The purpose of this hearing was to aid lawmakers in understanding if current privacy laws around tech (which are quite old) are still valid or need updating. But what did Bud Tribble, an MD, PhD engineer and Apple's Vice President of Software Technology have to say versus Google's representative, Alan Davidson, who happens to be a lobbyist? Let's look at Apple's statements and answers to key questions, then cross-check with Google's answers.
First, the big question is whether or not Apple is "tracking you." In opening statements, Tribble pointed out (also in his written testimony) that Apple is "deeply committed" to protecting consumers' privacy, and Apple does not share personally identifying information with third-party vendors without explicit consumer agreement.
As stated in a release on April 27, 2011, the company does not track you and never has had any plans to track your whereabouts. Instead, the location database is designed to provide a crowdsourced database of local Wi-Fi hotspots and cellular towers in order to provide a quicker method for locating an iPhone on a map faster than GPS would alone. This information is not used by Apple itself, but can be accessed by applications that happen to use Location Services. These services can be turned off, and last week, Apple fixed a bug which stored these on the computer you use to sync in an unencrypted way and which contained all locations. Tribble also mentioned that in the "next major version of iOS this data will be encrypted."
When Senator Franken questioned Tribble about a seeming conflict in written statements versus the press statements around how tracking info is used, Tribble noted again that Apple does store this crowdsourced data on your iPhone/iPad and in a computer's database, but that the data is not the location of your phone, but the location of Wi-Fi hotspots and cell towers used to aid apps in locating your iOS device. It is not sent to Apple, and Apple is not in the business of tracking customers.
He made repeated mention of how all apps that use this location information must pop up a modal dialog warning the user. Plus, a purple icon appears next to the battery indicator showing you when location information is being accessed. Further, if you drill into Settings > Location Services, the same purple icon will appear next to applications that have accessed your location data within the past 24 hours.
According to Tribble, Apple does random audits of apps to see if they are violating policies. Plus, engineers monitor network traffic from apps to see if there are irregularities. Further, the company does look at user groups, the media and blogs for reports of behaviors from apps that may violate its policies. In all cases, Tribble said, Apple contacts the developers during an investigation and informs them of a policy issue. They are given an opportunity to fix the issue or be pulled from the store. To his knowledge, the incentive of being on the App Store was enough to always have developers comply with Apple policies.
From where I sat, Apple was on the defensive -- but in a good way. The defense was primarily "we own the store, we own the rules for the store, and our goal is to protect the consumer." Working to Apple's advantage is the tight control of the App Store, which some (including TUAW at times) have bemoaned as draconian. But I think today's hearings show how a tightly-controlled store can benefit consumers if the entity controlling the store is genuinely proactive about protecting the privacy of consumers.
Senator Schumer appeared at one point to criticize Apple's acceptance and publishing of an app designed to help people avoid traffic stops (in theory enabling drunk drivers to avoid being caught), and a brief back-and-forth between him and Tribble ensued. In the end, Tribble admitted that Apple has policies to block apps that encourage illegal activities and that the App Store team is investigating claims around apps such as these.
For its part, Google's representative played offense, pointing out how location data can be used to benefit mankind. As one example, he noted the company's work with the Center for Exploited and Missing Children, and how Google aims to push Amber Alerts to people in a specific region for those alerts. He also, again and again, expressed how Google supports "openness" instead of curation.
Unfortunately, Google took a beating in the hearings, basically admitting that the Google app market is a Wild West of applications. With the Android Marketplace's openness, developers can and do write apps that encourage or enable illegal activity. Also, Google's policies on who does what with your data (be it location or email or whatever) are there, but each app developer can pretty much do as they please with only the vaguest notion that Google might (in case of malware, for example) come down on you and remove your app from the store.
By explicitly stating that the aim of the Android Marketplace is not for Google's team to be gatekeepers, Google puts the onus on consumers to be aware of who is using their data and how they are using it. In the end the Senators seemed to be less thrilled with this response than Apple's curated store approach -- one with a specific set of guidelines, restrictions and policies to which every developer must adhere.