While Apple has been taking a beating for holding onto a big file of iPhone users’ location data, Skyhook Wireless CEO Ted Morgan tells us Google is actually much “more aggressive” in tracking Android users.We spoke with Morgan yesterday to get a better idea about what’s going on with the mobile location data scandal. Morgan’s business is gathering location data through mobile phones, just like what Google, Apple, and Microsoft are all doing now.
His business is threatened by Apple, Google, and Microsoft gathering mobile location data, since that’s what Skyhook does. So his opinion on the matter isn’t going to be entirely impartial. Further, Morgan is not keen on Google, and is currently suing the company for shutting Skyhook Wireless out of contracts with handset makers.
But nobody understands what’s going on in the industry better than him, so it’s good to get his take on why these companies want the data and what they could do with it.
He says Google’s data collection is much more invasive than Apple — it pings your phone 1,000 times a day — and much worse from a privacy standpoint because the data is sitting on Google’s servers as opposed to your desktop computer or phone.
Why is Google gathering this data? To gather better data for advertising, says Morgan.
We reached out to Google for a response, and it provided this canned statement:
“All location sharing on Android is opt-in by the user. We provide users with notice and control over the collection, sharing and use of location in order to provide a better mobile experience on Android devices. Any location data that is sent back to Google location servers is anonymized and is not tied or traceable to a specific user.”
Morgan disputes the idea that the data is anonymized. He says users can still be traced easily by tracking where they are.
Below is a lightly edited transcript of our conversation:
BI: Is there anything nefarious about what Apple was doing in your opinion?
Ted Morgan: I can only comment on what they said publicly, and they’ve claimed that it was a snafu or a bug in their product. And they’re going to correct it. I think they’ve been pretty open about it. And they’re certainly going to address it in the next week or two. I think that’s pretty forthcoming on their part.
I think it shows in general how hard it is to build one of these systems. And how complex it is, and all the landmines there are around individual privacy. You have to be very careful about how you handle this data because it’s such a lightning rod issue.
BI: This is what you guys do, right?
TM: This is all the stuff we invented. So, using wifi signals and them combining them with cell and GPS is everything we’ve been doing it since we started the company eight years ago. So what you’re seeing is a lot of big companies who are trying to – they’ll either licence Skyhook or they’ll try to replicate it. Any what happens in many cases is you try to replicate what we’ve learned over eight years – you know, there are a lot of things you learn the hard way.
We’ve also tried to be very careful about privacy from day one to avoid these kind of issues for us cause Apple and Google may be able to weather a big privacy storm like this, but we couldn’t as a small company.
BI: Did Apple used to use your technology, but they don’t use it anymore?
TM: Yes, they launched our technology across all their devices in 2008. On the iPhone 4 and above, they’ve deployed a technology of their own. But they’re still a very big customer of ours. We work a lot with them.
BI: Can you say what you do with them?
TM: No, unfortunately I can’t.
BI: There’s this idea that if people get a hold of your phone, they can track you down and see where you were, like police or lawyers. Are these real?
TM: There are real concerns. I don’t think there’s anything malicious going on by these companies. I think they’re trying to roll out a sophisticated location system very quickly, and catch up on a lot of fronts. But the reality is that are things that if you do them wrong create a tremendous amount of risk.
The two things simply are probing and tracking.
Probing is when have the device periodically check your location and send it up and collect it without the user doing anything at all. So, the right way to do it is when the user checks the location, then you can use that to fix the network, etc.
But to have the device quietly in the background probing your location creates a whole host of issues around privacy as well as just plain battery power. And there’s a lot of times an Android phones just gets really hot because it’s checking your location every two minutes, and you don’t even know about it. Those things are bad.
And the other thing is tracking. I you associate any history of a user at all it’s very easy to, after the fact, figure out the name of that user. So when you hear companies like Microsoft and Google say, “We’re anonymizing the data,” it doesn’t matter. If there’s a location history, all I do is look at past 9 o’clock and there’s a 95% chance that you went home. And I will look at that, and I will up that address and I will know who you are.
And as you start adding more and more data, I match that with where you work and now I know this is you. I know this is Jay’s track, and I can follow him forever, and I can use that either to stop you, either in police forensics. I can use it in divorce disputes. You know, everything, for reasons of your privacy, you don’t want people to know – that can be obtained with a track.
So probing and tracking are no-no’s in this stuff that we’ve avoided. And you’re seeing how much emotion there is around a misstep on that.
BI: Does it matter how long the data is held on for?
People argue that seven days is fine, two days a month. It doesn’t matter. If you’re tracking the user at all, and the history of their locations, it’s relatively easy to figure out who you are.
BI: Is there anything you do to prevent that? What do you do differently?
TM: Yeah. We’ve been worried about this privacy stuff from the very beginning. We were afraid of these kind of blow-ups. And so, we never probed the device.
Our system only gets used when a user says, “I’m checking in on Foursquare, I’m looking for something on Yelp.” And then we never associate any location history at all. And so every single location request looks completely independent to us.
We know nothing about users’ or devices. We get about 400 million a day, and each one of those is completely separate. We have no way of connecting your 50 location look-ups in a day. I just see 50 different location look-ups and I have no sense of devices or users.
So I state very publicly what I do with the data, and then, even if I wanted to, I don’t have any history to then dig in on your trace. We don’t keep it.
BI: Why would Microsoft or Apple or Google do the probing?
TM: Because it’s quicker to catch up to us when you do that. So the way we collect our data — and it’s fine to collect wifi data — I mean, that’s what we’ve kind of pioneered, and we’re big fans of it. But you have to do it the right way.
We drove the streets, first of all. We drove 10 million miles of road around the world collecting this data. And then we maintain it through the 100 some odd million devices on our network. When you look up something and you check your location, you’ll send 10 access points you see around you to our server. We’ll then look at our database, see where those are, and send you back a location.
But since you sent me those 10 access, I’ll say two of those used to be in Baltimore and now they’re in New York, so I’ll send them to New York. We only do that on the data the user collects at the time.
When you’re probing, you’re using a users battery and data when they don’t know about it, but it’s a faster way to build up data cause you’re not waiting for the user to check in a few times a day. You’re pinging in 100 times a day and in Google’s case, 1,000 times a day.
BI: So is what Google does different from what Apple does?
TM: Google’s a lot more aggressive about the background probing and the tracking of users. So, Google voice search, for example, if you say “I want pizza.” If you have that on your device, whether you’re using it or not it’s checking your location every 2 minutes and sending it back to Google. And all their apps do that kind of stuff. You might not use it for a month, but every single place you’ve been for a month is being recorded by them.
So that, one is an over aggressive use of your phone, and two, there is also an identifier associated with your location history. They say it’s anonymized, but that doesn’t matter. It has every place you’ve been, there’s just no name on it.
BI: So Google could track you down if they wanted?
BI: But why would they want to? There’s no upside for Google, right? It would be trouble.
TM: Well there is — there’s a reason they’re doing it — because that data is a ton more valuable for demographic targeting.
We launched a year ago a way to show where people are moving around based on all of our data. But we don’t know about individuals, we can just see these groups moving around. If I knew the individual traces, I could then say that this street corner has 30% African Americans of this income level and they all like to play golf, cos I can trace from their home demographics. So they’re an incredible valuable on the advertising and marketing front.
And we applaud all of this, as long as its not violating these privacy concerns.
And it’s not just a theoretical concern. Someone could grab your iPhone very easily and pull that file off while you’re in the bathroom and have all of your locations.
Google, you could hack into Google’s system, or the Feds could subpoena the system and say, “Jay could be in this terrorist plot and we’d like to see where he has been for the last three months.”
The data’s there, it’s all something that could be done.
BI: Why is that more something Google can do than you can do?
TM: Because I don’t have the trace. So there’s no way you can say,. show me all the devices that went to Jay’s house and where they went after that. I can’t reverse engineer it. I don’t maintain the data at all.
BI: You’re in a little bit of a fight with Google, right?
TM: We’re in a little bit of a fracas. That’s mostly on the competitive front. We won deals with major manufactures, and they basically threatened these manufacturers and we think that’s a bit over the line.
BI: And they’re doing this tracking for advertising, do we know?
TM: It’s all for mobile advertising.
BI: The uproar around Apple happened when people found a file. Has this file been found with Google on Android phones?
TM: Yeah, they found a file. It’s not as long. It’s more temporary. I think Apple can address this easily by encrypting the file. The bigger issue, really, is the tracking on the server. Apple said they don’t do it, that’s what they’ve said, and Google is fudging the issue.
BI: Is it worse with Google because all this info is stored not only on your device, but on their servers?
TM: Yes, that’s right.
BI: Anything else you want to talk about.
TM: Apple and Google are grabbing all the headlines, but I wouldn’t leave Microsoft and Nokia out of the mix. They’re doing all the same things.