Apple faced pressure Thursday to respond to claims that its iPhone 4 records sensitive location data, which is transferred and stored on a user's computer in an unprotected and unencrypted format.
At a technology conference on Wednesday, Alasdair Allan and Pete Warden, two British researchers, said a program on the smartphone records location information and a time stamp, which are then uploaded to a user's hard drive.
The news prompted several U.S. politicians to send queries to Apple asking for clarification, including Edward Markey, a Republican congressman from Massachusetts.
"I am concerned about this report and the consequences of this feature for individuals' privacy," Markey wrote, in a letter addressed to Steve Jobs.
Markey asked the company to explain whether the reports are true, why the company installed the software and how it intends to be used.
Democratic Senator Al Franken sent a similar letter on Wednesday.
In an email Thursday, a spokesperson for Canadian privacy commissioner Jennifer Stoddart said "we're following this with interest."
"The issue concerns location-based information, which can be very sensitive personal information," senior communication adviser Valerie Lawton wrote in an email, adding that so far, the organization had not received any complaints.
Attempts to contact Apple were not successful, and the company has not issued a statement about the claims.
Privacy and security concerns
Michael Geist, a law professor from the University of Ottawa, said the tracking software is a worrying development.
"I think there are privacy concerns and security concerns that the information itself is stored in an insecure, unencrypted matter, making itself potentially vulnerable to hackers and to fishing expeditions by law enforcement," he said.
Geist, who also serves on the Canadian privacy commissioner's expert advisory panel, said he was able to retrieve his own location data using his iPhone 4.
"It's stunning to see literally everywhere you've gone over the last few months plotted on a map," he said.
Allan and Warden have set up a website detailing how the information is recorded, where it can be found and steps that can be taken to protect the information, including encrypting the data.
In a blog post on O'Reilly Radar, a technology website, they said the data collection feature seems to have first appeared with the release of iOS 4 in June 2010.
Allan and Wardan said the data is not transmitted anywhere else, but is normally stored in an unprotected format. It is also transferred to a new Apple phone when that device is synched up with the computer.
"We're not sure why Apple is gathering this data, but it's clearly intentional, as the database is being restored across backups and even device migrations," they wrote.
Beyond expectation of consumers
A BBC News online article suggests users may be tacitly consenting to the disclosure of this information.
Apple posts its terms and conditions on its website.
"We may collect information such as occupation, language, zip code, area code, unique device identifier, location and the time zone where an Apple product is used so that we can better understand customer behaviour and improve our products, services and advertising," the document says.
However, Geist said the company needs to do more to be transparent about how it collects personal information.
"We're talking about tens of millions of people who are affected. Even if it is within the strict letter of the law, I think this runs outside the expectation of most consumers," he said.
Geist said he expected to see governments in the U.S. and Canada take a more active role in the days to come.
"I think we're going to see some real action here," he said.