iBeacon on iOS: What, Me Worry?

iBeacon technology is pretty new, and people are still thinking up ways to use it. There’s lots of excitement about the possibilities, but there’s also lots of concern about the potential for privacy invasion and spam. The two opposing extremes break down roughly like this:

  • iBeacon is great! Retailers are going to be able to directly communicate with their most loyal customers and make the purchase process frictionless.
  • IBeacon is terrible! I’m going to walk into a store and get inundated with spam from a company that knows too much about my location and shopping patters!

I’m going to explore how these extremes compare the the actual options available via iBeacon and related technology. For now, this discussion is exclusively centered on the behavior in iOS.

On iOS, iBeacons are part of location services. These are the same part of the system that has been responsible for locating your device based on GPS, cell tower, WiFi, and so on. If you’ve used iOS, you know you get an option before any application is allowed to access your location. If the app doesn’t have your permission for location events, it won’t have an opportunity to track you.

Location serves has been available in iOS for years, since iOS 2.0. The new feature iBeacons bring is a fast and easy way to get very specific location information. It’s been possible to get a geographical position, but iBeacon allows an application to know exactly where your device is in relation to a specific iBeacon. It can do this very quickly, and it doesn’t rely on the vagaries of pulling satellite or wireless data. For example, getting a GPS signal indoors is difficult. iBeacon provides a way to have location information that is just as accurate, but more reliable. If an iBeacon is installed in the entrance of a store, that store can tell when you walked through the door, vs. walked passed the door. All of this is still subject to the same restrictions as the old style location events: none of this is possible without the consent of the user.

Say you’ve installed, for example, the Giant BigBox Store app, and allowed Giant BigBox Store to receive location updates from your device. Now the app can accurately determine when you walked in the store. If the store installs multiple beacons, they can even pretty easily tell when you’re at the plumbing department vs. the lumber.

Once you enable location services, it would be pretty easy to track the number of times you entered the store, and possibly how you moved around the store. But what, exactly, could they track?

  • If you create a customer account in the app, they can track your movement and relate that movement to your email, name, address, or whatever else you have entered in the app.
  • If you avoid giving the app personal information, all they can relate your movement to is an anonymous unique ID related to your iPhone.
  • If the store has a payment system integrated with the beacons, they could track your purchases, and relate your entrance/exit with your purchases. They could implement a rewards program without the need for specialized cards. Some people like this, some people avoid it at all costs.

What the store track and how well they can relate it to your personal information is dependent largely on information and features you enable yourself. There is virtually nothing interesting they can pull without you taking explicit action to enable that interaction.

If you’ve enabled push notifications and location updates to your app, then the store has the opportunity to push out notifications to you every time you move from department to department. What’s to stop them? The same thing that stops them from sending out too many notifications of any kind: If people are annoyed, they will simply turn off notifications (if they’re savvy), or even worse, uninstall the app.

To go back to the worst-case scenario above:

IBeacon is terrible! I’m going to walk into a store and get inundated with spam from a company that knows too much about my location and shopping patters!

In order for this scenario to be true, you would have to take several specific actions:

  1. You installed the app for the retailer in question.
  2. You enabled location services for the app.
  3. You entered account information in the app.
  4. You enabled notifications for the app.

So far the topic is just been using your iPhone to detect when it is near a beacon. Another possibility with iBeacon is that you can turn your iPhone into a beacon. Your phone is broadcasting a beacon to anything that wants to receive a Bluetooth LE broadcast. I’ll cover this scenario in a future post.