Some security researchers have discovered that all iPhones with iOS 4 are apparently keeping a (presumably private) database of all your visited locations, which they've written an app to access and plot on a map. The brief and project is here: petewarden.github.com/iPhoneTracker/
I just ran this app. It works. (See also: gizmodo.com/5793925/your-iphone-is-secretly-tracki... ). It's more than mildly terrifying -- and completely insane. I'm not usually at such a loss for words, but I don't really know what comes next.
Discussion about
Your iPhone is secretly tracking -- and storing -- your location at all times.
Well, having seen it, why am I not surprised I see many elements of the boggerati taking a very measured stance to this (which is, in fact, the way to take it but that's beside the point)? If anyone else was doing it (even in the same way) these guys would be losing their minds, as can be seen from their previous output. Applezombies, sheesh.
As Apple puts more and more emphasis on "it just works" in the iOS era, I Wouldn't be surprised if this simply helps your device find your geolocation when you fire up your maps app or helps with getting directions quicker. Anecdotally, iPhones always seems to be quicker to figure out where they are compared to my Droid X.
The issue here is that it is an undocumented "feature" which leads too much to the imagination. Just remember, your iOS device doesn't phone home with this info, so it is only on your phone. I don't mean to be an Apple apologist, and for all I know there is no legit reason to keep this data on your phone, but there's no need to jump to conclusions either way.
The issue here is that it is an undocumented "feature" which leads too much to the imagination. Just remember, your iOS device doesn't phone home with this info, so it is only on your phone. I don't mean to be an Apple apologist, and for all I know there is no legit reason to keep this data on your phone, but there's no need to jump to conclusions either way.
What I wonder is if this is regardless of having the location features enabled or not. I know many people who disable location features for this very reason but I always thought they were just being a little worried about being tracked or something. I guess I was very wrong in my assumption that Apple only used location features for reasons that I allowed.
Also, I wonder what sort of use Apple thinks they can get out of such data without a major controversy on their hands.
Also, I wonder what sort of use Apple thinks they can get out of such data without a major controversy on their hands.
Best I can tell, the discovery of this database happened back in mid 2010. Tweakers (Dutch site) wrote about it in June 2010.
tweakers.net/nieuws/68127/apple-gaat-locatiegegeve...
There's even a 2010 book that goes into much more detail:
"IOS Forensic Analysis: for IPhone, IPad and IPod Touch" By Sean Morrissey.
Here's an interesting excerpt that demonstrates how the .db file can be used in crime investigations:
https://skitch.com/triixxy/r58r7/ios-forensic-anal...
Strange that Apple news like this could lie dormant for nine months. Shows the power of visualizations, I guess.
tweakers.net/nieuws/68127/apple-gaat-locatiegegeve...
There's even a 2010 book that goes into much more detail:
"IOS Forensic Analysis: for IPhone, IPad and IPod Touch" By Sean Morrissey.
Here's an interesting excerpt that demonstrates how the .db file can be used in crime investigations:
https://skitch.com/triixxy/r58r7/ios-forensic-anal...
Strange that Apple news like this could lie dormant for nine months. Shows the power of visualizations, I guess.
I think it's also good evidence of how insular the forensics community can be; unlike the security world, when it relates to issues of privacy it seems like maybe there's an incentive not go public with this stuff in the same way.
But yes, very weird indeed that this has been known by a select few and is just now coming to light.
But yes, very weird indeed that this has been known by a select few and is just now coming to light.
"You have actually given Apple permission, it's just tucked away in their Ts &Cs."
I actually think this is a rather weak argument that people are throwing around, especially considering that no one can be reasonably expected to read through 50 pages of a EULA. Just because something is in a license doesn't make it any less okay.
I actually think this is a rather weak argument that people are throwing around, especially considering that no one can be reasonably expected to read through 50 pages of a EULA. Just because something is in a license doesn't make it any less okay.
"Wonder how long til there is an app that constantly wipes this file for you?"
Already exists! If you jailbreak:
www.9to5mac.com/62952/jailbreak-utility-blocks-ios...
Already exists! If you jailbreak:
www.9to5mac.com/62952/jailbreak-utility-blocks-ios...
This is pretty crazy. I have location data being stored that's at least 6 months old, if not more so. There's location data from Boston, Austin, SF, LA, and even a layover in Las Vegas. It's crazy.
My map of the the Bay Area:
www.flickr.com/photos/rockbandit/5638263046/
Zooming in, the data seems much less accurate, which I thought was interesting. I wonder if it's logging cell tower locations for diagnostic purposes?
Zoomed in view of my data in San Francisco:
www.flickr.com/photos/rockbandit/5638278396/
EDIT: I'm a big idiot. Straight from the project's FAQ:
"To make it less useful for snoops, the spatial and temporal accuracy of the data has been artificially reduced. You can only animate week-by-week even though the data is timed to the second, and if you zoom in you’ll see the points are constrained to a grid, so your exact location is not revealed. The underlying database has no such constraints, unfortunately."
My map of the the Bay Area:
www.flickr.com/photos/rockbandit/5638263046/
Zooming in, the data seems much less accurate, which I thought was interesting. I wonder if it's logging cell tower locations for diagnostic purposes?
Zoomed in view of my data in San Francisco:
www.flickr.com/photos/rockbandit/5638278396/
EDIT: I'm a big idiot. Straight from the project's FAQ:
"To make it less useful for snoops, the spatial and temporal accuracy of the data has been artificially reduced. You can only animate week-by-week even though the data is timed to the second, and if you zoom in you’ll see the points are constrained to a grid, so your exact location is not revealed. The underlying database has no such constraints, unfortunately."
If I may put on my tinfoil hat for a second...I suppose that if your phone is ever used as evidence in an investigation against you, the authorities will discover that you took a little trip to the middle east while adventuring with your buddies last summer, and BOOM no-fly list for you.
EDIT: yes they'll track you with your passport but they don't know what towns you visit.
EDIT: yes they'll track you with your passport but they don't know what towns you visit.
It seems to me that individual privacy began to fade the minute electricity was turned on.
Many inventions: telephones, credit cards, cell phones, the internet not only provided more erosion to the notion of privacy, but also raised the granualarity of the infractions.
The issue it seems, is that the privacy infractions were either invisible or the dots never connected by individuals. Apps like Flury, log files like this one on iPhones become visible and at least temporary backlash occurs in the media.
Or is there more to this I am missing?
Many inventions: telephones, credit cards, cell phones, the internet not only provided more erosion to the notion of privacy, but also raised the granualarity of the infractions.
The issue it seems, is that the privacy infractions were either invisible or the dots never connected by individuals. Apps like Flury, log files like this one on iPhones become visible and at least temporary backlash occurs in the media.
Or is there more to this I am missing?
Well - read into this what you like. From All Things D, June last year:
His Jobsness: We've always had a very different view of privacy than some of our colleagues in the [Silicon] Valley. We take privacy extremely seriously.... A lot of people in the Valley think we're really old-fashioned about this...
The Man From WallSt Journal, He Say Yes (as long as it has an Apple logo): But aren't you also going to be moving more into cloud-based things? Doesn't that inevitably introd—
Jobs: No! Privacy means people know what they're signing up for, in plain English and repeatedly.... let them know precisely what you're going to do with their data. That's what we think.
His Jobsness: We've always had a very different view of privacy than some of our colleagues in the [Silicon] Valley. We take privacy extremely seriously.... A lot of people in the Valley think we're really old-fashioned about this...
The Man From WallSt Journal, He Say Yes (as long as it has an Apple logo): But aren't you also going to be moving more into cloud-based things? Doesn't that inevitably introd—
Jobs: No! Privacy means people know what they're signing up for, in plain English and repeatedly.... let them know precisely what you're going to do with their data. That's what we think.
I think that's where a lot of the backlash lay. Apple preaches user privacy and how they require all apps to receive user permission to use location data. Yet they still collect and store user location data for their own purposes (regardless of whether the intentions are decent or not) without explicit permission from the user.
I have stopped using my iPhone 4 as a phone permanently and I've pulled the SIM. I'll stick to my Nexus One till my Xperia Arc arrives.
It is just irresponsible of Apple to leave such data unencrypted on a person's hard disk, while also copying it to other devices synced with that PC when you restore one device using restore data from another device.
What I noticed is that the iPhone logs your location only when you have a SIM inserted. I went on a cross-border road trip a few months back, and to avoid roaming charges, I pulled the SIM from my iPhone. Guess what! In iPhoneTracker, there are no entries for the three weeks when I was on the road! There is plenty on location data before and after the road trip, including up to and from the border, but not during the road trip overseas where the iPhone didn't have a SIM in it.
I pulled the SIM instead of using airplane mode because the GPS doesn't seem to work in airplane mode, and I wanted to use Navigon for offline navigation.
It is just irresponsible of Apple to leave such data unencrypted on a person's hard disk, while also copying it to other devices synced with that PC when you restore one device using restore data from another device.
What I noticed is that the iPhone logs your location only when you have a SIM inserted. I went on a cross-border road trip a few months back, and to avoid roaming charges, I pulled the SIM from my iPhone. Guess what! In iPhoneTracker, there are no entries for the three weeks when I was on the road! There is plenty on location data before and after the road trip, including up to and from the border, but not during the road trip overseas where the iPhone didn't have a SIM in it.
I pulled the SIM instead of using airplane mode because the GPS doesn't seem to work in airplane mode, and I wanted to use Navigon for offline navigation.
By the way, what is the exact utility of such tracking data? Location data for serving advertisements is only supposed to useful when the request is made for the ad. There should be no use for it a few months down the road when you might be in a different city, or a different country.
Is Apple using cellular iOS devices as a bug to map out cell sites? If they have my approximate location, and signal strength of various cell sites around me, that would be invaluable data to do geolocation when GPS reception is poor. This is exactly what Skyhook and Google StreetView were doing, but with WiFi.
Is Apple using cellular iOS devices as a bug to map out cell sites? If they have my approximate location, and signal strength of various cell sites around me, that would be invaluable data to do geolocation when GPS reception is poor. This is exactly what Skyhook and Google StreetView were doing, but with WiFi.
follow this discussion
share:
Products mentioned
16 users following this discussion, including:
This discussion has been viewed 2399 times.
Last activity .