The iPad 3G and iPhone Track Your Every Movement: Researchers

The iPad 3G and iPhone Track Your Every Movement: Researchers

Security researchers have discovered that iOS devices have been saving the locations of users' devices at regular intervals, and storing them in an unencrypted, though hidden file. The data includes locations and time stamps, and is apparently intentional: the database is backed up, and restored across backups, and even onto a new device if a prior one is replaced.

The fact that it's backed up also means its stored on your computer via iTunes when it does a backup, means that for many, it's also on their computer in unencrypted form. A first step for any users of iDevices to take is to check the checkbox in iTunes that encrypts your backups. Based on the longevity of the data stored, the researchers, Pete Warden and Alasdair Allan, believe the data gathering to have begun in iOS 4.

Allan and Warden were to present their findings at the Where 2.0 conference in San Francisco on Wednesday. The file, "consolidated.db," contains latitude-longitude coordinates along with timestamps. It's unclear how the coordinates are generated, and the timing of the records appears erratic. Warden and Allan theorize that the updates are triggered by traveling between cells or device activity.

The researchers also checked other platforms. Warden said,
"Alasdair has looked for similar tracking code in [Google's] Android phones and couldn't find any. We haven't come across any instances of other phone manufacturers doing this."
Since the file is moved across devices and backed up and restore, the researchers believe there might be some still unreleased feature in mind:
"Apple might have new features in mind that require a history of your location, but that's our specualtion (sic). The fact that [the file] is transferred across [to a new iPhone or iPad] when you migrate is evidence that the data-gathering isn't accidental."
The data does not seem to be transmitted to Apple itself, but the fact that it is on stored on the phone means anyone with the means can look at it, if the phone is lost.

[In fact, the researchers provided a Mac OS X tool to examine your backups and look at the data (here)]

Most don't believe Apple is attempting to track users' info for malicious purposes. Rather, as Simon Davies, director of the pressure group Privacy International, said:
"The absence of notice to users or any control option can only stem from an ignorance about privacy at the design stage."
Davies also added,
"This is a worrying discovery. Location is one of the most sensitive elements in anyone's life – just think where people go in the evening. The existence of that data creates a real threat to privacy."
It's unclear, actually, if the disclosure of this stored location information was not made clear by Apple previously. In a letter to two Congressman dated July of last year, Apple discussed the location-based information they gathered.

Clearly, however, Apple didn't detail the fact that they were storing the information "in the clear" (unencrypted) or that it was backed up onto computers when an iDevice was synced. They also did not indicate that there (apparently) is no limit to the length of time such data is stored. While this is obviously going to cause privacy concerns, Apple and other smartphone vendors all have provisions in their Terms of Service that allow for them to track users' locations. The issue in this case, really, is the "in the clear" nature of the data, as well as the fact that Apple didn't "really" tell anyone about the file.

In the following video, Allan and Warden discuss how the file was discovered and examine the data contained in the file.

0
+ -

Whatever it's used for, I shudder at the malicious potential for it.

I don't own an iPhone per say so I can't speak out for the millions but I fear the repercussions that come with unknowingly letting Apple track your every move.

0
+ -

it has no official use yet. but there are harvest and havestcounts tables in the database file. lookin as if it would be able to be harvested by forensic analyzers and other means.

0
+ -

That was pretty shocking. I hope this opens up the forum, i'd like to hear apple's response.

is it possible to for a jailbroken iOS to remove that feature?

0
+ -

not yet. I mapped out my data yesterday. Pretty creepy, It has my wrong turn mapped out on a trip to chicago i took.

Weird thing tho, is it didnt get my trip to florida. I have heard other reports as well as it doesnt pick up locations in the south, either the program or apple.

EDIT: There is a jailbroken app: http://gizmodo.com/#!5794369/ispy-conspiracy-break-apples-secret-tracking-with-this-app

0
+ -

Another (multi-platform) option for exploring your backups is iphoneanalyzer (http://www.crypticbit.com/zen/products/iphoneanalyzer)

+1
+ -

yet another reason not to buy apple

0
+ -

gizmodo reached out to apple, google, and microsoft.

Google declined to comment about tracking in android software. Apple hasnt yet, but microsoft said something

0
+ -

I am not surprised by this at all. Technology affords so many great things but there are drawbacks. How many of us truly read the terms of agreement before adding a new game or application to our computers.

There used to be a uproar about cookies that I remember when the internet was first being established and now nobody complains about that. It is a gray area because everybody accepts/signs the contract without reading it. Personally I would be upset but probably keep using it as long as I could turn it off.

0
+ -

it has no documented use. nothing, that i know of, calls the file. I personally have had "location" off since I got the phone for this very reason. But speculation is that it uses tower signals to triangulate a position as opposed to using the the built in gps. so you can't turn it off.

I completely agree with you, but this case is very different.

0
+ -

Could it be they use this info for the app that lets you know where your phone is when it's lost?

Still creepy to know this is going on though, especially since it's unencrypted.

+1
+ -

Hey Taylor if your shuddering at these facts look at these http://www.mydroidandme.com/news/michigan-police-being-questioned-for-extracting-smartphone-data . Not only is big brother already watching you on cams everywhere they are also privy or will be soon to all your data period. I need to check out smart phones to make sure they don't have 666 in them somewhere.

+1
+ -

NWO BABY!

0
+ -

I was reading about this on a diff site, pretty crazy stuff. I like that those guys made a program to look at the data tracking. I'm glad to hear that the other os's aren't doing the same.

0
+ -

Well i have always had it encrypted on my computer, but seeing you can't do that with the file on your phone... What has this world become? privacy is no longer available, thing is, are we asking for it with all this technology???

+1
+ -

no surprise here

saw this yesterday .just read a few sentences & same answer

no surprise it says that the tracking info :

"Apple and other smartphone vendors all have provisions in their Terms of Service that allow for them to track users' locations."

OK done.

0
+ -

Big brother is watching...

0
+ -

I always assume I'm being watched, recorded or tracked wherever I go. This way I'm not surprised when I find out it was true Big Smile

0
+ -

I always assume I'm being watched, recorded or tracked wherever I go. This way I'm not surprised when I find out it was true Big Smile

Login or Register to Comment
Post a Comment
Username:   Password: