or Connect
AppleInsider › Forums › Mobile › iPhone › Researchers raise privacy concerns over location tracking in Apple's iOS 4
New Posts  All Forums:Forum Nav:

Researchers raise privacy concerns over location tracking in Apple's iOS 4

post #1 of 138
Thread Starter 
Security researchers have discovered that Apple's iOS 4 mobile operating system, found on both the iPhone and iPad, keeps a log of user's locations and saves the data to a hidden file on the device.

Peter Warden and Alasdair Allan revealed their findings on Wednesday, in which they discovered that both the iPhone and 3G iPad are "regularly recording the position" of the device and saving them in a hidden file. The data is restored through iTunes with backups, and even across device migrations.

The researchers have concluded that Apple's collection of the data is "intentional," and contacted the company's product security team in an effort to find out the company's reasoning. They did not receive a response.

"What makes this issue worse is that the file is unencrypted and unprotected, and it's on any machine you've synched with your iOS device," Allan wrote. "It can also be easily accessed on the device itself if it falls into the wrong hands. Anybody with access to this file knows where you've been over the last year, since iOS 4 was released."

Location data is stored to a file called "consolidated.db," which includes latitude and longitude coordinates and a timestamp. The researchers said that while the coordinates are not "always exact," they are "Pretty detailed."

"There can be tens of thousands of data points in this file, and it appears the collection started with iOS 4, so there's typically about a year's worth of information at this point," Allan wrote. "Our best guess is that the location is determined by cell-tower triangulation, and the timing of the recording is erratic, with a widely varying frequency of updates that may be triggered by traveling between cells or activity on the phone itself."



The researchers have also made it clear there is no evidence to suggest that the data is being sent to anyone. They have provided a public tool that allows users to look at their own stored location data.

For now, users can encrypt their backups through iTunes. This can be accomplished by connecting an iPhone or 3G iPad to a Mac or PC, clicking on the device within iTunes, and then checking the "Encrypt iPhone Backup" setting in the "Options" area.
post #2 of 138
Quote:
Originally Posted by AppleInsider View Post

Security researchers have discovered that Apple's iOS 4 mobile operating system, found on both the iPhone and iPad, keeps a log of user's locations and saves the data to a hidden file on the device. ...

Cue the Android hate-fest/shit-storm in 3, 2, 1 ...
post #3 of 138
I can see why some people might not like this but it doesn't bother me. In fact it could be rather handy if one ever found themselves unjustly accused of a crime they didn't commit. Where were you on the night of the 22nd? I can't remember...let me consult my iPhone. Of course it would be rather trivial to hack the file in the case you were actually guilty. But whatever...

Life is too short to drink bad coffee.

Reply

Life is too short to drink bad coffee.

Reply
post #4 of 138
This is old news from 2010... Too bad the people that "found" this file couldn't find a link to Google to find this information had already been disclosed by Apple.
post #5 of 138
Quote:
Originally Posted by mstone View Post

I can see why some people might not like this but it doesn't bother me. In fact it could be rather handy if one ever found themselves unjustly accused of a crime they didn't commit. Where were you on the night of the 22nd? I can't remember...let me consult my iPhone. Of course it would be rather trivial to hack the file in the case you were actually guilty. But whatever...

objection, circumstantial. the defendant could have left her phone at home while she was at the crime scene the night in question.

turning off location based services should turn off location based services, but this data comes from cell tower triangulation no matter what privacy you think you've set.
post #6 of 138
Quote:
Originally Posted by desarc View Post

... turning off location based services should turn off location based services, but this data comes from cell tower triangulation no matter what privacy you think you've set.

There is no evidence yet that I'm aware of that this file is saved if you have turned off location services.

I see no evidence so far that this file contradicts *any* privacy settings you have on the device.
post #7 of 138
Quote:
Originally Posted by desarc View Post

turning off location based services should turn off location based services, but this data comes from cell tower triangulation no matter what privacy you think you've set.

I had no issue with it but after DLing the app and having it automatically find the consolidated.db file in my iPhone backup and present a map timeline of my whereabout I found it a bit unsettling.

The app is rudimentary. Id like to see one where I have little dotted lines like Billy in Family Circus.
Dick Applebaum on whether the iPad is a personal computer: "BTW, I am posting this from my iPad pc while sitting on the throne... personal enough for you?"
Reply
Dick Applebaum on whether the iPad is a personal computer: "BTW, I am posting this from my iPad pc while sitting on the throne... personal enough for you?"
Reply
post #8 of 138
It's a new MobileMe service called: Find My girlFriend!
"...The calm is on the water and part of us would linger by the shore, For ships are safe in harbor, but that's not what ships are for."
- Michael Lille -
Reply
"...The calm is on the water and part of us would linger by the shore, For ships are safe in harbor, but that's not what ships are for."
- Michael Lille -
Reply
post #9 of 138
Well I am creature of habit according to this.
post #10 of 138
Quote:
Originally Posted by Dick Applebaum View Post

It's a new MobileMe service called: Find My girlFriend!

All you need is access to the access someone syncs their iPhone to iTunes and you know where they were. Of course, if you have access to their account they likely too worried about security.
Dick Applebaum on whether the iPad is a personal computer: "BTW, I am posting this from my iPad pc while sitting on the throne... personal enough for you?"
Reply
Dick Applebaum on whether the iPad is a personal computer: "BTW, I am posting this from my iPad pc while sitting on the throne... personal enough for you?"
Reply
post #11 of 138
Awesome! No more complaining from iFans about Privacy flaws in Android. It is unbelievable that Apple is doing such a thing intentionally. \
post #12 of 138
Quote:
Originally Posted by srathi View Post

Awesome! No more complaining from iFans about Privacy flaws in Android. It is unbelievable that Apple is doing such a thing intentionally. \

Because you honestly believe Google isn't doing the same thing? And then pulling that data from your phone? And then selling that information to the highest bidder in return for "personalized" ads?

The iPhone may be storing this data, but it is stored locally, and not seen by anybody or anything but the /private folder it was meant to stay in.

edit: And let's not forget that anybody with your phone number and access to Google Maps can figure out where you live, where you work, where your family lives, where they work... and so on. Let's not suddenly become naive and believe privacy is anything more than a politically correct term.
post #13 of 138
Quote:
Originally Posted by srathi View Post

Awesome! No more complaining from iFans about Privacy flaws in Android. It is unbelievable that Apple is doing such a thing intentionally. \

I bet you can't point out the "privacy flaw" that this indicates iOS has, without resorting to a heck of a lot of supposin'.
post #14 of 138
Quote:
Originally Posted by Prof. Peabody View Post

There is no evidence yet that I'm aware of that this file is saved if you have turned off location services.

I see no evidence so far that this file contradicts *any* privacy settings you have on the device.

This.
post #15 of 138
The results are none-to accurate. I'm reported to have been in places where I've never actually been, with the iPhone at least. Many miles away in fact. Presumably the iPhone snagged a cell tower far away from my exact location.

I found all of this interesting, but not the least-bit alarming. How my "privacy" has been invaded because my iPhone records very vaguely where I've been, is beyond my comprehension. Once again paranoia is its own reward.
Please don't be insane.
Reply
Please don't be insane.
Reply
post #16 of 138
Quote:
Originally Posted by srathi View Post

Awesome! No more complaining from iFans about Privacy flaws in Android. It is unbelievable that Apple is doing such a thing intentionally. \

Let us just review the facts for a minute:
  • Zero indication that this information is being sent anywhere including to Apple.
  • Getting this file would require access to your phone or a computer that you have sync'd to.
  • The gathering of this information has already been disclosed by Apple.

Now maybe apple could have encrypted this file, but once again it isn't being transmitted.

If you are worried about your computer that you are sync'd to then encrypt your backup. It is an option in iTunes.
post #17 of 138
Quote:
Originally Posted by EDemerzel View Post

Let us just review the facts for a minute:
  • Zero indication that this information is being sent anywhere including to Apple.
  • Getting this file would require access to your phone or a computer that you have sync'd to.
  • The gathering of this information has already been disclosed by Apple.

Now maybe apple could have encrypted this file, but once again it isn't being transmitted.

If you are worried about your computer that you are sync'd to then encrypt your backup. It is an option in iTunes.

Excellent points.
Dick Applebaum on whether the iPad is a personal computer: "BTW, I am posting this from my iPad pc while sitting on the throne... personal enough for you?"
Reply
Dick Applebaum on whether the iPad is a personal computer: "BTW, I am posting this from my iPad pc while sitting on the throne... personal enough for you?"
Reply
post #18 of 138
Quote:
Originally Posted by EDemerzel View Post

This is old news from 2010... Too bad the people that "found" this file couldn't find a link to Google to find this information had already been disclosed by Apple.

Yep or the fact that it only records that information when you allow location use. If you turn off location services it records nothing.

It requires access to your phone. Or the machine you sync to. Doubtful that is going to happen to to many folks.

And every smart phone likely does this kind of recording.
post #19 of 138
Quote:
Originally Posted by Dr Millmoss View Post

The results are none-to accurate. I'm reported to have been in places where I've never actually been, with the iPhone at least. Many miles away in fact. Presumably the iPhone snagged a cell tower far away from my exact location.

I found all of this interesting, but not the least-bit alarming. How my "privacy" has been invaded because my iPhone records very vaguely where I've been, is beyond my comprehension. Once again paranoia is its own reward.

did you read anything about the app you were using? the app intentionally will not show data as accurately as it is being collected in an unencrypted file on your phone.
"One note, if you zoom in on the map, you'll see the points falling into a grid pattern -- the researchers added this as a deliberate limitation in their program. The underlying data is more accurate than the tool shows, to prevent their demo app itself being used for malicious purposes."
post #20 of 138
Seems like there's a simple solution then. If the data isn't being harvested/used by Apple, and they haven't given permission for any apps or carriers to access it either, then Apple should simply remove the file from the OS. It doesn't serve any purpose as far as anyone knows?
melior diabolus quem scies
Reply
melior diabolus quem scies
Reply
post #21 of 138
I would be curious to know if remote wiping the phone deletes this file?
post #22 of 138
Quote:
Originally Posted by Prof. Peabody View Post

Cue the Android hate-fest/shit-storm in 3, 2, 1 ...

You mean cue the Apple excuse makers?

This has nothing to do with Android, and your first comment here is a clear attempt to divert the topic off course into a flame war.

What the hell is wrong with you? jk i already know
post #23 of 138
Can't apologize this one away - it is what it is... Government spying on its citizens.

Apple products are going to be re-branded by the public replacing the 'I' with 'spy'.

At least now there is some transparency on why Obama and SJ met. Obama has been pushing for more warrantlees domestic spying powers. What better way to get people to willfully, and unexpectedly, participate then to plant it in coveted technology.

Last straw for me. Sold.
I don't invest in unethical stocks.

I know this post is going to get trashed - I also know that regardless of what the usual apologists say, deep down it's bothering their conscious. There has to be a point where freedom and liberty are valued more then profit. Some cross that line before others I guess.

This is no random mistake. This is very intentional. As soon as Obama gets the go-ahead for warrantless wi-fi and cellular spying - this data will be collected and used.
post #24 of 138
Quote:
Originally Posted by Dr Millmoss View Post

The results are none-to accurate. I'm reported to have been in places where I've never actually been, with the iPhone at least. Many miles away in fact. Presumably the iPhone snagged a cell tower far away from my exact location.

I found all of this interesting, but not the least-bit alarming. How my "privacy" has been invaded because my iPhone records very vaguely where I've been, is beyond my comprehension. Once again paranoia is its own reward.

Exactly. The location data stored in the file isn't the user's actual location, it's a bunch of reference points from cell tower/wifi signal readings when user requests a location service. Any particular timestamp will have many location points since the device can detect wifi/cell signals over a wide radius. Thus, all the data shows a broad area where a location request was made.

The actual location is determined by an algorithm that looks up all these data points from the table to estimate an accurate location. Apple used to have to send that information to Google to calculate.
post #25 of 138
Quote:
Originally Posted by srathi View Post

Awesome! No more complaining from iFans about Privacy flaws in Android. It is unbelievable that Apple is doing such a thing intentionally. \

BS, privacy flaws are privacy flaws. Just because this exists on a competing platform doesn't mean the complaining should stop.

I mean, fanboys are illogical, but I don't think anyone's going to say "Well if Apple's doing it, then it's ok for Android to have similar issues."
post #26 of 138
Quote:
Originally Posted by Mode View Post

Can't apologize this one away - it is what it is... Government spying on its citizens.

Apple products are going to be re-branded by the public replacing the 'I' with 'spy'.

At least now there is some transparency on why Obama and SJ met. Obama has been pushing for more warrantlees domestic spying powers. What better way to get people to willfully, and unexpectedly, participate then to plant it in coveted technology.

Last straw for me. Sold.
I don't invest in unethical stocks.

I know this post is going to get trashed - I also know that regardless of what the usual apologists say, deep down it's bothering their conscious. There has to be a point where freedom and liberty are valued more then profit. Some cross that line before others I guess.

This is no random mistake. This is very intentional. As soon as Obama gets the go-ahead for warrantless wi-fi and cellular spying - this data will be collected and used.

You're going to pin this on Obama?
post #27 of 138
Would you change your mind about the tracking database being 'no big deal' if you were subjected to this? http://news.cnet.com/8301-17938_105-20055431-1.html
post #28 of 138
That would be a great tool for forensic police !
post #29 of 138
To be fair, I was more than a little surprised Monday to see that President Obama is asking the Supreme Court to quickly rule that warrant-less GPS tracking is permissible. According to the Administration there is no expectation of privacy when traveling outside of your home.
melior diabolus quem scies
Reply
melior diabolus quem scies
Reply
post #30 of 138
People, give https://oo.apple.com a try (you must go there with your iOS 4 device). According to Apple this opts you out of using your personal data for use for iAds. One Apple support superior reportedly gave out this advice after being confronted with this new application that shows your locations.
post #31 of 138
Quote:
Originally Posted by GizmoPunk View Post

Would you change your mind about the tracking database being 'no big deal' if you were subjected to this? http://news.cnet.com/8301-17938_105-20055431-1.html

Ho lee shit. There's no way they'll be able to do that for long. That is seriously fucked.
post #32 of 138
Isn't Apple supposed to make some kind of announcement today? I can't remember what it is off the top of my head...
Snarky Mac commentary, occasionally using bad words.
themacadvocate.com
Reply
Snarky Mac commentary, occasionally using bad words.
themacadvocate.com
Reply
post #33 of 138
Quote:
Originally Posted by Mode View Post

Can't apologize this one away - it is what it is... Government spying on its citizens.

Apple products are going to be re-branded by the public replacing the 'I' with 'spy'.

At least now there is some transparency on why Obama and SJ met. Obama has been pushing for more warrantlees domestic spying powers. What better way to get people to willfully, and unexpectedly, participate then to plant it in coveted technology.

Last straw for me. Sold.
I don't invest in unethical stocks.

I know this post is going to get trashed - I also know that regardless of what the usual apologists say, deep down it's bothering their conscious. There has to be a point where freedom and liberty are valued more then profit. Some cross that line before others I guess.

This is no random mistake. This is very intentional. As soon as Obama gets the go-ahead for warrantless wi-fi and cellular spying - this data will be collected and used.

What is it you think Jobs and Obama were talking about at that technology innovators' dinner? THEY WERE SITTING RIGHT NEXT TO EACH OTHER!!

/cue string crescendo
Snarky Mac commentary, occasionally using bad words.
themacadvocate.com
Reply
Snarky Mac commentary, occasionally using bad words.
themacadvocate.com
Reply
post #34 of 138
This should concern us all. It is negligence on Apples part for failing to inform users that their location is being tracked and logged. It is also bad that they are not securely storing that information. This needs to be explained by Apple ASAP.
post #35 of 138
Quote:
Originally Posted by EDemerzel View Post

[*]The gathering of this information has already been disclosed by Apple.

This is not true based on all the reports I've read.
post #36 of 138
Quote:
Originally Posted by chronster View Post

Ho lee shit. There's no way they'll be able to do that for long. That is seriously fucked.

One can only hope..
post #37 of 138
This reminds me of when a bud was reviewing photos on his phone, and inadvertently clicked "Places"--there it was, every location where he ever took a photo was plotted out on a map. Kinda cool, kinda scary, kinda documented.

I, for one, can't wait to get home and back up my phone so I can make that animation myself. Home...work...home...work...gas station...thrift store...home...work...geeking out over this one.
post #38 of 138
Quote:
Originally Posted by EDemerzel View Post

Let us just review the facts for a minute:
  • Zero indication that this information is being sent anywhere including to Apple.
  • Getting this file would require access to your phone or a computer that you have sync'd to.
  • The gathering of this information has already been disclosed by Apple.

Now maybe apple could have encrypted this file, but once again it isn't being transmitted.

If you are worried about your computer that you are sync'd to then encrypt your backup. It is an option in iTunes.

The point is that the data is in an unencrypted file. I don't think apple did that on purpose. I found where they acknowledged that they were collecting it:

http://markey.house.gov/docs/applema...ton7-12-10.pdf
The AI article: http://www.appleinsider.com/articles...s_privacy.html

(their response to the government's question on the matter) and how they strongly value user's privacy (which they most likely do) Which makes this error a bigger deal.

Whenever a bank app (or something similar) has a similar issue (storing data without encryption) it's a BIG DEAL because it's not encrypted. In that case, you would also still need access to the phone, but it's still easily accessible if someone does.

Again, I am not calling Apple out on this. I'm pretty sure it was just a mistake on their part and they'll have a firmware update to fix it soon enough. But Having your location data (even IF you gave consent to have that location data tracked by apple) available in an unencrypted file does warrant discussion, and it's not something anyone should be ok with.
post #39 of 138
Quote:
Originally Posted by desarc View Post

did you read anything about the app you were using? the app intentionally will not show data as accurately as it is being collected in an unencrypted file on your phone.
"One note, if you zoom in on the map, you'll see the points falling into a grid pattern -- the researchers added this as a deliberate limitation in their program. The underlying data is more accurate than the tool shows, to prevent their demo app itself being used for malicious purposes."

Yes indeed, I did read that. Perhaps I understood it and you did not. The grid jitter appears to be a couple of miles at most, so this does not account for recorded locations tens of miles away from places where I have actually been. In any event, the impact on my "privacy" has not been explained by anyone.
Please don't be insane.
Reply
Please don't be insane.
Reply
post #40 of 138
Quote:
Originally Posted by chronster View Post

You're going to pin this on Obama?

Do your homework before you make yourself look like more of a moron.

http://www.wired.com/threatlevel/201...ps-monitoring/
New Posts  All Forums:Forum Nav:
  Return Home
  Back to Forum: iPhone
  • Researchers raise privacy concerns over location tracking in Apple's iOS 4
AppleInsider › Forums › Mobile › iPhone › Researchers raise privacy concerns over location tracking in Apple's iOS 4