Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Researchers Disclose iPhone and iPad Location-Tracking Privacy Issues
- Thread starter MacRumors
- Start date
- Sort by reaction score
Uh. No.
This particular file helps locating the phone when looking up known cell towers or WiFi hotspots.
Those methods weren't included on common phone software until late 2007.
And this particular cache file apparently didn't exist at all until iOS4.
A friend has a Verizon iPhone and downloaded the app to let you see the file, but he says he can't find it, and now says that only the AT&T iphones have this file, is this true or did he do something wrong?
It would be very interesting to read an explanation of exactly what is recorded in this file. My data (mapped on the iPhoneTracker app) doesn't look particularly useful for finding me. I work from home, within my own WiFi cloud, and that's where my phone is the vast majority of the time. Yet my home town isn't even a conspicuous location on the map.
Most of the location points seem to be from isolated dates when I was using turn-by-turn navigation apps in distant locations.
The data from yesterday (I was home all day, except for a 3-mile drive to the post office) shows an array of about 100 points approximately 200 miles across. Most are clustered around larger towns which I did not visit. About 20 are in Portland/Vancouver, which is 100 miles away on the other side of the Cascade Mountains. Considering the very rugged terrain around here, I'd be surprised if I triggered more than two cell towers all day.
Nobody's going to track me with this stuff.
Most of the location points seem to be from isolated dates when I was using turn-by-turn navigation apps in distant locations.
The data from yesterday (I was home all day, except for a 3-mile drive to the post office) shows an array of about 100 points approximately 200 miles across. Most are clustered around larger towns which I did not visit. About 20 are in Portland/Vancouver, which is 100 miles away on the other side of the Cascade Mountains. Considering the very rugged terrain around here, I'd be surprised if I triggered more than two cell towers all day.
Nobody's going to track me with this stuff.
Last edited:
Right. This "concept" that every mobile phone since the very first one has this same issue with location data stored in a file on the phone. Kinda weird that there are literally billions of mobile phones out there with this security issue and no one has discovered it until now. But, um, I'll take your word for it!
Apparently it's an eternal cache of any WiFi hotspot or cell ids that your phone used to satisfy location requests.
Makes sense.
You probably passed near a WiFi router that someone had recently moved from Portland.
Even a rough location can be enough in some cases.
Imagine your company gave you your iPhone. Once in a while you sync it at work with a business iTunes host to update apps.
You play sick one weekend to go to the seashore, using location services to find a restaurant there. Uh oh.
Today, I bet many bosses are having these location files pulled to check on their employees' movements. Guess who just got nailed?
Don't even get into what happens to FBI informants or people in the witness protection program, if their iPhone falls into evil hands.
I was in Intelligence. This info is a gold mine.
im not defending apple doing this but if you think prior to this it was not possible to track you over a cell phone and maybe the file wasn't stored on the phone but it was still possible to track you
maybe apples argueement is without that file location services would not be as good, than we would all be starting threads complaining that location services suck on the iphone
i think we all have info on our phones that would invade our privacy more so than a log if were youve been, if it got in the wrong hands
i thinks its worse that its possible to see our live location which yes had been possible since the first cell phone using cellular triangulation than a log of where ive been and possible never go again
I'll bet Apple really gets their jollies from watching 100000000000000 iPhone owners go about their daily routines all at once. /s
Android as well, to an extent
'Smartphones running Google's Android software collect data about the user's movements in almost exactly the same way as the iPhone, according to an examination of files they contain.'
- per 'UK Guardian'
It appears a difference is that the Android system does not keep records as far back, like over one year with Apple, nor possibly automatically transmit them back to headquarters, as Apple also routinely does. Also that, unlike with Apple, these records not as easily accessible.
Further details here:
http://www.guardian.co.uk/technology/2011/apr/21/android-phones-record-user-locations
'Smartphones running Google's Android software collect data about the user's movements in almost exactly the same way as the iPhone, according to an examination of files they contain.'
- per 'UK Guardian'
It appears a difference is that the Android system does not keep records as far back, like over one year with Apple, nor possibly automatically transmit them back to headquarters, as Apple also routinely does. Also that, unlike with Apple, these records not as easily accessible.Further details here:
http://www.guardian.co.uk/technology/2011/apr/21/android-phones-record-user-locations
There's an easy way to disable your iPhone from secretly tracking you. Just keep a firm grip on it at all times.
Renamed iTrack, Apples phone is Sinister
Here's the report from the Pro Apple biased New York Times
http://mobile.nytimes.com/2011/04/22/technology/22data.xml
Did Apples karma take a turn for the worst?
Its been two days without a word from Apple.
Like a recalcitrant child, Apple is looking AWFULLY Guilty
Here's the report from the Pro Apple biased New York Times
http://mobile.nytimes.com/2011/04/22/technology/22data.xml
Did Apples karma take a turn for the worst?
Its been two days without a word from Apple.
Like a recalcitrant child, Apple is looking AWFULLY Guilty
supposedly Apple New Secret Tracking File Neither New Nor Secret
Apple New Secret Tracking File Neither New Nor Secret links to 3 Major Issues with the Latest iPhone Tracking Discovery which has more details.
Someone is claiming he discovered this stuff awhile ago and even published a book that came out on 12/5/10 titled iOS Forensic Analysis where he talks about consolidated.db on page 336.
It seems like these researchers somehow got more attention. The timing of the release was very curious as 4/20 was the day Apple announced earnings. Perhaps someone was trying to bang down the stock? It didn't work.
Apple New Secret Tracking File Neither New Nor Secret links to 3 Major Issues with the Latest iPhone Tracking Discovery which has more details.
Someone is claiming he discovered this stuff awhile ago and even published a book that came out on 12/5/10 titled iOS Forensic Analysis where he talks about consolidated.db on page 336.
It seems like these researchers somehow got more attention. The timing of the release was very curious as 4/20 was the day Apple announced earnings. Perhaps someone was trying to bang down the stock? It didn't work.
Since android tracks the same data i extended MyPhoneTracker to be able to visualize android tacking db's as well.
http://mac-and-i.blogspot.com/2011/04/myphonetracker-v08-adds-ability-to.html
http://mac-and-i.blogspot.com/2011/04/myphonetracker-v08-adds-ability-to.html
The Android cache gets truncated, it contains a maximum of 50 unique cell sites and 200 WiFi access points. So you wouldn't be able to do with it what you can do with the file stored on the iPhone.
The cache files on the Android is only accessible by root and they aren't copied when you do a backup. This means that they are harder to access and they don't end up in more than one place.
These are all steps I hope Apple will take when they fix this issue. Furthermore both them and Google should encrypt the file(s).
Exactly, for once it would be nice if Apple copied Google's Android. While they are there, they might want to rip off lock/home screen widgets and the notification system. It would do iOS some good and bring it into 2011. So tired of having to "touch, touch, touch" just to see tomorrow's weather.
I find it maddening that Apple works so hard to prevent jailbreakers from modifying their own devices to suit their individual needs. But in situations like this Apple provides no method to turn off this security hole and won't even respond to the situation two days after it was spread across the internet, even despite letters from US Senators. Once again, just like the PDF exploit, the fix has been provided by the jailbreaking crowd before Apple can get around to it.
I was in Las Vegas - so I don't know if the dots there are correct or not .... but I have other places that show dots where I have never been (and was never was crossing even in an airplane) ... overall the data is not very accurate (even if reading with the higher precision that what is enabled by default in that app)
The info isn't meant to be an accurate track.
It's simply the cached responses from Apple's servers as to the location of a nearby cell or hotspot... NOT your calculated location. So each response could easily be miles away in the case of cells.
--
Heck, even if a phone were to record its own calculated location, it would be all over the place. Except for navigation, most apps (think neighborhood food, for instance) are only going to ask for location accuracy within kilometers, in order to get a quick and low power response.
--
The really bogus responses are either hotspots that the owner moved since being mapped last, or the occasional cell id being swapped.
It's simply the cached responses from Apple's servers as to the location of a nearby cell or hotspot... NOT your calculated location. So each response could easily be miles away in the case of cells.
--
Heck, even if a phone were to record its own calculated location, it would be all over the place. Except for navigation, most apps (think neighborhood food, for instance) are only going to ask for location accuracy within kilometers, in order to get a quick and low power response.
--
The really bogus responses are either hotspots that the owner moved since being mapped last, or the occasional cell id being swapped.
Unfortunately, part of buying into Apple's mentality is letting them make all these decisions for you.
avoid tracking for not jailbroken too
TrackerBuster!!!!
This script is designed to "patch" the iPhone "bug" that makes it store user movement data.
This will not harm your device in any form, it will just configure consolidated.db to auto purge via standard sql calls.
No executable code or external program needed running on the iPhone.
This patch IS USABLE on NOT JAILBROKEN devices too
1st get the database:
In JAILBROKEN devices just SCP/FTP to /var/root/Library/Caches/locationd and copy consolidated.db to your computer
In NOT JAILBROKEN devices a method is proposed here using itunes backups to access the file:
-- http://howto.wired.com/wiki/Find_Stored_iPhone_Location_Data_on_your_Computer
Apply the patch to the database. The easy way is opening the file with a SQL browser, and import the TrackerBuster.sql
Any SQL browser will do the job, but sometimes freeware is not easy to find in windows so I used and tested with the SQLite Database Browser over a PuppyLinux 5.2.5 liveCD
In JAILBROKEN devices just SCP/FTP and copy the modified consolidated.db to to /var/root/Library/Caches/locationd
In NOT JAILBROKEN devices restore from your last backup in iTunes once database is patched
READY, your iPhone is not tracking your data anymore, with no programs running on the background.
If you need to restore the tracking ability of the device just remove the file using the same methods
Extended info in the script itself, just open it with any text or code editor
TrackerBuster:
http://www.megaupload.com/?d=XGCP8B4G
TrackerBuster!!!!
This script is designed to "patch" the iPhone "bug" that makes it store user movement data.
This will not harm your device in any form, it will just configure consolidated.db to auto purge via standard sql calls.
No executable code or external program needed running on the iPhone.
This patch IS USABLE on NOT JAILBROKEN devices too
1st get the database:
In JAILBROKEN devices just SCP/FTP to /var/root/Library/Caches/locationd and copy consolidated.db to your computer
In NOT JAILBROKEN devices a method is proposed here using itunes backups to access the file:
-- http://howto.wired.com/wiki/Find_Stored_iPhone_Location_Data_on_your_Computer
Apply the patch to the database. The easy way is opening the file with a SQL browser, and import the TrackerBuster.sql
Any SQL browser will do the job, but sometimes freeware is not easy to find in windows so I used and tested with the SQLite Database Browser over a PuppyLinux 5.2.5 liveCD
In JAILBROKEN devices just SCP/FTP and copy the modified consolidated.db to to /var/root/Library/Caches/locationd
In NOT JAILBROKEN devices restore from your last backup in iTunes once database is patched
READY, your iPhone is not tracking your data anymore, with no programs running on the background.
If you need to restore the tracking ability of the device just remove the file using the same methods
Extended info in the script itself, just open it with any text or code editor
TrackerBuster:
http://www.megaupload.com/?d=XGCP8B4G
There is a cross-platform free tool called iPhone Analyzer that does this and loads more. http://www.crypticbit.com/zen/products/iphoneanalyzer