First we need a 'scary' or high-profile target; the recent critical infrastructure hoax was a perfect example of the former, Apple (the subject of this article) is a perfect example of the latter.
Secondly we need a clueless press; the more sycophantic about the product affected and the less technically aware the better.
Next, we need so-called experts to weigh in on the topic in a very public fashion. Of course the requirement that they be operating well outside their area of expertise goes without saying.
Added to all this is the manner of reporting. Does anyone recall those rabid chain-emails describing some fake computer virus as "the worst Microsoft [or some other tech company, but usually Microsoft] has ever seen?"
So, keeping all that in mind, let's turn our attention to the foam-at-the-mouth reporting of the location file 'discovered' on all devices running iOS v4 (that's iPads, iPhones and iPods).
It all started with a report from Alasdair Allan and Pete Warden of O'Reilly media which stated in part, Today at Where 2.0 Pete Warden and I will announce the discovery that your iPhone, and your 3G iPad, is regularly recording the position of your device into a hidden file. Ever since iOS 4 arrived, your device has been storing a long list of locations and time stamps. We're not sure why Apple is gathering this data, but it's clearly intentional, as the database is being restored across backups, and even device migrations.
Kind-of emotive language, doing you think? (component 4 above, check!)
Of course, within a heart-beat, the popular press grabbed hold of the story and thus commenced the beat-up.
First of all, it is suggested that readers visit Apple terms-of-service page.
To provide location-based services on Apple products, Apple and our partners and licensees may collect, use, and share precise location data, including the real-time geographic location of your Apple computer or device. This location data is collected anonymously in a form that does not personally identify you and is used by Apple and our partners and licensees to provide and improve location-based products and services. For example, we may share geographic location with application providers when you opt in to their location services.
Some location-based services offered by Apple, such as the MobileMe "Find My iPhone" feature, require your personal information for the feature to work.
This clearly establishes that anyone agreeing to the overall terms of service has agreed to the exact implementation described by Allan and Warden.
However, more than this, those more expert in the matter, such as Alex Levinson have poured a lot of cold water on the whole saga.
Levinson's bio notes in part, Currently, Alex is the Senior Engineer for Katana Forensics, the developing body for Lantern, a leading iOS Forensic Analysis application. Since joining Katana, Alex has overseen the development of Lantern 2.0. He probably knows what he's talking about.
First of all, Levinson notes that this is not new. The tracking file has been available in most versions of iOS; in iOS 4 it's been renamed and made a little more visible.
Secondly, he observes that making this information would be in contravention of just about every privacy statute around the world - Apple really isn't that silly!
Finally, and most scathingly, Levinson observes that nothing done by Allan and Warden is new - a cursory glance at the security literature would have shown that not only had Levinson presented on the topic at a recent conference, but that a full description of the topic appears in his recent book, "iOS Forensic Analysis."
So, where are we now? Of course there is the obligatory "foam-at-the-mouth" demand for a congressional enquiry (is there any other way those guys can plot to get re-elected?) along with a variety of ill-informed ratcheting-up of the rhetoric on the blogosphere.
But, all-in-all, I think this will slowly fade as people continue to recognise the importance and rely upon the apps that are based on this service.
Caveat malus locator.