Log in

View Full Version : No Big Surprise: iPad 3G and iPhone Tracking and Recording Location


Michael Knutson
04-20-2011, 05:30 PM
<div class='os_post_top_link'><a href='http://radar.oreilly.com/2011/04/apple-location-tracking.html' target='_blank'>http://radar.oreilly.com/2011/04/ap...n-tracking.html</a><br /><br /></div><p><em>"Today at Where 2.0 Pete Warden and I will announce the discovery that your iPhone, and your 3G iPad, is regularly recording the position of your device into a hidden file. Ever since iOS 4 arrived, your device has been storing a long list of locations and time stamps. We're not sure why Apple is gathering this data, but it's clearly intentional, as the database is being restored across backups, and even device migrations."</em></p><p><img src="http://images.thoughtsmedia.com/resizer/thumbs/size/600/at/auto/1303316674.usr17748.jpg" style="border: 1px solid #d2d2bb;" /></p><p>Another tempest in a teapot. This article is based on information discussed back in January 2011 in Forensic Focus ( <a href="http://www.forensicfocus.com/index.php?name=Forums&amp;file=viewtopic&amp;t=7012" target="_blank">http://www.forensicfocus.com/index.php?name=Forums&amp;file=viewtopic&amp;t=7012</a> ), and is really not a new discovery. iDevices contain a file called consolidated.db, with a time stamp and location coordinates (but no personally identifiable data) saved. This file is maintained and is possibly used for location services and could be how "Find my iPhone" works. I wonder if the authors understand that location services don't work by magic, but rely on collecting and recording your location. Clearly their recommendation that iDevice backups be encrypted (with a strong password) is a good suggestion, but their implication that something sinister "may" be happening smacks of paranoia to me.&nbsp;</p>

Vincent Ferrari
04-20-2011, 08:58 PM
Okay... Whoa...

1. I agree that this is a bit of paranoia, but that's usually the case anytime you find the word "location" or "privacy" in a story these days.

2. This has nothing to do with location services. Location services read the data off your GPS radio and get assistive data from the cellular radio. It's not done by querying off a database; it's done on the fly as-needed. If the phone needs the info and then is done with it, the info should be erased. There's no reason to keep a running trail of that data for all eternity anywhere. Ever.

Is this overblown? To a degree, but I have to be honest, I don't like the idea that all this data has been tabulated and stored without my knowledge. Even though I make use of GPS services, I see no need to have my entire history of every cellular tower checkin I've ever made a: on my phone and b: backed up to the computer I sync it with! That's just effin' ridiculous.

Jason Dunn
04-21-2011, 02:52 AM
Yeah, I'm with Vinny on this one - I think it should be up to the user to opt in/out for ALL location based services. Tracking all this info, and keeping it permanently, isn't cool.

Lee Yuan Sheng
04-21-2011, 04:16 AM
Is this overblown? To a degree, but I have to be honest, I don't like the idea that all this data has been tabulated and stored without my knowledge. Even though I make use of GPS services, I see no need to have my entire history of every cellular tower checkin I've ever made a: on my phone and b: backed up to the computer I sync it with! That's just effin' ridiculous.

It's more than that. I'm pretty sure your telco has a copy of such data based on cell towers. They need to know where you phone is to facilitate the handing over/taking over between towers. So yes, there's a part C to your statement.

PS. Doesn't Windows Phone 7 do something like this if you switch on the "Track My Phone" feature?

Vincent Ferrari
04-21-2011, 12:08 PM
It's more than that. I'm pretty sure your telco has a copy of such data based on cell towers. They need to know where you phone is to facilitate the handing over/taking over between towers. So yes, there's a part C to your statement.

I expect my carrier to have that. For brief intervals, I expect my phone to have it. Yesterday I ran this app and was able to go back to day one of when I bought my iPhone 4 and see all the locations I've ever been. There is no justifiable reason for that information to permanently reside on my phone or on the computer it's sync'ed to. If you want to make the case that it's there temporarily, I can even live with that, but September of last year through yesterday is not temporary.

Nothing is going to convince me this is logical or reasonable.

I'm not worried about tracking; I'm aware of this business after working in it for 14 years, and I know the things we do and why we do them, and I fully expect that information to be stored somewhere where even authorities can access it via a proper warrant (or a PEN Register Request). I'm not comfortable with it around and accessible in the fashion it is as of today, and even less comfortable with the fact that it's that accessible without my knowledge.

Brad Adrian
04-21-2011, 12:43 PM
I agree that as a user I should be allowed to opt in or out whether I want this info retained. But like others have said, I'm savvy enough (barely) to know that my mobile phone can track my location and store info that I might not realize it's storing. That knowledge alone has kept me from making more than one bad decision on a late Saturday night. ;)

That said, though, I also disagree with the way the press continues to handle this topic. It's like a piece of spam from Nigeria: The story keeps rearing its ugly head from time to time, and everybody goes crazy every time it does.

As far as I'm concerned, mobile carriers and manufacturers are like teenagers... It's okay to go ahead and love them and let them into your lives, but you better be aware of the havoc they can leave in their wake.

Michael Knutson
04-22-2011, 06:02 AM
... just read a report from Reuters that Android and iOS platforms are both collecting this data for potential use in location services (as I wrote earlier) ... and phoning home at intervals. I set encryption on for backups, and the current tracking/mapping apps have nothing to report for my iPhone4 and iPhone3GS.

( Apple, Google tap phone location data: WSJ - Yahoo! News (http://news.yahoo.com/s/nm/20110422/tc_nm/us_apple_google_privacy) )

Jason Dunn
04-22-2011, 07:31 PM
But like others have said, I'm savvy enough (barely) to know that my mobile phone can track my location and store info that I might not realize it's storing. That knowledge alone has kept me from making more than one bad decision on a late Saturday night. ;)

Sure, we all know that - you turn off your phone and but it would NEVER occur to me that the phone was keeping a PERMANENT record of this data. Keeping a record of where I was six months ago isn't a location based "service" - it's location tracking and shouldn't be something beyond the realm of my control as the owner of the phone.

I for one fully get the outrage over this - there should be a decay time on all location based tracking services (seven days or something similar).

Lee Yuan Sheng
04-22-2011, 10:17 PM
I'm not worried about tracking; I'm aware of this business after working in it for 14 years, and I know the things we do and why we do them, and I fully expect that information to be stored somewhere where even authorities can access it via a proper warrant (or a PEN Register Request). I'm not comfortable with it around and accessible in the fashion it is as of today, and even less comfortable with the fact that it's that accessible without my knowledge.

So you're alright with the phone company keeping tracking data that could be even older than the phone, but not the phone itself?

Dyvim
04-25-2011, 11:25 AM
Yeah, I'm with Vinny on this one - I think it should be up to the user to opt in/out for ALL location based services. Tracking all this info, and keeping it permanently, isn't cool.
To be fair, location services ARE opt in/out for all iOS apps. Each app queries you for permission the first time it wants to use your location, and there's an icon that appears in your status bar when location services are activated, and via Settings you can see a list of all apps that have used location services in the previous 24 hours. That part I believe Apple has gotten right.

But I totally agree that there's no reason for Apple to store a permanent record of location data, esp. without user consent or even informing them of it. I've read that this may in fact be a programming bug- they write location data to the db, but didn't implement the part that clears out the older entries. Anyway, I'm hoping this is addressed in the next OS build. Until then, make sure your backups are encrypted (which they should be anyway as they contain a lot more sensitive info than just your location).

Jason Dunn
04-25-2011, 07:13 PM
To be fair, location services ARE opt in/out for all iOS apps. Each app queries you for permission the first time it wants to use your location, and there's an icon that appears in your status bar when location services are activated, and via Settings you can see a list of all apps that have used location services in the previous 24 hours. That part I believe Apple has gotten right.

Hmm. I was getting the vibe that this data was being recorded regardless of what your location settings were - that it was a device-wide thing rather than being attached to a particular app. There was mention of it tracking and keeping every WiFi network that it ever got within range of; I don't think that's something that the user can control. If the user says no to EVERY location based service and this data is not tracked, then that's OK. I'm not convinced that's how it works though...

Dyvim
04-25-2011, 07:17 PM
Hmm. I was getting the vibe that this data was being recorded regardless of what your location settings were - that it was a device-wide thing rather than being attached to a particular app. There was mention of it tracking and keeping every WiFi network that it ever got within range of; I don't think that's something that the user can control. If the user says no to EVERY location based service and this data is not tracked, then that's OK. I'm not convinced that's how it works though...
I believe you're correct- this data is recorded even if all Location settings are off.

Sven Johannsen
04-27-2011, 04:17 AM
.....and even less comfortable with the fact that it's that accessible without my knowledge.What makes you believe that? I haven't seen anywhere that it says this data goes anywhere except onto your own PC during backups. Haven't seen anywhere indicated that any program has access to it. I certainly haven't read everything on it. If it is accessible willy-nilly without your knowledge, is that likely not the case with a lot of the data on the phone?

Maybe there should be some acknowledgement/user agreement upfront and the option of sundowning the data at a users timetable, but it doesn't seem like Apple is sucking all this data down for sale or posterity. It doesn't seem like the data is freely available to whatever developer wants to exploit it either.

I think this is way overblown, given my understanding it is logging it on my phone, and only backing it up to my PC.

Jason Dunn
04-27-2011, 04:27 AM
What makes you believe that? I haven't seen anywhere that it says this data goes anywhere except onto your own PC during backups. Haven't seen anywhere indicated that any program has access to it.

Think about the combination of phone loss + identify theft though. It's just not right that all your movements are permanently tracked by the phone with no user override or deletion option.