Researchers Disclose iPhone and iPad Location-Tracking Privacy Issues

[MacRumors]

A pair of security researchers today announced that they are sounding the privacy warning bell about the capability of iOS 4 to track the location of an iPhone or iPad on an ongoing basis, storing the data to a hidden file known as "consolidated.db" in the form of latitude and longitude and a timestamp for each point.All iPhones appear to log your location to a file called "consolidated.db." This contains latitude-longitude coordinates along with a timestamp. The coordinates aren't always exact, but they are pretty detailed. There can be tens of thousands of data points in this file, and it appears the collection started with iOS 4, so there's typically around a year's worth of information at this point. Our best guess is that the location is determined by cell-tower triangulation, and the timing of the recording is erratic, with a widely varying frequency of updates that may be triggered by traveling between cells or activity on the phone itself.While the consolidated.db file has been known for some time and has played a key role in forensic investigations of iOS devices by law enforcement agencies, the researchers note the data is available on the devices themselves and in backups in unencrypted and unprotected form, leading to significant privacy concerns. Once gathered, the data is saved in backups, restored to devices if necessary, and even migrated across devices, offering a lengthy history of a user's movement.

Data points pulled from iPhone backup​

The researchers, Alasdair Allan and Pete Warden, have also put together a downloadable application that allows users to view the location data stored in backup files on their computers. Allan and Warden have reached out to Apple for comment but have yet to receive a response, and in the meantime recommend that users encrypt their iPhone and iPad backups for increased security.

Article Link: Researchers Disclose iPhone and iPad Location-Tracking Privacy Issues

 

[talkingfuture]

Will be interesting to see Apple's response to this. I don't necessarily mind the data being collected for things like find my iPhone and forensics but I'd like it to be very well secured.

 

[BoRegardless]

So if you must Hide Out...

Buy a 2nd and 3rd PrePaid phone & leave the iPhone off until you want to use it.

If you are doing sensitive or sneaky business, you already know about these things.

Anything that is always on and transmitting wirelessly is trackable and now we know it is trackable in more ways with data going to BOTH the iPhone and the computer you sync with

 

[KPATVPOD]

Is the Program to read it Mac only or is there a PC version??

http://petewarden.github.com/iPhoneTracker/#4

 

[BlindGoldfish]

So how would I go about encrypting this backup file on my Mac?

 

[dethmaShine]

Not good. I need an explanation.

 

[BillyBobBongo]

Wonder how long this item will remain here...the one on Engadget managed about 7 minutes.

 

[dethmaShine]

Wonder how long this item will remain here...the one on Engadget managed about 7 minutes.

Look at the latest thread. The haters act as if they are going to shoot Vlad Savov (Engadget) for removing that article.

lol

On a serious note, I need an explanation for this.

 

[sevimli]

This really sucks!

 

[jonnyb]

When did 'reached out' become a better phrase to use than simply 'contacted'?

 

[karsten]

i'm tired of companies taking our privacy so lightly. makes a consumer feel like a dumb piece of meat. i hope someone files a lawsuit over this. any sneaky tactics like this should be outright banned by the government. maybe once we get some politicians of a younger generation in there who are more aware of these issues they will actually do something to protect the consumer from greedy and arrogant corporations. i hope but i'm not sure i will ever see this dream realized the way government currently lets companies run rampant.

 

[mr.steevo]

We Live In Public

Ask Josh Harris what he thinks of this and he'll tell you we're right on track with losing all anonymity due to technology.

Buckle up.

 

[kreach]

nice! Actually.

 

[Torrijos]

For those freaking out, do they know that every GPS devices record their positions from the moment they are first turned on ?

It is scary, but unfortunately it's quite common.
In the best of cases (in the GPS world) the information is encrypted... But this only happens with a few GPS, usually those made for high-end auto brands (Porsche, BMW etc.) the majority of devices, on the other side, records the information in plain text.

 

[gleepskip]

I'm a pretty serious Apple fanatic and I'm willing to scrap my family's iPhones because of this. I know the government can track me anyway by watching my movement across cell towers, but this is a huge affront to privacy.

If you tie this story to the recent news from Michigan that cops there are able to suck the data off of your phone at a traffic stop, then this is really frightening.

 

[PeterQVenkman]

Great. I wonder why they do this, other than to boost data for iAds.

 

[FloatingBones]

Law enforcement and cell phone dumps

This is a huge concern because of the use by law enforcement of the Cellebrite device to download and scrutinize the data in cell phones. Apparently, police departments in Michigan are using this device when pulling drivers on traffic violations. Here is another article on the use in Michigan.

Cellebrite's widget is apparently able to download and scrutinize the data from a vast variety of mobile devices, including Blackberry phones and the iPhone.

 

[mainstreetmark]

i'm tired of companies taking our privacy so lightly. makes a consumer feel like a dumb piece of meat. i hope someone files a lawsuit over this. any sneaky tactics like this should be outright banned by the government. maybe once we get some politicians of a younger generation in there who are more aware of these issues they will actually do something to protect the consumer from greedy and arrogant corporations. i hope but i'm not sure i will ever see this dream realized the way government currently lets companies run rampant.

It *is* private now. This information isn't broadcast anywhere but your own personal computer in the form of an encrypted backup file. The information won't go anywhere but with you and your property.

However, if your iphone gets stolen, the GPS log is likely the least private thing you need to worry about. The thief will have access to your entire contact list, browsing history, etc..

 

[Warbrain]

Shame that everyone is going to jump to conclusions rather than work out why this is stored.

And really, would you rather have the information stored on the device or logged by Google?

 

[ciTiger]

WOW this is a major privacy breach.

 

[Warbrain]

I'm a pretty serious Apple fanatic and I'm willing to scrap my family's iPhones because of this. I know the government can track me anyway by watching my movement across cell towers, but this is a huge affront to privacy.

If you tie this story to the recent news from Michigan that cops there are able to suck the data off of your phone at a traffic stop, then this is really frightening.

If this is your biggest worry on people being able to track you...hmph.

Tinfoil hats are going to be all the rage here soon.

 

[nightcap965]

Help! Help! The paranoids are after me!

With respect to all the "view with alarm" postings that will follow, this really doesn't mean anything. I leave my home at the same time every morning. The transponder in my car records my passage and debits my account with the state highway department. Traffic cameras record my license plate at several points during my journey. Once out of the car, my smiling phiz can be seen on any number of CCTVs en route to my office, whose door I open with a card that automatically records my entry. The IP address of this posting will reveal that I am sitting in my living room as I write. Even without the GPS turned on, my phone regularly initiates a conversation with the local cell tower. I can be found with almost pinpoint accuracy.

So I'm not exactly going to panic to learn that my computer and phone keep a record of my latitude and longitude that they don't share with anyone else.

The government already knows where I live, where I work, where I bank, and all kinds of other interesting information. It's how they collect their taxes and send me my mail.

If there were the slightest indication that liberals, atheists, and other enemies of the state were being tracked by their GPSes and rounded up, I'd be the first to the barricades. But there isn't. Our privacy is not based on "nobody knows", it's based on "nobody cares."

 

[crackbookpro]

Shame that everyone is going to jump to conclusions rather than work out why this is stored.

And really, would you rather have the information stored on the device or logged by Google?

I'd rather have none at all. This is a file being stored. It's big bad news.

 

[gleepskip]

If this is your biggest worry on people being able to track you...hmph.

Tinfoil hats are going to be all the rage here soon.

I didn't mention what my biggest worry is.

 

[iMouse]

Looks as if the data is more or less for AT&T's purposes than for Apple's. A lot of the data is in a grid form on the map, possibly using tower triangulation to determine signal issues in a given area.

The dates coincide with the release of iOS 4 for sure.

Still not cool that this is being pushed to backups and appears to keep a never-ending history on the device unless restored and set up as new.