if you're that worried turn the ****in phone off
A quote here from slash dot forum:
There's a lot of stuff thats being reported about this that is somewhere between sensationalist and wrong. The "researchers" who published this have been pretty sloppy in what they are claiming. I've helped out police forces with using extracting and trying to use this data, over a number of years so I've a reasonably good idea what is there and what isn't.The data is not new to iOS 4, it has been there at least back to iOS 2, its just the name of place that it is stored is different.
This existence of this data isn't secret, the use of this data is the subject of a session for Apple Developers at the World Wide Developers Conference each year - usually something like "Using Location Services in iOS" or similar in title.
The location data is not the GPS location of the user, it is the location of cell towers the phone can see. All the location data is time stamped, and stamped with the carrier network ID, and the ID of the individual and there's no way you can be in 3, or 6, or 9 different locations at the same time. Depending on how many cell towers were visible, all this tells you is that the phone was within maybe a few km, but up to 25-50km of the tower. If you then take that data and use it to triangulate the users location, you'd typically get a location that was at best accurate to a bit under 1km, and more likely a few km.
The collecting of the data isn't continuous, it appears to be event based. Anecdotally - the phone waking from sleep and reconnecting to the carrier network appears to be one of the events, as is rebooting the phone, and re-connecting to the carrier's network when you come out of a dead spot. It seems plausible, that it may also be snapshotted every time Location Services is fired up, eg by launching the Maps App and consenting to use of location services. That pattern of even driven acquisition would explain the differences that various people out there on the net report.
Similar data is also being tracked and logged by the carrier, but in their case, its harder to get to as it is sitting on carrier systems on their internal network. That is true for all phones. In this case, the data is pretty easy to get to if you have physical possession of the phone.
Thats good enough to tell that you actually went off to Hawaii with your mistress when you told your wife you were going on a work trip to California, but for most people , most of the time, it will only be pretty vague as to where they where - knowing that you are in Baltimore when thats where you live and work isn't that big a revelation.
If the user of the phone opts out of Location Services, the file isn't updated. This is done from Settings.
Like all files that need to be read/written in the background by the system, its always readable to root - it isn't readable (directly) to Apps , although they benefit from it indirectly by Location Services calls responding faster. If you jailbreak your phone, then Apps can read this data and transmit it for their own purposes.
Files in that data protection class can be recovered off the filesystem over USB tether. Technically it is encrypted, but the encryption is really only of use for a fast remote wipe of the device, and it isn't being encrypted in a class that increases the security of the data.
It does reside in the backup, so thats certainly a good reason to always encrypt your iPhone backups and use a strong passphrase for them.
Apple has also been clear in its earlier deposition response as to how user location data is anonomised when it is collected.
Its entirely possible that the persistence of the file is actually a bug - I can see why it would be useful to cache it for a few days to maybe a month at the high end, but back to the start of the epoch seems excessive. In my view its the persistence of the file thats the biggest issue. That not hard for them to fix.
So its bad, but its nowhere near as extreme a situation as what some people are saying.
Just for those silly enough to think it was just apple, google are also at it, although it does seem that google goes a step further and actually uploads the data for their own uses.
Yep, more in The Guardian on Friday:
Android phones, which run on software written by Google, collect the location data every few seconds and store it in a local file, but also [u]transmit it to Google several times an hour[/u].This functionality is almost certainly used in any phone that provides mapping services, meaning that similar files will exist in some form on all smartphones, including those from Nokia and BlackBerry-maker RIM. It is not known whether these models synchronise data from the phone to the companies' servers as well as storing it locally on the handset.
Sources familiar with Google's systems said the location data was used to help the phones orient themselves by identifying nearby mobile phone masts and wi-fi sources and comparing them with Google's own database, with which they are synchronised continually. The file is also updated so that if the mobile signal is interrupted – for example when the user is on a train and goes into a tunnel – it will be able to re-establish contact more quickly by knowing which towers are in the vicinity.
-- http://www.guardian.co.uk/technology/2011/apr/22/iphone-android-location-based-services
On the face of it this seems far worse than the apple one, but no doubt it will get considerably less press.
Really depends whether it's retained in any way by google, doesn't it? (though I wouldn't be suprised if it is...) - just uploading and responding doesn't really matter - only if they link it to your personal info and then keep hold of that.
Sounds like they need to ship logrotate to iOS more than anything, but the whole thread is worth it for the tinfoil hat link, thanks Cougar 🙂
iPhone tracking not news, not unique, and not ominous
Posted on Tuesday Apr 26, 2011 5:45 AM
by Tony Bradley , PCWorld
Editor’s Note: The following article is reprinted from the Today @ PC World blog at PCWorld.com.The revelation that Apple iOS devices track your location is not really news, it’s not unique to Apple, and the information gathered doesn’t really have the ominous Big Brother implications it might suggest.
Apparently, the sky is falling. Security researchers presented findings that Apple mobile devices are gathering and storing data on your every move throughout the day, and that news has sparked a virtual panic among the media and privacy advocates.
The thing is, though, that this isn’t really news. Another team of researchers had already conducted an extensive investigation of the types of data that are stored on iOS devices. The findings were presented in January at the 2011 44th Hawaii International Conference on System Sciences, and the paper is available as an IEEE publication. The consolidated.db file that stores the information is even mentioned in a book written by these researchers which was published in December of 2010.
Granted, the Hawaii International Conference on System Sciences isn’t exactly a mainstream event, the general public doesn’t keep current on IEEE publications, and a book titled iOS Forensic Analysis isn’t likely to make the New York Times Best Seller list—so it is understandable that this research managed to stay off the radar. However, another reason that the data stored on iOS devices should not be news is that Apple already told Congress last summer that it was gathering this information to build a database of cell tower and Wi-Fi hotspot locations.
Not only is the fact that Apple is collecting location data not news, but Apple is not the only “culprit” doing so. Google’s Android mobile operating system also monitors and logs user location data. For that matter, your wireless provider also has a database that can identify which cell tower your mobile device was connected to at a given time.
Don’t panic, though. In most cases, the data is virtually useless for identifying your actual whereabouts. I know because I have tried out the AT&T Family Map “tracking” service, and discovered firsthand just how inadequate the information is. Tracking information based on actual GPS coordinates would be valuable, but cell tower tracking only places your location within a square mile or two. I quit the service because I already knew my kids were somewhere within a square mile or two. What I wanted to know is where they were specifically within that square mile.
I also found that cell tower location data is not helpful for apps like DataMan that log where your iOS device was when it consumed data. While sitting in one place in my house, the DataMan app managed to log my location at three or four different locations that were blocks apart from one another.
So, let’s recap. The news that Apple iOS devices store location information is not a revelation, the location tracking activity is not unique to Apple, and even if you delivered the database file to a stalker or cyber criminal on a silver platter wrapped in a red bow they would essentially only be able to determine that you are somewhere within the city limits.
Good to see your really fighting to shake off that fanboi Apple-zealot tag there CountZero 🙂
