iPhone, iPad Log Detailed Location Tracking Data

| Reports

Security researchers raised eyebrows on Wednesday when they revealed that Apple’s iPhone and iPad with 3G support maintain detailed location logs that track user locations and that the data is stored on unencrypted their computer. The discovery of the not-so-hidden files has led to privacy concerns, although it doesn’t appear that Apple is collecting the location tracking data.

The location data file is stored on the user’s iPhone or 3G iPad as well as in the backup files that iTunes generates when a user syncs their device with their computer, according to Pete Warden and Alasdair Allan, the researchers that discovered the potential privacy issue. By default, the information is stored unencrypted, which means anyone with access to the user’s computer has the potential to see detailed information about where the iPhone has been, including latitude, longitude and time stamps.

Based on their research, Mr. Warden and Mr. Allan don’t think Apple is collecting any of the tracking data. Instead, it simply sits in unused files on user’s computers and iPhones.

Yow! Your iPhone is tracking exactly where you are.The iPhone is logging detailed tracking data

It appears Apple began storing location data around the time iOS 4 was released. In The Mac Observer’s tests, we found that the oldest location data recorded was from June 16, 2010, which also happens to be the same day iTunes 9.2 was released. iOS 4 rolled out a few days later on June 21. It also appears that the location tracking file appears only for GSM-based iPhones, which means Verizon iPhone users aren’t impacted by this — at least for now.

To help illustrate how much information Apple is logging, the researchers cobbled together an application that access the tracking file and plots the data on a map. They intentionally reduced the accuracy of the plotted information to help limit potential abuse.

“Apple has made it possible for almost anybody — a jealous spouse, a private detective – with access to your phone or computer to get detailed information about where you’ve been,” Mr. Warden said.

Apple isn’t saying why it is logging such highly detailed location data, or why the information is available in an easily accessible file. While it’s easy to jump to conspiracy theories, it’s more likely the company plans on using the information at some point for social networking services or targeted marketing.

“[Apple] have new features in mind that require a history of your location, but that’s pure speculation,” Mr. Warden said. “The fact that it’s transferred across devices when you restore or migrate is evidence the data-gathering isn’t accidental.”

iPhone owners can add a little more protection for their privacy by encrypting the backup files that are stored on their Mac so a password is required to access the content. Here’s how:

  • Launch iTunes and connect your iPhone to your computer.
  • Select your iPhone in the Library list in iTunes, then choose the Summary tab.
  • Scroll to the bottom of the window and check Encrypt iPhone backup.
  • Enter a password when prompted.

The data on your iPhone is stored in an unencrypted format unless you use a passcode lock. The passcode feature on the iPhone, iPod touch and iPad can be enabled by tapping Settings > General > Passcode Lock. If a simple four-digit security code doesn’t offer enough protection, users can enable iOS’s more secure passcode feature, too.

While logging mobile phone location data isn’t something new, Apple’s decision to store that information in an unencrypted file without user’s knowledge falls outside of common industry practices. To obtain that data for other phones, authorities or private investigators would need to gain a court order that compels the service provider to had over the files.

Apple hasn’t commented on its location tracking practices.

[Thanks to the Guardian for the heads up.]

Sign Up for the Newsletter

Join the TMO Express Daily Newsletter to get the latest Mac headlines in your e-mail every weekday.

64 Comments Leave Your Own

geoduck

Not cool.
Another reason I’m going with the WiFi only iPad

Bosco (Brad Hutchings)

Spot wager: will Nemo pop a gasket? I’m gonna give him the benefit of doubt and say “yes”. Please get your predictions in early.

BTW, trust is another clear benefit of open source operating systems and a robust open source community. Google could not get away with anything like this in its core Android OS because the modders would catch it in an instant. Nor can Google get away with giving its own apps advanced privileges to obfuscate what they’re doing. So they have to play within disclosure and permissions norms on the Android platform. Not so with Apple…

Nemo

This is outrageous.  Apple suddenly decides to start collecting location data and stores it on one’s iPhone, iPad, and/or computer in an unencrypted file without so much as a by-your-leave from the user.  Apple’s patronizing and bigoted censorship of civil discourse and now this.  And Android is only worst.  I am old enough to have live long without a smartphone or a tablet computer, and, given this nonsense, I may well revert to life with just a computer and the most basic of cell phones.

geoduck

I may well revert to life with just a computer and the most basic of cell phones.

Welcome to my world. I have a simple LG phone (talk, text only) and just got an iPod Touch. As everywhere I go has WiFi I can IM or Skype from the iPT and I generally leave the phone at home.

prl53

Check the web for old reports on consolidated.db. It’s used to store the location of cell towers and is (probably) used by location services applications. Having the database should make finding your location quicker for iPhone apps.

Nemo

And Apple’s hypocrisy here is of the first quality.  Apple has denied publishers and other developers access to users’ personal data on the grounds that, under Apple’s rules, you can only collect such personal information from any user with that user’s informed consent.  I had assumed that those rules applied to Apple, as well as third-party developers.  Well, I can hardly think of anything that is more personal that detailed, moment-by-moment knowledge of a user’s location, and with a degree of precision not be rivaled by any other technology, yet Apple collects this location information from each users of an iPhone and GSM iPad of sufficiently recent vintage without any permission from users, much less their informed consent.

Well, if Apple can collect this information on our locations, what principled rule could possible restrict developers, including publishers, from collecting that same information or requesting in negotiations that Apple fork over that information to them so that they, like Apple, can target ads to users of their apps?  And, if Apple can collect and use location data without receiving permission, wouldn’t prohibiting a developer of an app from also collecting location data without permission possibly by anti-competitive?

atx

Can someone please clarify whether this location logging is dependent on having GPS Location Services ON?

Lee Dronick

?Apple has made it possible for almost anybody ? a jealous spouse, a private detective ? with access to your phone or computer to get detailed information about where you?ve been,? Mr. Warden said.

That is why you should be discreet with your indiscretions.

Would not the PI, or cop, need to have access to your iPhone or the computer to which it is synched? If so then you have a lot more security problems than them knowing your path around town. Legalities aside it would probably be easier use small GPS tracking device on a vehicle than getting the iPhone file.

Nemo

Dear atx:  You have a good point.  Perhaps, TMO will clarify whether Apple’s collection of location data happens even when GPS Location Services is OFF.  If not, I got ahead myself.  I also want to know whether the control of GPS location can be turned on and off, if it can be, for individual applications or whether it is a global setting.  That is, one you switch it off to prevent Apple from collecting data, is all location data blocked?

Bosco (Brad Hutchings)

Aw shucks. I win. Everyone who even read my above post, please pay up.

Nemo, I don’t come here to praise Apple or to bury it. This is a cock-up, plain and simple. I don’t think there was any malicious or nefarious intent, but there is most certainly terrible execution and lack of regard for user privacy.

In the big picture, it ought to add credence to the point that Apple is not competent enough nor magical enough nor enlightened enough nor knowledgeable enough for developers, publishers, and users to allow them to have full control over software on the iOS platform. Nobody should be trusted with that level of control. Nobody. Anyone who thinks they are a benevolent, omniscient dictator is full of beans. They set up this system so they could milk it. That’s as far as it goes.

@stx: Location information can also come from cell tower triangulation. Reports are that this only affects GSM iPhones, not CDMA.

Heywood

The sky is falling!

All you have to do is turn off your location services to prevent any data logging.

You can allow for NO location services or select which apps are allowed to use your location.

In the current IOS version:

Go to Settings
Location Services
Select OFF or ON

If ON, select which apps can use your location, such as your Maps app.

/panic

Jeff Gamet

Based on the information available so far, it looks like Apple is logging location data based on cell tower triangulation. Since it doesn’t seem to rely on GPS information, I’d say there’s a good chance your location data is still logged even with location services disabled. I’m betting the only way to avoid tracking with your phone on is to enable Airplane mode.

Nemo

Dear Sir Harry:  It is now de rigueur for lawyers and prosecutors in all types of cases to request production or issues subpoenas for computing devices, especially cell phones, to extract data on location.  However, when making such a request from a service provider, unless it’s a FISA warrant, one gets notice of the request and has the opportunity to contest the matter.  But if Apple can collect location data even with GPS Location Services OFF and place it on your device and your computer, then you might not even be aware that the location data is there and, thus, subject to discovery or seizure.

Berry

Well, my question is how can I find these locations and time stamps? My son has been acting very different lately and I’m worried he is lying to me about where he is and who he is with?! Please help me!!

Lee Dronick

Based on the information available so far, it looks like Apple is logging location data based on cell tower triangulation. Since it doesn?t seem to rely on GPS information, I?d say there?s a good chance your location data is still logged even with location services disabled. I?m betting the only way to avoid tracking with your phone on is to enable Airplane mode.

Could be both?

I think we can our GPS location in places where we don’t have cell service. As long as we are outdoors or in a structure that will let the GPS signal pass through.

Nemo

Dear Heywood:  Please read Mr. Gamet’s post at 11:42 hrs.  Do you have any comment?

Unexistable

Location services whether on or off have
Nothing to do with this internal file, meaning
That it runs constant in the background without
Any way to disable or erase or edit.

Lee Dronick

It is now de rigueur for lawyers and prosecutors in all types of cases to request production or issues subpoenas for computing devices, especially cell phones, to extract data on location.

Tell me about it, I am one of those guys who always gets seated on a jury, or as an alternate. Anyway, that is why I said “legalities aside” if someone wants to track you around before an arrest or subpoena.

vasic

According to the quoted site, the location information is only stored on the user’s own devices. No data is ever transmitted to any third party (carrier, or Apple). In other words, the only person that has access to this location data is the actual owner of the phone himself. So, if anyone ELSE wanted to find out where you were going, they would have to actually get your phone (or desktop where your iTunes account resides) before they could get their hands on the database.

Apparently, ALL cellphones in existence today triangulate location information (or use GPS data), and this information is recorded by the carriers. I’m not sure if that is the case with the iPhone, though (i.e. that the carrier keeps tabs on your location). The only difference is, before, you had no way of getting your location data from your carrier; with iPhone and this file, you at least get to see what carriers are seeing (if the carriers track iPhones as well), or you are the the only one who CAN see location data (if they don’t track them).

Nemo

Bosco:  Of course, Apple can control its operating systems.  Under our laws, Apple’s OSs are its property with certain specific rights pursuant to the type of IP at issue.  That is both settled law and good policy.  What I am furious about here is my personal information, which should only be collected and/or used with my informed consent.  It is not required that Apple relinquish any of its rights with respect to any aspect of iOS or with respect to any of its other proprietary software.  What is required is that Apple respect the privacy rights of its customers and its customers’ right to control the collection and use of their personal data.

Apple’s proprietary rights in its software and its customers’ rights in their personal data are two completely different sets of rights and interests.

Bosco (Brad Hutchings)

Well, my question is how can I find these locations and time stamps? My son has been acting very different lately and I?m worried he is lying to me about where he is and who he is with?! Please help me!!

Berry, if your son is hanging out the girls in The Clutch commercial, you should be damned proud.

BurmaYank

When I try to open the (unzipped) “iPhoneTracker” application I downloaded from the weblink given for it above, I get this message:

“You can’t open iPhoneTracker because it is not supported on this type of Mac.”

What the…?

Bosco (Brad Hutchings)

Apple?s proprietary rights in its software and its customers? rights in their personal data are two completely different sets of rights and interests.

Of course I agree with your legal opinion on this. You’re absolutely correct. But I would also suggest that people adjust their perceptions of *why* Apple does what it does. Apple is clearly incompetent handling sensitive user data and anticipating problems associated with recording it. This incident most certainly chips away at their moral authority to specify what software is safe and unsafe for their platform.

vasic

To me, this doesn’t look significantly different then browser storing cookies and browser history. Most ordinary people are quite oblivious to this practice, and if they knew, they may not exactly be excited by that discovery.

This will no doubt generate a lot of noise, and Apple will likely make a minor modification to the iOS to put up a dialogue box that will ask for approval to keep this file.

vasic

Apple is clearly incompetent handling sensitive user data

You will have to remind me, as I cannot remember when did Apple have a security breach of their own, that exposed their customers’ private data? If my memory serves me well, Apple’s handling of sensitive user data has so far been quite spotless and competent.

Nemo

Dear vasic:  I hope that you are right.  But it seems an odd thing that Apple would create for its users a detailed file of their location data, which they have not requested and which most of them would be ignorant of.  Thus, such location data doesn’t appear to be designed for the users of iPads and iPhones but for some third party, which/who is most likely Apple.

And if you are right, then I am much obliged to Apple for creating, without my consent, multiple files that contain detailed data on my location.  Now, tell me how to delete those G%#d D&%$n files and turn off that G%#d D%$#n location service.

vasic

Well, if one were to guess, one could reasonably figure out the purpose of this file—to enhance location-based apps. The question is, how much of this data would actually be indirectly transmitted to someone else. Such a scenario could possibly involve a location-based app that looks up at your location data and history, figures out what could possibly be your next move (if you have a regular commute, it would show as a pattern in location data) and suggest some products/services based on the prediction of your movement. Now, if this application were now to transmit either results of its location data analysis, or just the data itself, back to some third-party server, this would clearly be a serious privacy issue.

Obviously, if such a possibility were to even exist, it would be a documented API in the SDK. I’m sure we would have heard long ago from developers that such a thing is available, if it indeed were.

Consequently, I doubt anyone but Apple has a way of building an app that can gain access to this data. The question is, do any of the Apple’s own apps actually access the file, and what do they do with such data?

Bosco (Brad Hutchings)

You will have to remind me, as I cannot remember when did Apple have a security breach of their own, that exposed their customers? private data? If my memory serves me well, Apple?s handling of sensitive user data has so far been quite spotless and competent.

See Jeff’s map above. If I remember my Bay Area geography correctly, I think I see some evidence that he’s driven on Crow Canyon Road between San Ramon and Castro Valley once or twice. If this data were available in 1988 and I had an iPhone then, I could so have been busted for excessive speed on that windy stretch.

vasic

Brad,

my question was serious. Jeff’s map above shows his own data; not somebody else’s. He chose to show it to us. That’s not exactly a breach of privacy…

Bosco (Brad Hutchings)

My answer was serious too. As Nemo points out, this data can probably be subpoenaed in all sorts of legal actions and willful destruction of it would be contempt. If you live in Michigan and get stopped by one of their 5 cops carrying around a special device, you may end up giving them that data without knowledge and without them even having a warrant. Forensics circles have apparently known of this file for several months.

vasic

Nemo can correct me if I’m wrong, but data obtained by police in such way would be illegally seized (without consent) and consequently, in admissible.

Many years ago, there was a case in the state of New York. A cop pulled a car over for not having a front license plate. When he asked for the documents, the driver and his partner were visibly uncomfortable, so he proceeded to inspect the car, where he found large amounts of marijuana. The case was thrown out of court, because the car was registered in Pennsylvania, where front plates aren’t required, so the cop had no reason to stop the car.

Just because the file is there doesn’t necessarily mean it is there for the taking (by anyone, including cops).

paikinho

If you live in Michigan and get stopped by one of their 5 cops carrying around a special device, you may end up giving them that data without knowledge and without them even having a warrant.
———
I don’t think so.
Police still have to ask for your phone. Then you have to give it to them and then they have to plug it (hardwired) into their machine so it can slurp all of your data as I understand it.

If you refuse to give them your phone voluntarily, then they have to get a court order as I understand things.

I don’t think they can do it without your knowledge from what I have seen. I have yet to know of anyone where the police have requested the phone during a routine traffic stop.

Nemo

Dear vasic:  I certainly hope it would be an illegal search.  Right now, the ACLU is pursing the Michigan State Police (MSP) with a FOIA request to determine whether the circumstances of downloading the data without probable cause and without a warrant constitutes an unconstitutional search.  My though on initially reading the story that Bosco refers to, supra, in Cnet was that the such searches appear to be unconstitutional, but one always needs the facts, which I don’t have enough of from the news story.

But my point is that the location data should not even exists.  Apple should not have designed a means for collecting that location data without my informed consent, and it certainly should not have written software so that location information is stored in multiple files in multiple locations on my computing devices.  I didn’t want it; I didn’t authorize it; I didn’t even know that it was happening.  So Apple was wrong to do it, and it should as quickly as practical provide the means for undoing it.  That way there will be one less file of information for me to worry about, if I am stopped by an MSP officer who then does a data dump of my iPhone.

mouring

How many of you have looked at the data?  Pulling up that SQLite database I find there are three sets of grouped tables.  CDMA Cell Locations, Cell Locations (GSM I assume), and Wifi Locations.

Pulling up Cell Locations and looking at it on a map the data is way to consistent and almost perfect little grids to be typical GPS-style path tracking system.  With the same spots coming up over and over again while stepping through the time line.  As well as large chunk of days missing (seems to jump 3 to 20 days between logging for some reason).

As someone else pointed out that Apple was doing this type of stuff for scanning and finding Wifi to do AGPS before it installed real GPS chips in the phone.  And as stated since it is almost very gridish in nature and logging AGPS (or GPS when it has lost signal) to a file produces a completely different pattern as to what this information is show.

Nemo

Dear paikinho:  Unfortunately, most folks don’t know that they can refuse to surrender their phones, and under recent U.S. Supreme Court precedent, if your fail to refuse to permit a search or seizure, you waive your constitutional objection, even if you didn’t know that you could have refused.

paikinho

Unfortunately, most folks don?t know that they can refuse to surrender their phones
————————-
People just need to know their rights. I have refused to let the police do many things over my life and they just had to go away since I refused to do what they say.

Too many people don’t realize that they don’t have to do a lot of what the police request. Police just ask things in a way that insinuates consequences and implied guilt to force approval of what they ask.

Americans just need more education about their rights and obligations as citizens, we are doing an abysmal job educating our citizens in civics and the laws of this land. We need to focus on that more.

John Martellaro

If you turn off Location Services, then you also turn off “Find my iPhone”

Tiger

Did every one miss this part of the story before they keep repeating “Apple is tracking you” mantra?

Based on their research, Mr. Warden and Mr. Allan don?t think Apple is collecting any of the tracking data. Instead, it simply sits in unused files on user?s computers and iPhones.

In other words, your phone is logging your movements, you have the data in your possession, and it seems NOBODY is actually tracking you.

GET A GRIP people. If anyone finds out to the contrary that Apple is indeed collecting the data, that is a different story. Not that it’s that different from the fact that your credit card use tracks you, your cell phone call use tracks you, etc. Face it. We all leave a foot print. There is no such thing as going through life anonymously.

Lee Dronick

This begs the question are other smart phones doing this?

wab95

When I try to open the (unzipped) ?iPhoneTracker? application I downloaded from the weblink given for it above, I get this message:

Burma:

It launched fine for me and showed the locations where I have been. I had to first de-encrypt (my data were encrypted). When I tried to run the app without de-encrypting, it gave an error reading. Upon re-encrypting, I again got the error reading. Make sure your data are not encrypted.

As for the data themselves, as Tiger points out as well, they are apparently stored only on the device and the computer to which the device is synced. There is no evidence according to the iPhone tracker site, that the data are being transmitted beyond your device.

And, FWIW, any intelligence or security agency that would be dependent on these data to track you, or to find where you’ve been, would be a poor agency indeed. Mobile devices are ‘low-hanging fruit’.

BurmaYank

Yes, Apple’s insecurely storing of my tracked movements without my informed permission is a shocking travesty, however:

- how significant a loss of my privacy does is this really comprise, given that the locations stored are only crude approximations of my real locations at best (and are not GPS pinpointings), as the article at the download site of the IPhone Tracker app by its developers (Alasdair Allan & Pete Warden) reveals in this excerpt:
Why are some points in places I?ve never visited? - As far as we can tell, the location is determined by triangulating against the nearest cell-phone towers. This isn?t as accurate as GPS, but presumably takes less power. In some cases it can get very confused and temporarily think you?re several miles from your actual location, but these tend to be intermittent glitches.” 
So since signal strengths at a cell tower are always at best only fairly crude measures of distances (i.e., subject to variabilities associated with landscape obstacles/reflectors +/- rain or other climate signal modifiers, etc.), location triangulations based only upon those crude distance approximators which cellphone signal strengths actually are will provide only general & quite unreliable neighborhood localizations at best, I would think.  So how much of my private comings-and goings could actually be jeopardized by these very clumsy triangulations?

- and if other smart phones are also doing this insecure local storing of celltower signal histories on those other devices, then just how really egregious a violation of my trust is this betrayal of it by Apple?  Yes, it is unforgivable of Apple to jeopardize my privacy without my knowledge & permission.  But, on a scale of one to ten, how bad, in fact?

ffakr

A friend of mine compiled the code and noticed that he has locations in the db where he hasn’t been for over 30 years.  It seems to be a general purpose database of locations that is probably leveraged by any app that uses Location Services. 
Best guess is, he’s got photos from friends on his iPhone and iPad.  The photos have location data in them and that data was recorded in the location database.

The easy solution to this, if you’re paranoid about the Guba-mint siezing your cell phone to see how often you eat at chubba-chubba burger is to just disable location services for all your apps.. since it looks like this data comes from various sources.

paikinho

This begs the question are other smart phones doing this?
————————
From the Article:
“Alasdair has looked for similar tracking code in [Google’s] Android phones and couldn’t find any,” said Warden. “We haven’t come across any instances of other phone manufacturers doing this.”

Lee Dronick

This begs the question are other smart phones doing this?
????????
From the Article:
?Alasdair has looked for similar tracking code in [Google?s] Android phones and couldn?t find any,? said Warden

I asked about smart phones, not Android phones smile

Thanks for the info, I am sure someone will be looking deeper into other phones to see if a similar thing is going on.

I wouldn’t worry about Apple using this info, most of us are not important enough to be tracked around. For those engaged in, or suspected of, illegal activities then this is only one of many tools that law enforcement would use.

paikinho

?We haven?t come across any instances of other phone manufacturers doing this.?
———-
I was assuming this would include other smart phone makers other than Androids :-D

paikinho

Personally, I am more creeped out by OnStar, I won’t ever buy a vehicle with such abilities and would attempt to disconnect OnStar-like functions from any vehicle I found with such tracking and listening capabilities.

Perhaps it will be possible to disable the tracking logs in the iPhone too.

Lee Dronick

Personally, I am more creeped out by OnStar, I won?t ever buy a vehicle with such abilities and would attempt to disconnect OnStar-like functions from any vehicle I found with such tracking and listening capabilities.

Perhaps it will be possible to disable the tracking logs in the iPhone too.

My eight year old pickup truck came with LoJack preinstalled.

I suspect that the next iOS update will address the tracking issue.

paikinho

Now that there is a dust up, I’m pretty sure people will be able to turn on or off the function as well as encrypt if they want by the next update.

Lee Dronick

Senator Franken sent a letter to Apple asking them some questions about the tracking data. There is a story about it over at ArsTechnica

paikinho

Great Article…. glad to see someone important is asking relevant questions and doing his job for the American Citizens.

d'nomder

You don’t raise armies unless you’re preparing for war.

And you don’t compile data unless you intend to use it.

Two MAJOR thumbs down, and a BIG betrayal of our trust in Apple.

machelp

As far as I know mobile phone companies already have and provide this information to the law when requested. Quite a number of recent high profile criminal trials have shown this.

All you have in this situation is the ability to see for yourself where you have been. Get over it, you have your data only on your devices, whatever the phone co. has is beyond your control.

BTW the mobile phone companies would have this data on every phone including Android. If you are going to use a mobile phone your privacy will be compromised, end of story.

other side

BTW the mobile phone companies would have this data on every phone including Android. If you are going to use a mobile phone your privacy will be compromised, end of story.

1. If we wanted privacy snafus we’d use Android.

2. Why is Apple storing the data?  They’re not a telco.

Lee Dronick

Well the talking heads on cable news finally picked up the story. As usual they got most of it wrong.

wab95

Well the talking heads on cable news finally picked up the story. As usual they got most of it wrong.

Not just on cable. BBC, ever-ready to spin negative on Apple (not my imagination), ran on the World Service a line that basically said that the iPhone and iPad were collecting data and storing it on computers (made it sound like these could be anybody’s and not necessarily yours) that could be hacked. In other words, Apple are taking your data and handing it over to hackers.

Brilliant.

Lee Dronick

Not just on cable. BBC, ever-ready to spin negative on Apple

I have the local news on now and they just had a short segment on this. The one anchor made a snarky “hmmmmmm”, but her co-anchor responded with “Is anyone surprised by this, we have no privacy these days.” At least their segment clearly said that the data is only on the iPhone and the synched computer, not being sent or taken anywhere else. Then there was 5 minutes of entertainment news.

spudgeek

From Apple’s Privacy Policy:

Location-Based Services

To provide location-based services on Apple products, Apple and our partners and licensees may collect, use, and share precise location data, including the real-time geographic location of your Apple computer or device. This location data is collected anonymously in a form that does not personally identify you and is used by Apple and our partners and licensees to provide and improve location-based products and services. For example, we may share geographic location with application providers when you opt in to their location services.

Some location-based services offered by Apple, such as the MobileMe ?Find My iPhone? feature, require your personal information for the feature to work.

It doesn’t mention “logging” of data from Location-Based Services, but does say “collect”. What’s notable here is that it relates to Location-Based Services so if disabled, in accordance with the Privacy Policy, collection should not occur.


On another note…

The data on your iPhone is stored in an unencrypted format unless you use a passcode lock. The passcode feature on the iPhone, iPod touch and iPad can be enabled by tapping Settings > General > Passcode Lock. If a simple four-digit security code doesn?t offer enough protection, users can enable iOS?s more secure passcode feature, too.

I believe data encryption on your iDevice only works for apps that use the encryption API. For example Mail uses the encryption API so your mail data would be encrypted only if your device is pw protected and data from apps that do not use the encryption API is not encrypted regardless of pw protection. I don’t know if Location-Based Services uses encryption… anyone, anyone?

wab95

Some snippets from articles making the rounds on Twitter.

Jim Dalrymple explains that this story is not new, but was written about months ago by Sean Morrison.

Dalrymple also cites Alex Levinson, Lead Engineer for Katana Forensics, “Apple is not harvesting this data from your device,? wrote Levinson. ?This is data on the device that you as the customer purchased and unless they can show concrete evidence supporting this claim ? network traffic analysis of connections to Apple servers ? I rebut this claim in full. Through my research in this field and all traffic analysis I have performed, not once have I seen this data traverse a network”.

Levinson’s full three-point explanation behind the data collection, which is used for location services for the device, can be found here.

wab95

One final point, before I go back to my day job, which I meant to include is this from Dalrymple’s article:

“Levinson said the file has been on the iPhone as long as location services has been available. In iOS 4 it just changed location”.

Thus, the practice, contrary to reports published yesterday and today, did not even begin with iOS4, but has been co-existent with location services.

abuddhafish

Hasn’t anyone on here ever read the Patriot Act #‘s 1 & 2?  Not to mention the Internet Freedom act that clearly state the intentions of these tracking intrusions?

UpQuark

I was just going to say - all the ‘Feds’ have to do is show that ‘you’ MIGHT be a terrorist - and poof, they have your stuff. No warrant, nothing. USA Patriot Act, Title II allows for gathering of information without going to FISC.  US and non-US Citizens both.

Anyway,  the file also contains WiFi spots that you have walked passed or attempted to connect and not just cell information.

Lastly, cell phone companies have pentabytes of this kind of information.  The data, (only know of AT&T - I never worked at Version), is tied to the phone id code and phone number.  Not to a name, per se.  However, it is easy to cross reference. 

I think folks are making much ado about nothing.  This data is in your control - encrypt it via iTunes - the information the cell carriers have is NOT in your control. Whine about that instead. 

I do think Apple should have encrypted the file to begin with, but the data is already available via the cell carriers anyway….

mlanger

Perhaps a clarification of the FACTS is in order, starting with the FACT that Alex Levinson discovered this BACK IN 2010? Read more FACTS here:

https://alexlevinson.wordpress.com/2011/04/21/3-major-issues-with-the-latest-iphone-tracking-discovery/

Bosco (Brad Hutchings)

Give Mr. Levinson a (persistent) cookie for finding it first. He’s part of the problem here. People are annoyed that the data is just sitting there for the taking. Warden and Allan widespread drew attention to the issue, which has value independent of discovering the issue.

Frankly, Levinson isn’t just part of the problem. He’s a creep. Notice that he doesn’t discuss whether the location data is error prone, nor how much so. Thousands of people have found out how inaccurate the data is by running Warden’s and Allan’s little app. Could you imagine being convicted or losing a lawsuit based on inaccurate data that forensics “experts” just grabbed and took for pure iPhone recorded truth?

vasic

In the few days since this became widely reported, hundreds of people have also already reported how incomplete and inaccurate this database is.

It is literally impossible that anyone in legal profession, prosecutor or defense attorney, would ever consider building a case using this as evidence, even if it was obtained legally.

About the only remotely possible improper use (misuse) of this database that I could see is a husband (or a wife) retrieving it from the spouse?s iPhone and discovering that their suspicions about infidelity were true, should the database show the spouse visiting some other residential neighbourhood every thursday evening, while the spouse was supposed to be at the fitness club?s capoeira classes.

Log-in to comment