Slashdot Mirror
iPhone and Location: Don't Panic
stonemirror writes "There's a lot of blind panic out there over the discovery of a database file on the iPhone which contains dated location information. Without actually looking at the data, a lot of folks have proclaimed that the 'iPhone is tracking your every move.' I actually did take a look at the data, and it's not doing anything like that."
Yes i just dumped out the data from my Android Phone, it's got 3 days worth of location information. It does not have GPS based location, seems like a temp cache for Apps to get location based on Cell tower/Wifi data. The Iphone data described seems far more extensive.....
It's not the same kind of information at all. The android file (only available if you have root) is a temporary cache. That is totally difference then the Apple file which holds the data about your location since you bought the phone.
The fact that he considers them the same, and the rest of his article, make it clear that he is merely some obscure, inaccurate, apologist.
With this story being reported all over the Internet, by media and blogs both respectable and ridiculous, why did /. choose to use this ridiculous one. /. seems to have turned into a sort-of FOX news of tech discussion - without even a pretense of objectivity.
Speaking of which, here's one of my favorites pieces so far. A Forces columnist asks whether this discovery (of the Apple location history file) is cool or creepy and concludes that it is cool. She decides that it is actually a great feature and pushes Google to get to it and see if they can come up with a similar feature:
http://blogs.forbes.com/kashmirhill/2011/04/20/cool-or-creepy-your-iphone-and-ipad-are-keeping-track-of-everywhere-you-go-and-you-can-see-it/
So maybe the blog post that /. choose for this whole saga is not actually the worst piece written on the topic.
There's a lot of stuff thats being reported about this that is somewhere between sensationalist and wrong. The "researchers" who published this have been pretty sloppy in what they are claiming. I've helped out police forces with using extracting and trying to use this data, over a number of years so I've a reasonably good idea what is there and what isn't.
The data is not new to iOS 4, it has been there at least back to iOS 2, its just the name of place that it is stored is different.
This existence of this data isn't secret, the use of this data is the subject of a session for Apple Developers at the World Wide Developers Conference each year - usually something like "Using Location Services in iOS" or similar in title.
The location data is not the GPS location of the user, it is the location of cell towers the phone can see. All the location data is time stamped, and stamped with the carrier network ID, and the ID of the individual and there's no way you can be in 3, or 6, or 9 different locations at the same time. Depending on how many cell towers were visible, all this tells you is that the phone was within maybe a few km, but up to 25-50km of the tower. If you then take that data and use it to triangulate the users location, you'd typically get a location that was at best accurate to a bit under 1km, and more likely a few km.
The collecting of the data isn't continuous, it appears to be event based. Anecdotally - the phone waking from sleep and reconnecting to the carrier network appears to be one of the events, as is rebooting the phone, and re-connecting to the carrier's network when you come out of a dead spot. It seems plausible, that it may also be snapshotted every time Location Services is fired up, eg by launching the Maps App and consenting to use of location services. That pattern of even driven acquisition would explain the differences that various people out there on the net report.
Similar data is also being tracked and logged by the carrier, but in their case, its harder to get to as it is sitting on carrier systems on their internal network. That is true for all phones. In this case, the data is pretty easy to get to if you have physical possession of the phone.
Thats good enough to tell that you actually went off to Hawaii with your mistress when you told your wife you were going on a work trip to California, but for most people , most of the time, it will only be pretty vague as to where they where - knowing that you are in Baltimore when thats where you live and work isn't that big a revelation.
If the user of the phone opts out of Location Services, the file isn't updated. This is done from Settings.
Like all files that need to be read/written in the background by the system, its always readable to root - it isn't readable (directly) to Apps , although they benefit from it indirectly by Location Services calls responding faster. If you jailbreak your phone, then Apps can read this data and transmit it for their own purposes.
Files in that data protection class can be recovered off the filesystem over USB tether. Technically it is encrypted, but the encryption is really only of use for a fast remote wipe of the device, and it isn't being encrypted in a class that increases the security of the data.
It does reside in the backup, so thats certainly a good reason to always encrypt your iPhone backups and use a strong passphrase for them.
Apple has also been clear in its earlier deposition response as to how user location data is anonomised when it is collected.
Its entirely possible that the persistence of the file is actually a bug - I can see why it would be useful to cache it for a few days to maybe a month at the high end, but back to the start of the epoch seems excessive. In my view its the persistence of the file thats the biggest issue. That not hard for them to fix.
So its bad, but its not where near as extreme a situation as what some people are saying.