comScore
Uncategorized Wednesday, April 20th 2011 at 1:47 pm

Your iPhone is Tracking Your Every Move

By ( ) Comments

U.K. researchers Alasdair Allan and Pete Warden have announced what has apparently been known in the digital security fraternity for some time: That your iPhone logs your movements and stores this data for extended periods of time.

Starting with iOS version 4, the researchers found that iPhones began logging and storing location information in a filed called “consolidated.db.” This file shows the user’s latitude and longitude, and is timestamped to the second. Troublingly, this information is not encrypted on the phone or on the iPhone backups made by iTunes. The file is also persistent, transferring itself to a new iOS device when the old one is replaced. Because data started to be logged in June 2010, the release of iOS 4, it is not known how long the data is stored.

The primary concern, beyond the fact that this data exists at all, is that is apparently not well protected. The data is not encrypted, and were a user’s device or computer to be stolen, the location information could be extracted with relative ease.

The purpose of this log is completely unknown. The researchers say that the data does not appear to be transmitted to a third party, at least not yet. They suggest that it could be a forthcoming feature from Apple, perhaps tied to their iAd software. As we’ve seen before, advertisers are keen to get location data, and Apple may be trying to better target the ads delivered to the phone. The researchers also point out that the geolocation information is not actually GPS data.

As far as we can tell, the location is determined by triangulating against the nearest cell-phone towers. This isn’t as accurate as GPS, but presumably takes less power. In some cases it can get very confused and temporarily think you’re several miles from your actual location, but these tend to be intermittent glitches.

This is the same method for location finding that Apple used in the earlier versions of the iPhone. From my experience with a faux-GPS iPhone, I can say that the information is not consistently accurate, but taken over time it the data can give an observer a clear picture of someone’s movements. Were I a paranoid person, I might think that part of the reason why the phone isn’t using the phone’s GPS capability is because that might be easier for researchers to spot.

Developing sophisticated profiles of people’s movements is a concern we’ve covered in the past. Using even rough location information, the habits of the user do emerge. To illustrate this point, Allan and Warden have released a desktop app for OS X that shows users a glimpse of the information stored in their phone. Accessing the iPhone backups on the computer, the app draws a map of the data. The image above was created using their app and the location data from my iPhone. You can see that in the past year, I traveled from coast to coast, and spent extended periods of time in California and Seattle. Also, my frequent trips to visit Michigan are clearly visible. You can also discern that I spend most of my time in New York — I live there — and used to spend a lot of time in Virginia — I used to live there.

The apps’ creators point out that in an effort to prevent intrusion by unwanted third parties, their app only shows the rough location information and only in discrete chunks. So while this map may be creepy, the data that it is derived from is far, far more disturbing in its size and accuracy. To protect themselves, users can opt to use encrypted backups through iTunes.

In their story on the unfolding debacle, the Guardian quotes from the terms and conditions for iTunes, which should have raised red flags. This was apparently buried toward the end of the 15,200-word document.

Apple and our partners and licensees may collect, use, and share precise location data, including the real-time geographic location of your Apple computer or device. This location data is collected anonymously in a form that does not personally identify you and is used by Apple and our partners and licensees to provide and improve location-based products and services.

Frankly, as a long-time iPhone user, reading the EULA in this context was a slap in the face.

Eventually, Apple will have to offer an explanation for why their devices are keeping careful tabs on users. They owe it to their users who were unaware that the devices they trust to carry their personal data were transmitting so much information without their knowledge.

UpdateApple releases a Q&A explaining the situation.

Filed Under |
  • Anonymous

    All mobile phones have been tracked (by cell location) since they first appeared on the market well over 20 years ago.

    The mobile providers AT&T, Verizon, Vodafone, Orange etc maintain a database by phone per cell location. This information is provided to police authorities in any criminal investigation. The data can help to exonerate any innocent suspect.

    It is clear from all the comments here, that there is a need to educate the majority of the General public who remain (voluntarily) ignorant of the technology that they have willingly adopted.

    This comment is authored by a Telecoms consultant who rejected an offer to head up Nokia UK in 1983.

  • Anonymous

    The “non Technical journalists” who are writing about Apple & Android smartphones have a total lack of comprehension about the issues.

    Many of the applications on these phones require knowledge of location in order to provide the user with requested information.

    All Mobile carriers – Vodafone, Orange, ATT, Verizon etc. maintain history log records for every mobile that identify the phone location by time and date. Such records are made available to Police enquiries in any criminal investigation. This applies to all mobile phones – not limited to smartphones.

    The sole issue relates to the on-phone storage of a long term database of tracking data. The reason for this is that many “Apps” downloaded by both Iphone and Android phone users have access to the internal files of the phone.

    The existence of a long term “location use” database maintained on the phone creates an opportunity for misuse of data by a wide number of “unauthorised” sources.

    This is THE ISSUE facing iphone owners, and the issue that Apple must satisfactorily answer.