Apple Secretly Tracking iPhone, iPad Users' Location

from ChaoticFate.com by qew

Share|

By Mike Schuster  April 20, 2011 10:13 AM

EVERY MOVE YOU MAKE

This is bad. Really bad.

Programmers Alasdair Allan and Pete Warden found what could be the biggest privacy breach Apple has ever committed against iPhone 4 and iPad 3G users.

The two men discovered that since the introduction of iOS 4, Apple devices have been tracking and storing the user's location along with a time stamp -- essentially logging a user's movements since upgrading to iOS 4. Bear in mind, this data-logging is done completely in the background and without the user's approval or knowledge.

Breaking the story on O'Reilly, Allan wrote, "We're not sure why Apple is gathering this data, but it's clearly intentional, as the database is being restored across backups, and even device migrations."

Worse yet, the data that's being stored is unencrypted and unprotected -- leaving it out in the open on any machine you've synced with your iOS device!!! Switched jobs since syncing your iPhone to your work computer? Met a gal at a bar, went home with her, and transferred an album from her laptop to your iPhone? Guess what: They could easily see where you live, eat, work, visit, etc.

"Anybody with access to this file knows where you've been over the last year, since iOS 4 was released," Allan writes.

Allan and Warden built a program called iPhone Tracker which shows the data being stored and tracks it on a map. Here's an example of the program in action and the data being gathered:



The programmers contacted Apple's Product Security team and have yet to hear back. The company also hasn't publicly addressed this serious issue. In the meantime, Allan and Warden break down the problem and what can be done to patch this gaping security hole.

What information is being recorded?

All iPhones appear to log your location to a file called "consolidated.db." This contains latitude-longitude coordinates along with a timestamp. The coordinates aren't always exact, but they are pretty detailed. There can be tens of thousands of data points in this file, and it appears the collection started with iOS 4, so there's typically around a year's worth of information at this point. Our best guess is that the location is determined by cell-tower triangulation, and the timing of the recording is erratic, with a widely varying frequency of updates that may be triggered by traveling between cells or activity on the phone itself.

What are the implications of this location data?

The cell phone companies have always had this data, but it takes a court order to access it. Now this information is sitting in plain view, unprotected from the world. Beyond this, there is even more data that we have yet to look at in depth.

For example, in my own case I (Alasdair) discovered a list of hundreds of thousands of wireless access points that my iPhone has been in range of during the last year.

How can you look at your own data?

We have built an application that helps you look at your own data. It's available atpetewarden.github.com/iPhoneTracker along with the source code and deeper technical information.

What can you do about this?

As we note around the 20-minute mark in our video discussion, an immediate step you can take is to encrypt your backups through iTunes (click on your device within iTunes and then check "Encrypt iPhone Backup" under the "Options" area).