iPhone

iPhone tracking only part of Apple's security and privacy shortcomings

The revelation by a pair of researchers that iPhones store location data for the life of the device is making waves. How much does it really matter? Chad Perrin suggests the problem goes deeper.

We have recently seen a lot of angst and carrying on over reports that a secret database of iPhone users' movements is being compiled on every iPhone. If you have an iPhone 4, you should be able to find a file that stores location data for the device since the day you bought it.

The story broke when Alasdair Allan and Pete Warden released an application called iPhone Tracker at the O'Reilly Where 2.0 conference. The application accesses the contents of this database file and generates a map of locations you have visited with your iPhone. It actually generates some pretty slick maps, judging by the screenshots. The iPhone Tracker site has some interesting things to say about the application:

  1. It doesn't record anything itself, it only displays files that are already hidden on your computer.
  2. The fact that it's transferred across devices when you restore or migrate is evidence the data-gathering isn't accidental.
  3. There's no evidence that it's being transmitted beyond your device and any machines you sync it with.
  4. The most immediate problem is that this data is stored in an easily-readable form on your machine. Any other program you run or user with access to your machine can look through it.

1. Hidden files

While there is no obvious indicator that the file in question exists, it seems a bit extreme to call it "hidden". In fact, it is less "hidden" now than it was in previous iPhone versions, where it was stored in a more locked-down part of the filesystem used by the device's operating system. What has changed is that Apple evidently wanted to make the data more available to users, via iOS applications, so some changes were made in how it is stored.

In fact, it is pretty difficult to call the file "hidden" with a straight face if you know that you can order a copy of iOS Forensic Analysis, an Apress book by Sean Morrissey, and look it up within the pages of that text.

2. No accident

As pointed out on the iPhone Tracker site, it seems pretty clear that Apple has no "accident" defense for the existence of this collected data. On the other hand, there are other defenses that may apply.

3. Not transmitted

The iPhone Tracker site makes it quite clear that no evidence has been found that the stored data is ever transmitted back to Apple, to law enforcement, or anywhere else for that matter. There is, however, still some question about the matter.

As Ian Paul said in the PC World article, Why Apple Tracks You Via iPhone: It's Not Why You Think, a letter to Texas legislators makes it clear that location data for iPhones *is* being collected by Apple:

Apple may "collect and transmit cell tower and Wi-Fi Access point information automatically [from your device]," the letter reads. "This information is batched and then encrypted and transmitted to Apple over a secure Wi-Fi Internet connection every twelve hours."

Remember that a lack of evidence is not the same thing as evidence of lack. The truth is that we apparently do not actually know whether the data in that file is sent back to Apple. If not, the above quote suggests that some other location data *is* being sent instead.

4. Easy Access

The problem with the data file in question is that it is so easily accessible. If you visit your mistress, then leave your iPhone unattended while you take a shower, your wife may discover your whereabouts. Police may use scanning devices to read the data from your cellphone. A stalker or abusive ex-husband may get his hands on the iPhone and use the data to put together a schedule of your movements so he knows best how to find you. A malicious security cracker who wants location data knows exactly where to go to get that data after getting access to the device.

An application you install from the App Store may broadcast that data all over the place, either maliciously or by way of mere developer incompetence.

Intent and result

The file's location data is derived from proximity to wireless networks and cellphone towers -- and some of that information is accessible anyway to the service carrier for the iPhone, though not usually stored for so long.

Apple's intent may be perfectly honest in this case. The file may simply be there for no more nefarious reason than offering users another source of data that can be accessed via software installed through the App Store. It seems, at first glance, unlikely that Apple would store this location data in perpetuity on the device itself if the intent was to track customers. One might ask why Apple would not just harvest the data and store it on company servers, allowing the device to rotate logs to keep storage space from being eaten up too quickly.

On the other hand, the sheer volume of data being collected might be prohibitive for centralized storage. Keeping the data on the device, and making it accessible to Apple via network connections, might conceivably be an optimization. Regardless, the result is the same: iPhone users have their movements logged by the device.

Selena Frye asks the obvious question, Being tracked by your iPhone: Do you care? Larry Dignan writes at ZDNet, in Your iPhone, iPad recording your every move? So, that it really does not matter. His argument boils down to a simplistic statement:

People allow their every move to be tracked anyway—willingly.

He allows that "there's a small opt-in issue here," but casually and derisively dismisses it, citing the fact that he believes "most Apple fans would opt in anyway." Not all iPhone users are exactly Apple fans, though. In fact, many iPhone users have ceased to be Apple fans in part because of issues involving the iPhone, such as Apple's sometime tendency to brick rooted iPhones on software updates.

Ultimately, whether most people care or not is irrelevant. The reason for requiring opt-in before having location data gathered is to serve the rights of those who wish to make some modicum of effort to protect their privacy. If deceptive means are used to essentially trick people into giving up their privacy, or to just invade it in an underhanded manner, something has gone seriously awry. Anyone dismissing that concern in such a derisive manner needs to rethink the importance of privacy.

At the other end of the spectrum, we find the reactionary approach taken by politicians trying to look good for their constituents. In particular, Minnesota Democratic Senator Al Franken sent a letter to Apple demanding answers. While some of the questions he asks are good, and he raises some important points, one must wonder why he chose this issue in particular as the target of his crusade against privacy violations when it is, in fact, amongst the least such poor corporate decisions that afflict our digital lives. The answer seems obvious: more people took notice of this issue, perhaps because it is illustrated by beautiful maps generated by iPhone Tracker, than of other more egregious threats to technology users' privacy.

Only part of a bigger security problem with Apple

In the end, the central fact of the matter is that this data is stored on the device. While a concerted effort should be made by researchers to detect any potential transmission of that location data (or similar data) from an iPhone (or any other smartphone for that matter) without the user's knowledge, the fact of a logfile storing such data on the device in and of itself is not the biggest security problem facing iPhone users. The fact that there is a file stored on the device that is accessible to users is peanuts beside the possibility that closed source software on the device -- both iOS and the applications installed from the App Store -- may be misbehaving in far more worrisome ways. Various other security issues have cropped up over the last few years that are much more problematic, such as the 2007 discovery that all iPhones used the same root password.

If I was willing to overlook all of that (aside from the network stability issues for which AT&T has become famous, the lack of a physical keyboard, and other shortcomings of the iPhone), I think the presence of a local log of the device's physical movements that is not accessible without installing additional software, hands-on access to it, or a security compromise, would not concern me too much.

On the other hand, this revelation is yet another example of Apple's poor record for thinking about the security and privacy implications of its system designs, and one more reason that I have no interest in getting an iPhone for personal use. Your mileage may vary -- and now that iPhone Tracker has been released to the public, it is a trivial exercise to check that mileage.

About

Chad Perrin is an IT consultant, developer, and freelance professional writer. He holds both Microsoft and CompTIA certifications and is a graduate of two IT industry trade schools.

56 comments
manskybook
manskybook

Can we agree that Apple made some efforts at being responsible, but that we'd like some oversight so that these kind of careless things don't happen again? We DO easily give up our information (every time you make a Google search, or "allow" location tracking on your smartphone), so let's be more explicit about what that is. But let's take people to task for offering hot opinions without following the topic, and let's end this topic now, because this phase is over, and because there are too many comments for most people to follow now.

trackerbuster
trackerbuster

TrackerBuster!!!! This script is designed to "patch" the iPhone "bug" that makes it store user movement data. This will not harm your device in any form, it will just configure consolidated.db to auto purge via standard sql calls. No executable code or external program needed running on the iPhone. This patch IS USABLE on NOT JAILBROKEN devices too 1st get the database: In JAILBROKEN devices just SCP/FTP to /var/root/Library/Caches/locationd and copy consolidated.db to your computer In NOT JAILBROKEN devices a method is proposed here using itunes backups to access the file: -- http://howto.wired.com/wiki/Find_Stored_iPhone_Location_Data_on_your_Computer Apply the patch to the database. The easy way is opening the file with a SQL browser, and import the TrackerBuster.sql Any SQL browser will do the job, but sometimes freeware is not easy to find in windows so I used and tested with the SQLite Database Browser over a PuppyLinux 5.2.5 liveCD In JAILBROKEN devices just SCP/FTP and copy the modified consolidated.db to to /var/root/Library/Caches/locationd In NOT JAILBROKEN devices restore from your last backup in iTunes once database is patched READY, your iPhone is not tracking your data anymore, with no programs running on the background. If you need to restore the tracking ability of the device just remove the file using the same methods Extended info in the script itself, just open it with any text or code editor TrackerBuster: http://www.megaupload.com/?d=XGCP8B4G

trackerbuster
trackerbuster

TrackerBuster!!!! This script is designed to "patch" the iPhone "bug" that makes it store user movement data. This will not harm your device in any form, it will just configure consolidated.db to auto purge via standard sql calls. No executable code or external program needed running on the iPhone. This patch IS USABLE on NOT JAILBROKEN devices too 1st get the database: In JAILBROKEN devices just SCP/FTP to /var/root/Library/Caches/locationd and copy consolidated.db to your computer In NOT JAILBROKEN devices a method is proposed here using itunes backups to access the file: -- http://howto.wired.com/wiki/Find_Stored_iPhone_Location_Data_on_your_Computer Apply the patch to the database. The easy way is opening the file with a SQL browser, and import the TrackerBuster.sql Any SQL browser will do the job, but sometimes freeware is not easy to find in windows so I used and tested with the SQLite Database Browser over a PuppyLinux 5.2.5 liveCD In JAILBROKEN devices just SCP/FTP and copy the modified consolidated.db to to /var/root/Library/Caches/locationd In NOT JAILBROKEN devices restore from your last backup in iTunes once database is patched READY, your iPhone is not tracking your data anymore, with no programs running on the background. If you need to restore the tracking ability of the device just remove the file using the same methods Extended info in the script itself, just open it with any text or code editor TrackerBuster: http://www.megaupload.com/?d=XGCP8B4G

craig_neatherlin
craig_neatherlin

How is this much different than OnStar? If you don't want to be tracked, don't own any technology and live on the street. It would be good to know exactly what Apple intended this for in the first place.

manskybook
manskybook

the availability of the data has been known for months, if not a year; the "researchers" created an app that accessed that unencrypted data, and claimed it was something that it was not; and did not attempt (as most responsible "researchers" would) to contact Apple first to determine whether it was a bug. Apple (as Google, with different intent and form) collects information about you on your cellphone. Apple asks and, as the recent interview with Jobs, et al, suggests, it is an "opt-in" provider, not an "opt-out". Your personal information, however, is not at risk in this case. If this bothers you, please check all the cookies on your browser(s) to see what information they transmit; and please check your apps on Android and iPhone to see what information you have allowed. Then I think you can make informed comments (this is partially directed at the paranoid and poorly informed opinions of apotheon).

atpg85
atpg85

Those of us who charge clients hours plus mileage could find this a godsend. No requirement to keep notes and a ready record when the monthly invoice is created

ActiveAvatar
ActiveAvatar

The way some people write you would think this was the end of the world...there is nothing in the file that says who you are, it collects triangulation points using wi-fi and bases station locations and gathers THEIR POSITIONS not your own.... I know I have run the software, so the most 'evil men in black vans' with bad intent could gather was I was somewhere in the area - they can get much more than that from the phone company. Apple's security is pretty darned good - look at the virus risk numbers - the information helps speed up positioning in a similar form as a cache file - yes shock horror so does every browser.... The only argument I would have is it is arguably good design to have an ability to flush this cache at the user's discretion, and to be encrypted in transmission.

Vulpinemac
Vulpinemac

Nobody--but nobody sees this file unless they have physical access to your phone or iTunes on your computer. Even then, the file is nigh-on-impossible to access if you don't know the exact route to find it. No, not even Apple sees this file. That said, Apple has already announced that the errors made moving the file to its new location in iOS 4 are being corrected and it will be erased on a weekly basis as well as encrypted and hidden. It appears Apple itself was shocked to discover it wasn't being erased as it had in previous iterations of iOS. In other words, the whole scare was nothing but another over-reaction to a non-event.

itadmin
itadmin

The politically correct brigade, politicians and all participants in crime are always very pro privacy concerns. Many people don't even realise that their phone numbers and addresses can be found in telephone directories. So, what if everybody knows where I've been? Most people won't even care and my details would be lost in the overwhelming amount of data on everybody else. Most likely Apple may later harvest these details and use it for marketing. Thanks to the industrial revolution there is overproduction of nearly everything. It's a tough world out there if you have a product or service to sell, as many of us know. Anything that may help is used. All these details about people who actually use the product may be useful for marketing. And if a politician is caught with his pants down, or a criminal's alibi is blown, good. You won't hear me crying.

Ralph Smith
Ralph Smith

I, and 99.9% of the public have two things in common. We really don't have anything to hide and we aren't targets of secret agents, and if we're using any of these new gadgets (including cars) we can be found anyway. I personally like the possibility that my device can be found when it's stolen. That IS a value to me personally.

ksaldutti
ksaldutti

Yes it does mater what your personal paid for and owned device does on your behalf and on the behalf of and for others. How many device owners even know or care about any of this? Those who are concerned what are their options? Where is all this going? I mean over all the big picture are our devices friend or foe? Never take your eye off this ball as it may turn on you.

T3CHN0M4NC3R
T3CHN0M4NC3R

They are trying harder to control our digital lifestyle. You have been warned. Go Android. Total control in YOUR hands.

brent.wiley
brent.wiley

"While a concerted effort should be made by researchers to detect any potential transmission of that location data" - What? Why not "a concerted effort by Apple should be made to explain the location file and it's purpose"? Oh right, they already got your money and you can't afford to buy another phone off contract... and then there's the issue of porting the small fortune you spent in apps. Can I even use apps without worrying about trademark infringment? The new evil empire rises...

lcplwilson
lcplwilson

It really angers me that these manufactures think they have the right to do this kind of thing. I bought the device (phone, tablet, whatever), it is MINE (my property) and I don't like anyone with their fingers in MY pie. The so-called "licensing" contract is nothing but a boondoggle designed to keep the manufactures in control.

Derteufel
Derteufel

wrap it in a pretty package.

thomas
thomas

I think that a rooted or jailbreaked iPhone is a greater security issue. Than this issue. And when the iPhone is jailbreaked, their is lot of bad apps, which does the same thing. And they call home all the time. But I think it's a problem that you can't switch it off. I would be surprised if it's only coordinates and time. I expect that they use this to improve network/software quality as they say. You have also given them permission to collect this data when you accepted the agreement.

JonGauntt
JonGauntt

I wonder if some of this has to do with the Nike apps and others like it. Does the availability of this information allow these programs to be more lightweight if the information is stored on the phone and able to be accessed for historical purposes both on your phone and back on the computer it uploads to. Not sure, but I can see that this would be helpful for applications like this. There should be a way to remove it though or give a way to set how long to keep it.

JayGee21
JayGee21

If there can be one fair and up front statement to be made is that once we entered into the world of "instant" contact we negatted any assumption that what we did, where we go or went and to whom we communicated with regardless of reason would infact be open to scrutiny and available to whoever with technical savy would thus know.

jckylen
jckylen

So what is the proper concern? With all the mobile devices having GPS and all kinds of other tracking functions do any of us believe apple is the only bad player in this? The fact that it came out the way it did is what is causing so much concern and now I'm sure so many other devices are being checked for similar activity. My WP7 phone asked if it could use location information for my pictures and I said sure. Have I made a mistake letting the information out? When you set the phone up the first time it asks to turn on locator information, again, was saying yes a mistake? At least they were up front when it got turned on but how long does it save it, what does it collect, where does the data go, all that and so many more questions. We are giving up our privacy - why should we scream when someone gets our our information with just a few key clicks?

lshanahan
lshanahan

...for tracking on cell phones (as a whole, not just iPhones) was the 911 problem. For landline phones, your exact address pops up for the 911 operator as soon as you call, the idea being that you can be located in an emergency even if you are unable to talk. Obviously this could not be done with a mobile phone. Using GPS or other means to track phones solved that issue. That said, it appears Apple's iPhone goes **way beyond** what would be necessary to accomplish the above, since for emergency purposes it would not be necessary to store tracking data on the phone itself or anywhere else for that matter for any length of time. Just another piece of the puzzle to consider.

apotheon
apotheon

> Can we agree that Apple made some efforts at being responsible, but that we'd like some oversight so that these kind of careless things don't happen again? Probably not. . . . and aside from that, you're a bit of a troll who lies to my virtual face when the evidence contrary to what you say is on the same page of discussion.

manskybook
manskybook

that will take care of the "problems". Don't use this phisher's update.

apotheon
apotheon

I suppose you think we should heed your advice, "don't own any technology and live on the street," if we don't like other potential security issues like the Sony rootkit and PSN disaster, too.

apotheon
apotheon

Please let us know what I said that was "paranoid" or "poorly informed", in explicit detail. Your pot-shot is not accompanied by anything that actually undermines a word I posted here.

apotheon
apotheon

. . . but you don't need this file to do that.

apotheon
apotheon

> The concerns in this article have been debunked Did you even read the article? It actually addresses the defenses of Apple that you bring up here. What you describe is not debunking what the article addresses; it merely repeats the article's commentary. > nobody sees this file unless they have physical access to your phone or iTunes on your computer. "Physical"? Really? Are you sure you even know what that word means? I suppose you've never heard of the App Store, or malware, or the simple idea that corporate representatives often lie. > Even then, the file is nigh-on-impossible to access if you don't know the exact route to find it. Um, hello -- the location of the file is explained in excruciating detail not only all over the Web, but in books you can get at the bookstore as well. > Apple has already announced that the errors made moving the file to its new location in iOS 4 are being corrected and it will be erased on a weekly basis as well as encrypted and hidden. We'll see. Of course, if it's going to be erased weekly and "hidden", that makes me wonder about the real reason for having the file, since that undermines the actual innocuous excuses for the existence of such a file, and leaves only the nefarious reasons for it -- unless you're misstating the case (or just making things up). From your TR profile: > Industry: Media/Entertainment/Publishing/Advertising/PR How's that PR job working out for you?

apotheon
apotheon

You're one of those people, who will put tracking chips in their kids some day -- people who believe in a vast conspiracy to do things to you for your own good.

hthyne
hthyne

Sorry, Android/Google phones are as or even more guilty!!

Vulpinemac
Vulpinemac

What they were surprised about was that the file wasn't being erased in iOS 4. The file is used internally in the device itself to make data connections faster as you move between cell towers and wi-fi hotspots. No concerted effort is needed by any group and Apple has already announced that they will fix the bug in the next update.

apotheon
apotheon

Oh, sure, Apple should make that effort -- but I'm not holding my breath. I prefer to advocate for things that might conceivably happen.

Neon Samurai
Neon Samurai

location information is normally saved into the image itself. You can build some interesting maps by harvesting someone's flickr or facebook albums to rip the location information out of the image files. Twitter is also guilty; location data along with some 36 other bits of metadata hidden behind every twit.. er.. tweet. Researchers have already made some interesting maps based on harvesting twitter feeds. Don't forget, the library of congress is also now harvesting twitter data for long term storage. It may not be a concern in the next hour but remember; "Any information given out will inevitably be used for a purpose it was not intended."

Matt Henderson
Matt Henderson

Check out Cellint.com to see what is possible from just the basic cell phone communications protocol. They are using cell phones to track traffic, but it is clear that they could track location of all cell phones in real-time and then connect the cell phone to the registered user. Another current traffic tool are cameras that read license plates. Your location isn't a secret in a digital society...

manskybook
manskybook

apparently you are very good at hurling insults ("troll"; "how's that PR job working..."), but not very good at following current events. Poor baby. Hope you learn better reading comprehension. you may be interested in http://www.chucklorre.com/index.php?p=343

manskybook
manskybook

do you have cookies enabled in your browser? do you avoid using any search engine? Your opinions are hot, but, as a whole, not very convincing.

Vulpinemac
Vulpinemac

There's a lot more to media that just PR. The only PR I do is for charity organizations. On the other hand, I write, photograph, videograph, edit, etc.

ksaldutti
ksaldutti

Sorry but NO. Google may or is far more up your keister then even the Jobs clan. Google is very friendly with the Administration and their powerful minions. Read, investigate and be aware.

apotheon
apotheon

Hardly. I was going to respond that while you get a little more control in your own hands for Android devices than for the iPhone, it's far from total control. Saying Android is worse than the iPhone, though, seems a bit alarmist and unrealistic.

Neon Samurai
Neon Samurai

If only to confirm that Apple is holding to it's word, a third party concerted effort is very much needed. Let Apples good intentions be demonstrated by actions and verified by a separate entity through transparent research.

apotheon
apotheon

> Apple announced the reason for the file almost a year ago Cite your sources, please.

manskybook
manskybook

my reply to your overheated rhetoric was contained in the post, "tempest...", in case you can't figure it out. I did not reply line-by-line, because I was making a general point that included you, but did not specify you. You're a poor reader, and someone who follows only responses to your comments, not anything outside of them.

manskybook
manskybook

you didn't ask me any questions; you didn't answer any. You are ill-informed and don't follow the news (at all). This topic is dead.

apotheon
apotheon

You keep asking me accusatory, insinuative questions, and refusing to answer the most simple of questions that I ask. Your intent is obviously to portray me as some kind of ogre rather than to have a discussion. I am finished responding to your trolling hypocrisy. Have a nice day.

manskybook
manskybook

you just wish to assault others with your opinion (e.g.insulting vulpine) without reading or including other sources. Do you have an iOS device? have you examined its tracking file? Have you updated today with its bug-fix? Do you really know whether Apple sends or receives this information?

apotheon
apotheon

I noticed you avoided answering my request (did you think it wasn't obvious?), but I won't avoid your questions: > do you have cookies enabled in your browser? Yes, though I do employ what one might call paranoid cookie management. > do you avoid using any search engine? No. > Your opinions are hot, but, as a whole, not very convincing. Nor is your evasive, unresponsive, factually empty attempt at indictment of my opinions.

apotheon
apotheon

You're obviously doing PR for Apple, even if they aren't paying you for it.

apotheon
apotheon

It's easy to prevent; what iOS does (and may do, over which we have no control) is not so easy to prevent. A knowledgeable Android user can protect him/her self. A knowledgeable iPhone user will get sued for trying to do the same thing.

Vulpinemac
Vulpinemac

Android is KNOWN to send your location information to Google; the report itself said there was no evidence that the iOS information went anywhere. I'd hardly say that's unrealistic.

Editor's Picks