Congressman, Senator Seek Answers From Steve Jobs About iOS Tracking File - HotHardware
Congressman, Senator Seek Answers From Steve Jobs About iOS Tracking File

Congressman, Senator Seek Answers From Steve Jobs About iOS Tracking File

As the furball around a recently publicized hidden iOS location tracking file continues to expand, both a senator and a congressman have sent separate letters to Apple CEO Steve Jobs, asking about the file and why it is unencrypted. At the same time, it seems the discovery is not a discovery after all.

Sen. Al Franken (D-MN), sent a letter dated Wednesday, April 20 to Apple CEO Steve Jobs (.PDF), in which he said (in part):
[...] because the data is stored in multiple locations in unencrypted format, there are various ways that third parties could gain access to this file. Anyone who finds a lost or stolen iPhone or iPad or who has access to any computer used to sync one of these devices could easily download and map out a customer's precise movements for months at a time. It is also entirely conceivable that malicious persons may create viruses to access this data from customers' iPhones, iPads, and desktop and laptop computers. There are numerous ways in which this information could be abused by criminals and bad actors
Franken also asked the following questions, of which it would be interesting to see an official Apple response:
  1. Why does Apple collect and compile this location data? Why did Apple choose to initiate tracking this data in its iOS 4 operating system?
  2. Does Apple collect and compile this location data for laptops?
  3. How is this data generated? (GPS, cell tower triangulation, WiFi triangulation, etc.)
  4. How frequently is a user's location recorded? What triggers the creation of a record of someone's location?
  5. How precise is this location data? Can it track a user's location to 50 meters, 100 meters, etc.?
  6. Why is this data not encrypted? What steps will Apple take to encrypt this data?
  7. Why were Apple consumers never affirmatively informed of the collection and retention of their location data in this manner? Why did Apple not seek affirmative consent before doing so?
  8. Does Apple believe that this conduct is permissible under the terms of its privacy policy? See Apple Privacy Policy at "Location-Based Services" (accessed on April 20, 2011),
  9. available at www.apple.com/privacy.
  10. To whom, if anyone, including Apple, has this data been disclosed? When and why were these disclosures made?
On Thursday, Franken was joined by Rep. Ed Markey (D-MA). He also sent a letter to Steve Jobs, but he asked Jobs about the possible effect of this file on minors. After all, iDevices are quite popular with minors, and Markey asked:
Given the widespread usage of iPhones and iPads by individuals under the age of 18, is Apple concerned that the wide array of precise location data logged by these devices can be used to track minors, exposing them to potential harm? If yes, what is Apple doing to reduce the potential for such harm? If not, why not?
However, it seems that the discovery made by the two researchers, Allan and Warden, and disclosed on Wednesday wasn't a discovery at all. The hidden file in iPad 3Gs and iPhones that contained tons of location data had previously been detailed, by one Alex Levinson, a student at the Rochester Institute of Technology, who says he discovered this file back in 2007, as part of his research and work with forensic firm Katana Forensics.

Why, then, did no one notice it then? And why did no one listen to Levinson on Wednesday, when he was reportedly emailing media about it?

First, in 2007, he published the research in "Hawaii International Conference for System Sciences 44." If he really wanted to get some attention, there is nothing wrong with that, but perhaps clueing in CNN might help. [In all fairness, however, he also contributed a chapter to a book on iOS forensic analysis, "iOS Forensic Analysis: for iPhone, iPad, and iPod touch," which although it is certainly not a NYT bestseller, ranks 31 on Amazon.com for books on Security and Encryption. One would think that might have brought some attention to the matter.]In a blog post, Levinson said the following:
This hidden file is nether new nor secret. It’s just moved. Location services have been available to the Apple device for some time. Understand what this file is — log generated by the various radios and sensors located within the device. This file is utilized by several operations on the device that actually is what makes this device pretty “smart”.

Through my work with various law enforcement agencies, we’ve used h-cells.plist on devices older than iOS 4 to harvest geolocational evidence from iOS devices.
Yep, you read that correctly: it's already being used by law enforcement. He spoke to GigaOM, and there was more:
[...] the press missed the story first time around, and now seems more focussed on the horror of data storage than the reality (there, for example, is no evidence that the data is sent back to Apple at the moment).

“I do blame the press somewhat for sensationalizing them without recourse,” he says. “I emailed 20 of the top media outlets who covered this, linking them to my side — none of them replied, except a famous blogger who cursed me.”
Although this isn't new news, it's certainly news. The fact of the matter is that despite the fact that the data isn't being sent back to Apple (yet), the data is stored unencrypted on the device and on your computer. That's pretty risky.


iOS location data mapped
As far as what the file is there for, Daring Fireball believes it's a bug, and that it was the log file was supposed to be culled. If that were true, however, then that "bug" has been around since 2007, according to Levinson's findings.
0
+ -

Do we have any Apple customers that are outraged by this? Or on the other end of the spectrum of not caring?

0
+ -

I have the jailbreaking app that constantly deletes the file. It wasn't too bad since the data wasn't being used...yet. But i still felt a major breach privacy breach.

0
+ -

I expect most consumers will be upset and yet they will continue to use the product/services.

0
+ -

Most consumers will have no idea what is really going on but see the news headlines and jump on board claiming that people are tracking them and steeling their personal info and it's the most horrific thing. Apple will get sued over this for sure. I liked AL Franken's questions to Steve Jobs, I'd like to hear his response. That is crazy it started back in the day and no one would listen to that guy. I want to buy him a shirt that says "I Told You So".

0
+ -

Hey LBrowen, i really don't care of this issue xD

0
+ -

I think apple is just going to BS their way out of this and most users of apple are going to buy it. People are not going to stop using their products over this and this is going to be swept under the rug.

0
+ -

Surprise, surprise. I agree that the data was not being used yet... but what a great way to build advertising profiles around the places that people visit. I also would like to hear Steve Jobs' responses to Al Fraken's questions. It would be interesting to see if Android and Windows Phone 7 OS store the same type of tracking information since there are some apps that use location information to even work.

0
+ -

Oh I would like to hear the answer to Al Franken 's questions preferably in video rather than a carefully edited script of media spin jockey's that's not likely for that to happen There's great thread and posts in HH with Senator Franken http://hothardware.com/cs/forums/t/52551.aspx asking 'What are we doing"? He would be my choice to ask the questions I am unable to ask.

well what are we tolerating ?

0
+ -

I'm an Apple user since 2007 and i'm not bother cuz i don't have anything to hide :)

0
+ -

guys, its not a bug its a feature!

0
+ -

That's right! Apple products just work..........whether they are working for you or Apple, well that's a whole different story.

0
+ -

ROFL do you know that anyone can track you if they know how? That includes a sex offender, a thief, your wife or husband, your kids, your business competition anyone? If the feature is there on an Apple device it is generally much easier hackable as well as usable because there security lvl is at best circa 2002 maybe.

0
+ -

oh and it does not matter that they did 4 security updates or whatever last year as there are way more vulnerabilities than 4, or even 10 or 20!

+1
+ -

It seems like this is Apple's Striesand Effect, one which they can't sweep under the rug easily.

The fact that they don't bother to delete or encrypt the location info puts my personal life at risk, what if a hacker decides to break into my computer and steal this particular file and sell it to the highest bidder in the market? Now he knows the spots which I frequent, the places where I go and it makes me much more of a target for a scam.

Seriously, Apple should of known better then to just leave the data in the computers. I mean I know what I said before and the potential for hackers hacking your iPhone to determine your location but for Apple to just leave the location file unencrypted where anybody can get to it, now that's just regretfully embarrassing.

Sure, they'll be able to fix the issue (if they choose so) but they won't be able to repair the damage that they brought upon themselves. They're Apple, they should know better then to leave something unencrypted. They make according to you guys, "overpriced machines with a high-end, sleek and modern feel and lesser features then the competition.".

Login or Register to Comment
Post a Comment
Username:   Password: