Slashdot Mirror

← Back to Stories (view on slashdot.org)

iPhone and Location: Don't Panic

Posted by timothy on from the ok-ok-ok dept.

stonemirror writes "There's a lot of blind panic out there over the discovery of a database file on the iPhone which contains dated location information. Without actually looking at the data, a lot of folks have proclaimed that the 'iPhone is tracking your every move.' I actually did take a look at the data, and it's not doing anything like that."

7 of 362 comments (clear)

  1. Anecdotal by RocketRabbit · · Score: 5, Insightful

    This story is entirely anecdotal. Sure, it may not be tracking your "every move" but we have no way of knowing if this guy's phone was even on for his whole train ride (for example).

    His conclusion is "We don't know why Apple is collecting this information but it's not a big deal." What the hell? How do we know it's not a big deal?

    Sorry, Apple, you guys fucked up. A random blog-pologist isn't going to save this one for you.

    1. Re:Anecdotal by Anonymous Coward · · Score: 5, Insightful

      and saying that its OK because 'it isn't accurate' is just fucking stupid. This type of personal intrusion cannot be accepted.

      if we don't take action now, we'll settle for nothing later.

    2. Re:Anecdotal by tripleevenfall · · Score: 5, Insightful

      Agreed.

      It's not enough to say "Well, you agreed to the TOS" when you know full well nobody reads it. If you are tracking my physical movements, I should have to opt-in to that in an obvious way.

      It doesn't even clearly state that this stops if you turn off Location Services, or what happens to the backed up files if you do.

    3. Re:Anecdotal by Americano · · Score: 5, Interesting

      No, but it is interesting that another platform is doing similar things. Understanding why it happens on Android may provide insight into why it's happening on iOS, as well.

    4. Re:Anecdotal by Anonymous Coward · · Score: 5, Informative

      There's a lot of stuff thats being reported about this that is somewhere between sensationalist and wrong. The "researchers" who published this have been pretty sloppy in what they are claiming. I've helped out police forces with using extracting and trying to use this data, over a number of years so I've a reasonably good idea what is there and what isn't.

      The data is not new to iOS 4, it has been there at least back to iOS 2, its just the name of place that it is stored is different.

      This existence of this data isn't secret, the use of this data is the subject of a session for Apple Developers at the World Wide Developers Conference each year - usually something like "Using Location Services in iOS" or similar in title.

      The location data is not the GPS location of the user, it is the location of cell towers the phone can see. All the location data is time stamped, and stamped with the carrier network ID, and the ID of the individual and there's no way you can be in 3, or 6, or 9 different locations at the same time. Depending on how many cell towers were visible, all this tells you is that the phone was within maybe a few km, but up to 25-50km of the tower. If you then take that data and use it to triangulate the users location, you'd typically get a location that was at best accurate to a bit under 1km, and more likely a few km.

      The collecting of the data isn't continuous, it appears to be event based. Anecdotally - the phone waking from sleep and reconnecting to the carrier network appears to be one of the events, as is rebooting the phone, and re-connecting to the carrier's network when you come out of a dead spot. It seems plausible, that it may also be snapshotted every time Location Services is fired up, eg by launching the Maps App and consenting to use of location services. That pattern of even driven acquisition would explain the differences that various people out there on the net report.

      Similar data is also being tracked and logged by the carrier, but in their case, its harder to get to as it is sitting on carrier systems on their internal network. That is true for all phones. In this case, the data is pretty easy to get to if you have physical possession of the phone.

      Thats good enough to tell that you actually went off to Hawaii with your mistress when you told your wife you were going on a work trip to California, but for most people , most of the time, it will only be pretty vague as to where they where - knowing that you are in Baltimore when thats where you live and work isn't that big a revelation.

      If the user of the phone opts out of Location Services, the file isn't updated. This is done from Settings.

      Like all files that need to be read/written in the background by the system, its always readable to root - it isn't readable (directly) to Apps , although they benefit from it indirectly by Location Services calls responding faster. If you jailbreak your phone, then Apps can read this data and transmit it for their own purposes.

      Files in that data protection class can be recovered off the filesystem over USB tether. Technically it is encrypted, but the encryption is really only of use for a fast remote wipe of the device, and it isn't being encrypted in a class that increases the security of the data.

      It does reside in the backup, so thats certainly a good reason to always encrypt your iPhone backups and use a strong passphrase for them.

      Apple has also been clear in its earlier deposition response as to how user location data is anonomised when it is collected.

      Its entirely possible that the persistence of the file is actually a bug - I can see why it would be useful to cache it for a few days to maybe a month at the high end, but back to the start of the epoch seems excessive. In my view its the persistence of the file thats the biggest issue. That not hard for them to fix.

      So its bad, but its not where near as extreme a situation as what some people are saying.

  2. The Point by tripleevenfall · · Score: 5, Insightful

    The point is not what it's currently doing, the point is (a) what COULD be done (by Apple, a malevolent third party, whomever) simply because this information exists when it should not and (b) whether this level of personal tracking information should be stored in the first place without it being clear to the user.

  3. Not remotely the same thing by jdev · · Score: 5, Insightful

    The info on Android phones is totally different from iPhones. The infamous iPhone log file records your complete geo-location history since you started using your phone. The Android log file just records your recent coordinates and it overwrites itself regularly.

    So even if you get root access on an Android phone, you only end up getting your current location. Most people allow apps to have that permission anyways.

    The info on the iPhone is a huge privacy concern. The Android file is a non-issue.