We have recently seen a lot of angst and carrying on over reports that a secret database of iPhone users’ movements is being compiled on every iPhone. If you have an iPhone 4, you should be able to find a file that stores location data for the device since the day you bought it.
The story broke when Alasdair Allan and Pete Warden released an application called iPhone Tracker at the O’Reilly Where 2.0 conference. The application accesses the contents of this database file and generates a map of locations you have visited with your iPhone. It actually generates some pretty slick maps, judging by the screenshots. The iPhone Tracker site has some interesting things to say about the application:
- It doesn’t record anything itself, it only displays files that are already hidden on your computer.
- The fact that it’s transferred across devices when you restore or migrate is evidence the data-gathering isn’t accidental.
- There’s no evidence that it’s being transmitted beyond your device and any machines you sync it with.
- The most immediate problem is that this data is stored in an easily-readable form on your machine. Any other program you run or user with access to your machine can look through it.
1. Hidden files
While there is no obvious indicator that the file in question exists, it seems a bit extreme to call it “hidden”. In fact, it is less “hidden” now than it was in previous iPhone versions, where it was stored in a more locked-down part of the filesystem used by the device’s operating system. What has changed is that Apple evidently wanted to make the data more available to users, via iOS applications, so some changes were made in how it is stored.
In fact, it is pretty difficult to call the file “hidden” with a straight face if you know that you can order a copy of iOS Forensic Analysis, an Apress book by Sean Morrissey, and look it up within the pages of that text.
2. No accident
As pointed out on the iPhone Tracker site, it seems pretty clear that Apple has no “accident” defense for the existence of this collected data. On the other hand, there are other defenses that may apply.
3. Not transmitted
The iPhone Tracker site makes it quite clear that no evidence has been found that the stored data is ever transmitted back to Apple, to law enforcement, or anywhere else for that matter. There is, however, still some question about the matter.
As Ian Paul said in the PC World article, Why Apple Tracks You Via iPhone: It’s Not Why You Think, a letter to Texas legislators makes it clear that location data for iPhones *is* being collected by Apple:
Apple may “collect and transmit cell tower and Wi-Fi Access point information automatically [from your device],” the letter reads. “This information is batched and then encrypted and transmitted to Apple over a secure Wi-Fi Internet connection every twelve hours.”
Remember that a lack of evidence is not the same thing as evidence of lack. The truth is that we apparently do not actually know whether the data in that file is sent back to Apple. If not, the above quote suggests that some other location data *is* being sent instead.
4. Easy Access
The problem with the data file in question is that it is so easily accessible. If you visit your mistress, then leave your iPhone unattended while you take a shower, your wife may discover your whereabouts. Police may use scanning devices to read the data from your cellphone. A stalker or abusive ex-husband may get his hands on the iPhone and use the data to put together a schedule of your movements so he knows best how to find you. A malicious security cracker who wants location data knows exactly where to go to get that data after getting access to the device.
An application you install from the App Store may broadcast that data all over the place, either maliciously or by way of mere developer incompetence.
Intent and result
The file’s location data is derived from proximity to wireless networks and cellphone towers — and some of that information is accessible anyway to the service carrier for the iPhone, though not usually stored for so long.
Apple’s intent may be perfectly honest in this case. The file may simply be there for no more nefarious reason than offering users another source of data that can be accessed via software installed through the App Store. It seems, at first glance, unlikely that Apple would store this location data in perpetuity on the device itself if the intent was to track customers. One might ask why Apple would not just harvest the data and store it on company servers, allowing the device to rotate logs to keep storage space from being eaten up too quickly.
On the other hand, the sheer volume of data being collected might be prohibitive for centralized storage. Keeping the data on the device, and making it accessible to Apple via network connections, might conceivably be an optimization. Regardless, the result is the same: iPhone users have their movements logged by the device.
Selena Frye asks the obvious question, Being tracked by your iPhone: Do you care? Larry Dignan writes at ZDNet, in Your iPhone, iPad recording your every move? So, that it really does not matter. His argument boils down to a simplistic statement:
People allow their every move to be tracked anyway—willingly.
He allows that “there’s a small opt-in issue here,” but casually and derisively dismisses it, citing the fact that he believes “most Apple fans would opt in anyway.” Not all iPhone users are exactly Apple fans, though. In fact, many iPhone users have ceased to be Apple fans in part because of issues involving the iPhone, such as Apple’s sometime tendency to brick rooted iPhones on software updates.
Ultimately, whether most people care or not is irrelevant. The reason for requiring opt-in before having location data gathered is to serve the rights of those who wish to make some modicum of effort to protect their privacy. If deceptive means are used to essentially trick people into giving up their privacy, or to just invade it in an underhanded manner, something has gone seriously awry. Anyone dismissing that concern in such a derisive manner needs to rethink the importance of privacy.
At the other end of the spectrum, we find the reactionary approach taken by politicians trying to look good for their constituents. In particular, Minnesota Democratic Senator Al Franken sent a letter to Apple demanding answers. While some of the questions he asks are good, and he raises some important points, one must wonder why he chose this issue in particular as the target of his crusade against privacy violations when it is, in fact, amongst the least such poor corporate decisions that afflict our digital lives. The answer seems obvious: more people took notice of this issue, perhaps because it is illustrated by beautiful maps generated by iPhone Tracker, than of other more egregious threats to technology users’ privacy.
Only part of a bigger security problem with Apple
In the end, the central fact of the matter is that this data is stored on the device. While a concerted effort should be made by researchers to detect any potential transmission of that location data (or similar data) from an iPhone (or any other smartphone for that matter) without the user’s knowledge, the fact of a logfile storing such data on the device in and of itself is not the biggest security problem facing iPhone users. The fact that there is a file stored on the device that is accessible to users is peanuts beside the possibility that closed source software on the device — both iOS and the applications installed from the App Store — may be misbehaving in far more worrisome ways. Various other security issues have cropped up over the last few years that are much more problematic, such as the 2007 discovery that all iPhones used the same root password.
If I was willing to overlook all of that (aside from the network stability issues for which AT&T has become famous, the lack of a physical keyboard, and other shortcomings of the iPhone), I think the presence of a local log of the device’s physical movements that is not accessible without installing additional software, hands-on access to it, or a security compromise, would not concern me too much.
On the other hand, this revelation is yet another example of Apple’s poor record for thinking about the security and privacy implications of its system designs, and one more reason that I have no interest in getting an iPhone for personal use. Your mileage may vary — and now that iPhone Tracker has been released to the public, it is a trivial exercise to check that mileage.