Apple is storing this information. I don’t have a definitive answer, but my little-birdie-informed understanding is that consolidated.db acts as a cache for location data, and that historical data should be getting culled but isn’t, either due to a bug or, more likely, an oversight. I.e. someone wrote the code to cache location data but never wrote code to cull non-recent entries from the cache, so that a database that’s meant to serve as a cache of your recent location data is instead a persistent log of your location history. I’d wager this gets fixed in the next iOS update.

iOS 4.3.2 was released last week, and Apple might push a 4.3.3 software update relatively soon to “improve overall stability” and introduce “bug fixes” — as they usually write in their changelogs for this kind of updates. Apple PR hasn’t issued a statement about the discovery of this location tracking system for iPhones and iPads 3G, but the story has quickly made the rounds of the Internet and ended up on mainstream media as well. If it’s really a bug, or an oversight, a software update should be the easiest solution to the problem.

An interesting mix between third-party Twitter app Birdbrain and Ego for iOS, Follows is a new app for the iPhone aimed at collecting and displaying data from your social profiles on a variety of services. Currently, the app supports stats coming from Twitter, Facebook, Feedburner, MySpace, Vimeo, YouTube, Flickr, and LinkedIn.

While Birdbrain goes really in-depth in the way it aggregates and displays Twitter data over time and Ego is more geared towards website owners with Mint and Google Analytics integration, Follows offers a lightweight approach at gathering statistics from the supported services such as view counts, followers, visits and subscribers. From the main, dark-styled dashboard, you get a quick recap of all your online profiles with a series of tabs allowing you to get a more detailed look at numbers and graphs. It sounds complicated, but it’s not. Instead, Follows wants to be an easy way to, say, see how many people follow you on Twitter or are subscribed to your RSS feeds or, again, have liked your Vimeo videos. Plus, it’s a free app.

Once authenticated with the services (you can add multiple usernames for each one of them), everything goes into the main screen. Tapping on an item will display a different single view with additional stats (for Twitter, total amount of tweets, favorites, people you’re following) and two graphs depicting your “social growth”. The system works the same for all the services integrated into Follows. The app is fast at fetching updates and the latest version (released today) fixed an issue with the app crashing as you selected dashboard items.

Follows isn’t as full-featured as Ego (especially for bloggers) or Birdbrain when it comes to Twitter, but it gets its job done. The design is elegant and minimal, and in-app purchases allow you to remove ads and unlock “custom URL tracking”. It’s a free download in the App Store.