Researchers Disclose iPhone and iPad Location-Tracking Privacy Issues

[apolloa]

hahaha, if you read the original report by The Guardian link here:

http://www.guardian.co.uk/technology/2011/apr/20/iphone-tracking-prompts-privacy-fears

You will see that it does indeed state the Apple EULA at the end of the article, the part that seems to have been strangely left off all same reports in Mac Rumors, Engadget, 9TO5MAC all quoting The Guardian source

 

[DrDomVonDoom]

In my experience, I immediately assume that using any electronic device with some kind of attachment to the internet, that what I am doing is splayed across the airways and collected by various agencies, be them Ad agencies, government agencies etc. I already know that I can be tracked, and called listened to, with no warrent. After those two privacies are gone, this doesn't seem like a real big deal to me.

Its gonna sound douchey, but the odds are, astronomical vegas odds, that no one gives a **** who you are and where your at currently. Unless your a criminal, then who gives a ****? People love to heap worth upon themselves that doesn't exist. Your not a political figure, your a ******* with a iPhone working at McDonalds, calm the **** down and stop worrying about the government tracking you down and concentrate on my Hash Browns.

As far as I can see I don't have a problem with law enforcement agencies being able to see into it, I have nothing to hide.

Maybe if we were on a Android open system this might be a problem.

 

[batitombo]

who cares?

 

[KnightWRX]

Don't rely on encryption to protect you in any way. The police can crack it, as can hackers, and they can simply demand with a court order that you give them the password.

Depends on the cipher really. Not all ciphers can be decrypted with even the latest of the latest hardware, especially if you lack the private key. And a court order can force you all you want to give up that private key, but they can't force you to remember it or not lose it.

"I don't remember" or "I lost the private key to my encrypted backup, but here's the AES-256 encrypted file guys, have a go at it" are perfectly good answers.

As for this topic, SLA/ToS whatever. Not everything written in a TOS is legal or binding. If they wrote you had to murder your 1st born child, would you ? Would a court find it legally binding ? Of course not. Invasions of privacy aside, is there even a reason to store the location information like that, timestamped and polled every second ?

Why can't the device poll my location when asked for it only ? Why does it need to do it periodically ? Why is there no cleaning up after a certain time has elapsed ?

All serious questions. Even if I don't have anything to hide my privacy is still important to me. If I want you to know about my mundane life with no frills, I'll tell you about it.

 

[lkrupp]

Not good. I need an explanation.

What? You think GM's OnStar, and the other car manufacturer's systems, don't keep a record of exactly where your automobile has been? All cars have black boxes these days. You think your bank doesn't know where you've been and what you've bought? You think the government, and most companies, don't already know more about you than you do yourself, like where you go, what you buy, who your friends are, what political persuasion you are?

 

[The Phazer]

Sigh. While the risk is very slight (I don't care about government access - they already have access to the carrier's records with a court order, but in theory this information is useful to a thief - say to identify the home address of a user to flag the home of someone who owned an iPhone and hence is probably worth breaking into their house or even identifying good times to do so given they're out most of the time at work etc), it's far from good that it's there.

Not least because writing a huge log of this data is silly and pointless and is using up system requirements by doing so. I would assume that the the file has been left in due to nothing more than incompetence (Android doesn't seem to do this sort of tracking, it's not mandatory on the device itself), but if so it is very odd that nobody has noticed this while trying to optimise the code.

So Apple either left in a bad privacy risk on purpose or audited the code badly for both security and performance. Neither of those options is very palatable.

 

[jacollins]

Unless I'm missing it in the thread, I didn't see anything on this particular question. Does anyone know if this database on the iPhone is accessible by apps? ie. can you download some app that then scans the database and uploads your information elsewhere behind the scenes?

 

[kdarling]

The file contains a log of the cell towers you connected to and when. That's it. This is why the dots are in grids that get bigger the as you leave populated areas and routinely include places you haven't been within 30 miles of.

Note that the grid pattern is faked by the demo reader program to hide actual locations.

(Cells aren't in perfect grids anyway.)

This information is most likely used for connection quality monitoring and caching for Assisted GPS cold starts. It is also the same information stored by your cell phone provider no matter what phone you use. As such, "Big Brother" already has the ability to access to this information.

Or it's leftover code from development and testing.

 

[andys53]

Depends on the cipher really. Not all ciphers can be decrypted with even the latest of the latest hardware, especially if you lack the private key. And a court order can force you all you want to give up that private key, but they can't force you to remember it or not lose it.

"I don't remember" or "I lost the private key to my encrypted backup, but here's the AES-256 encrypted file guys, have a go at it" are perfectly good answers.

Over in the UK not remembering passwords can sometimes land you in prison. Just remove the incriminating files frequently and regularly.

 

[mytdave]

feature

'course you all know this is a feature, right? There are lots of social or other apps you can get to give you cute info about where you've been, maybe an exercise routine, or location based data for pictures, etc. The info has to be recorded in a file somewhere!

If you're paranoid, just delete the file from your computer backups and/or encrypt your iPhone. Tah dah!

 

[ikir]

Paranoia.... or all users are secret spies!! WOW

 

[BigPrince]

Over in the UK not remembering passwords can sometimes land you in prison. Just remove the incriminating files frequently and regularly.

In the US you have the right to not self incriminate...they can make you turn over a physical key to a safe but since a password is not physical and in your head they can't compel you to turn it over....its considered testifying against yourself...a few court cases have faced this issue.

 

[myemailisjustin]

Plug in your iPhone, open iTunes, and in the SUMMARY window check the box related to backup encryption.

This is why the researchers published this, so people take action. Encrypt your data, it's your choice to do so. Encrypted = safe(r) than not.

**EDIT - And I'd be more worried about RFID in your bag of chips or RFID in the all the new tires that go on your car than a file you have the choice to encrypt. RFID in my tires, you can't encrypt that!

 

[AaronEdwards]

Of course that's the ideal answer but an impossible answer. So again, Google or your device/computer?

I'd rather have Google or Apple for that matter having that information in their servers, than it being in a unencrypted file on my phone or on my computer.

What Apple has done here is giving anyone with access to either your phone or your computer a way to track your movement. And that person would not need to either install something or deal with encrypted files. The person tracked would have no clue that it's happening.

Once again, it's shown that when it comes to security and encryption, Apple needs to improve their game.

But, it's great thing for jealous husbands who would want to monitor what their wives are doing.

 

[the vj]

Oh no!!!

Now Wall Mart knows where I am!!!

Who cares! interesting data but unless you are a celebrity or some sort of important figure the rest is only based on your ego and the typical "American culture paranoia".

Get real, no one in the work cares where you are, they all know you are behind your mac downloading porn.

 

[baleensavage]

I'm personally of the opinion that anyone that thinks they have any privacy in this digital age is lying to themselves. There is no privacy, every single time you do anything on the internet or cell phone, some device somewhere is keeping a log of it. This is just one more way. But like other people mentioned, unless you're a criminal or the victim of a highly sophisticated stalker, then no one really cares about your private data.

With that said, if Apple is in fact storing location data when you specifically turn location services off on your iPhone, then this is a big problem that needs to be remedied. Their TOS specifically states that they are not collecting this data when you turn location services off and that is a flat out lie.

 

[Skika]

Not big deal. But, im not a fearfull worried paranoid person, which many are.

 

[tfskora]

Sweet! Now I can stop checking in with yelp, facebook, and 4square.

I'm in the who cares crowd. Many have posted that everything you do on a computer is being tracked.

Just go hide in a cave with no technology, no one will find you. Look at Bin Laden.

 

[infidel69]

Shame that everyone is going to jump to conclusions rather than work out why this is stored.

And really, would you rather have the information stored on the device or logged by Google?

Neither, I was wondering how long it would be before some fanboy would bring up Google.

 

[DavidLeblond]

Has to have some back and forth that could be tracked.

GPS devices don't transmit. I think they'd have a much shorter of a battery life if they were sending signals to the satellite.

 

[philstubbington]

If you tie this story to the recent news from Michigan that cops there are able to suck the data off of your phone at a traffic stop, then this is really frightening.

You can get sucked off at a traffic stop by a cop in Michigan? Must make sure I never go to Michigan!

 

[mcmlxix]

This is a huge concern because of the use by law enforcement of the Cellebrite device to download and scrutinize the data in cell phones. Apparently, police departments in Michigan are using this device when pulling drivers on traffic violations. Here is another article on the use in Michigan.

Cellebrite's widget is apparently able to download and scrutinize the data from a vast variety of mobile devices, including Blackberry phones and the iPhone.

Isn't this illegal search and seizure?

 

[mikemac11]

Am I the only person laughing at this? If you didn't know your phone was already tracking you, then you should read up. All phones do it and it is not limited to the iPhone. Most common reason it would be done is for emergency needs. Just go to another cell tower and watch it track you. Next story please.

 

[sommer182]

Who do you think is behind this?

i'm tired of companies taking our privacy so lightly. makes a consumer feel like a dumb piece of meat. i hope someone files a lawsuit over this. any sneaky tactics like this should be outright banned by the government. maybe once we get some politicians of a younger generation in there who are more aware of these issues they will actually do something to protect the consumer from greedy and arrogant corporations. i hope but i'm not sure i will ever see this dream realized the way government currently lets companies run rampant.

"Banned by the government?" Who do you think is BEHIND this technology. Companies can certainly use this info for things like targeted advertising, but the folks who REALLY want to know where you, or more likely people not as nice as you, are at any moment of the day are sitting in governments around the world. This technology is nothing new, and it doesn't take a smart phone to be able to be tracked. My dumb flip phone is probably pinging a tower every few seconds and logging my location on a database somewhere.

 

[manu chao]

every single time you do anything on the internet or cell phone, some device somewhere is keeping a log of it.

And simply forcing all instances that keep logs of personal data to delete them after a short period would solve this.
How hard is it to periodically delete old log files? It works fine for system.log, no reason this cannot also be made to work for other types of log files.