backtop


Print 58 comment(s) - last by xti.. on Apr 26 at 12:27 PM


Apple's iPads and iPhone track a user's every move. Two security researchers made this shocking discovery while searching through the iPhone's files.  (Source: BKK Photography)

A map shows a users' movements across England. The data can be collected and analyzed by anyone with access to a user's computer, or the machine they sync their device with.  (Source: Pete Warden and Alasdair Allan)

The researchers are presenting their findings at Where 2.0 in San Francisco.  (Source: O'Reilly Publishing)
Apple users -- big brother Jobs is watching you

Pete Warden and Alasdair Allan, a pair of security researchers, have made a discovery about Apple Inc.'s (AAPL) popular iPhone and iPad devices.  According to an in depth study they performed, Apple not only tracks its iPhone and iPad users' every move, but it stores that information in a local file.

According to the researchers, the feature popped up with the release of iOS 4.  

It has been known for some time that the iPhones collect data on their user's position and uses it to target iAds at them.  Apple had received a great deal of criticism for doing that.  But nobody knew just how far Apple had gone in violating its users’ privacy -- until now.

The file is found in both iPad and iPhone.  It even transfers when users purchase a new device.

Describes Mr. Allan in an interview with British news site Guardian, "Apple might have new features in mind that require a history of your location, but that's our speculation. The fact that [the file] is transferred across [to a new iPhone or iPad] when you migrate is evidence that the data-gathering isn't accidental."

The pair discovered the data file on accident.  Recalls Mr. Warden, "We'd been discussing doing a visualization of mobile data, and while Alasdair was researching into what was available, he discovered this file. At first we weren't sure how much data was there, but after we dug further and visualized the extracted data, it became clear that there was a scary amount of detail on our movements."

Strangely, Apple does not appear to be directly transmitting the data to a central location, so it’s unclear why exactly its storing it locally.  The decision to track and store a users' location in a local file is highly unusual.  Mr. Warden and Mr. Allan searched for similar code in Google Inc.'s (GOOG) open source smart phone/tablet operating system, Android, but could not find one.

States Mr. Warden, "Alasdair has looked for similar tracking code in [Google's] Android phones and couldn't find any.  We haven't come across any instances of other phone manufacturers doing this."

He says that Apple has committed a shocking breach of privacy.  He comments, "Apple has made it possible for almost anybody – a jealous spouse, a private detective – with access to your phone or computer to get detailed information about where you've been."

The file is also transferred to the user's computer when they sync their device.  This raises the possibility that a computer thief or someone with access to the user's laptop could track their recent whereabouts.

Simon Davies, director of the pressure group Privacy International, agrees that the implications of the discovery are alarming.  He states, "This is a worrying discovery. Location is one of the most sensitive elements in anyone's life – just think where people go in the evening. The existence of that data creates a real threat to privacy. The absence of notice to users or any control option can only stem from an ignorance about privacy at the design stage."

The data is stored any direct agreement or approval from the user.  However, iTunes' 15,200-word terms and conditions contract does state:

Apple and our partners and licensees may collect, use, and share precise location data, including the real-time geographic location of your Apple computer or device. This location data is collected anonymously in a form that does not personally identify you and is used by Apple and our partners and licensees to provide and improve location-based products and services. For example, we may share geographic location with application providers when you opt in to their location services.

If users opt out, they are banned from iTunes.

Apple refused to comment on why its devices are monitoring its users' every move.

For Apple users, about the only way to provide yourself with a degree of safety is to try to encrypt the file.  Details can be found at a webpage the pair has been set up.  More details can also be found in an article the pair authored for the site O'Reilly's Radar.

The pair are presenting their findings later today, in detail, at the Where 2.0 conference in San Francisco.



Comments     Threshold


This article is over a month old, voting and posting comments is disabled

The police will love this
By MrTeal on 4/20/2011 3:55:57 PM , Rating: 5
I can see cases where the police would be able to get a warrant on a suspect's iOS device for the purpose of tracking their location. If you're going to rob a bank, make sure to leave the iPhone at home.




RE: The police will love this
By kleinma on 4/20/2011 4:54:00 PM , Rating: 2
They could do that through the cell carrier without ever needing to bother trying to obtain the device (or access to iTunes) from the perp directly. So while I agree you should leave your iPhone at home when you rob a bank, that is just for the fact that any phone you would have on you at any time could be tracked back to a pretty finite area (with cell tower triangulation) or exact (with GPS). I would be way more worried about malware that lifts this file from iTunes or malware on the phone itself that could grab this data from an app that look safe because permissions don't require location based access.


RE: The police will love this
By morphologia on 4/20/2011 4:59:46 PM , Rating: 2
There's a difference between knowing where someone is when they made a particular phone call, and knowing where someone is, or where they have been, anytime you want. I'm pretty sure cell carriers can only find you based on the tower you were using (and various other factors) at the time of a particular call.


RE: The police will love this
By Master Kenobi (blog) on 4/20/2011 6:59:32 PM , Rating: 2
quote:
I'm pretty sure cell carriers can only find you based on the tower you were using (and various other factors) at the time of a particular call.

More likely whenever that phone has to do "something", most phones these days do far more than make a phone call and that connection has to come from somewhere.


RE: The police will love this
By smackababy on 4/20/2011 9:19:38 PM , Rating: 2
Any time your phone is connected to a tower they can triangulate it IIRC. So, if you turn your phone off they can't do anything.


RE: The police will love this
By ThisSpaceForRent on 4/21/2011 12:13:10 AM , Rating: 5
Might need to do a bit more than turn it off. =)

http://www.zdnet.com/news/fbi-taps-cell-phone-mic-...


RE: The police will love this
By JReyh on 4/21/2011 1:37:38 AM , Rating: 3
Says: "If a phone has in fact been modified to act as a bug, the only way to counteract that is to either have a bugsweeper follow you around 24-7, which is not practical, or to peel the battery off the phone"

I thought you can't do that with iPhones.


RE: The police will love this
By callmeroy on 4/21/11, Rating: 0
RE: The police will love this
By callmeroy on 4/25/2011 3:57:11 PM , Rating: 2
As I said....(just to piss people off for the hell of it)...

Or you can just life a honest, law-abiding lifestyle and then you don't have to give a rat's ass about being tracked...


RE: The police will love this
By theapparition on 4/21/2011 9:34:20 AM , Rating: 1
Nope,
If the phone is on, then you can be tracked. Remember, each cell tower needs to know where you are, otherwise, you'd never be able to recieve calls. My wife likes to watch "The First 48". Can't tell you how many episodes I've seen where they've tracked a suspects movements based on thier cell phone data.

Phones that have special tracking software can even track the phone when turned off. Only way is to remove the battery.


RE: The police will love this
By tastyratz on 4/21/2011 1:12:08 PM , Rating: 3
You watch too much tv.
A phone that is powered off can not be tracked. If the phone was booted up and connecting to cell towers while powered off it would drain battery almost as fast as if it was on. You can leave a battery in a phone and turn it off for extended periods with little impact to life compared to if the battery jus tsat.

Cell phone triangulation is also incredibly inaccurate. It does not locate you finer than a many many mile radius. Phones have GPS signaling these days which is what makes this alarming. While law enforcement might be able to subpoena cellular records based on tower logs and triangulate from there... it does not tell them more than you are currently within a triangle drawn from the nearest 3 towers with x signal strength, no better. It might be a 20 mile radius in some areas even...

Onboard gps however can track your location within feet and prove you were in the house not the driveway, etc. You also do not need to be of authority to illegally obtain the records - this is why this invasion of privacy is alarming. You could just as soon have this information retrieved by a virus, hacker, family member, etc.


RE: The police will love this
By fcx56 on 4/21/2011 4:11:00 PM , Rating: 3
Good news if you live in WI, MI or CA, no warrant required!


I'm surprised more people aren't upset
By zephyr1 on 4/20/2011 5:47:54 PM , Rating: 5
The implications of this are scary. Location data is collected minute by minute, stored on your phone, and transfered when you sync. This shows that Apple designed the system to retain and preserve data even when a new device is purchased. The data collection was discovered in June 2010, and so far there has been no "Oops, we'll fix it" from Apple, which means they want the data collection continued. The data is stored in a hidden folder, unencrypted, with no way for a typical user to delete it. The only way a user can effectively "opt out" is to root the phone, something most users are incapable of doing. The fact that Apple is not accessing the data doesn't mean a thing. Now here comes the scary part: When an individual is arrested in the United States, the law allows any device in his possession to be searched without a warrant. That includes a cell phone. So the police can easily and legally obtain a minute by minute location fix showing where the phone (and presumably you) have been, going back a year or more! Maybe I just have my tin foil hat on today, but this scares the heck out of me.

I can find no legitimate use for the retention of this data other than allowing the government to easily track an individual when needed. Remember, the data is not sent to Apple, only maintained on your phone and any other Apple device it syncs to. Apple can claim no privacy violation because they don't see the data, but the data is still available for use by the authorities.




RE: I'm surprised more people aren't upset
By xti on 4/20/2011 11:30:55 PM , Rating: 1
oh no, they know im home...my mom knows when im home, thats much worse.


RE: I'm surprised more people aren't upset
By Smilin on 4/21/2011 10:08:35 AM , Rating: 2
Your mom also knows *everywhere* you've been with your phone...if she has access to your computer.


By xti on 4/26/2011 12:27:38 PM , Rating: 2
so?


By frobizzle on 4/21/2011 10:48:38 AM , Rating: 2
quote:
I'm surprised more people aren't upse

No surprise. These are primarily Apple zombies. In their pea brains, anything Jobs wants or does has to be good!

After all, it's magic!


RE: I'm surprised more people aren't upset
By JediJeb on 4/21/2011 2:59:35 PM , Rating: 2
I'm not surprised at all. Most people today care more about convenience or status and very little about what they have to give up for it.

I guess I will be hanging on to my RAZR a lot longer now as it retains much less information than most of the new phones out now. Though it probably still retains more info than I would want it to.


By messele on 4/21/2011 3:15:16 PM , Rating: 2
I wouldn't worry too much about what info the handset retains, at least you posses that. If you are really fitting yourself out for a tinfoil hat then worry more about the relationship between your phone's IMEI number and your telco who can triangulate it's position whenever they like...


And this is a good move because...
By bug77 on 4/20/2011 4:43:48 PM , Rating: 5
... Tony, Pirks, help me out here...




RE: And this is a good move because...
By Tony Swash on 4/21/2011 1:27:26 PM , Rating: 1
a) No evidence that Apple is collecting or using this data

b) No evidence that this was intentional

c) Circumstantial evidence that this is a bug rather than a feature. Location data gets cached but no delete is written and thus it piles up.

If it is a bug or oversight that's a bummer but it should be fixed in a future update.

John Gruber
quote:
The big question of course, is why Apple is storing this information. I don’t have a definitive answer, but my little-birdie-informed understanding is that consolidated.db acts as a cache for location data, and that historical data should be getting culled but isn’t, either due to a bug or, more likely, an oversight. I.e. someone wrote the code to cache location data but never wrote code to cull non-recent entries from the cache, so that a database that’s meant to serve as a cache of your recent location data is instead a persistent log of your location history. I’d wager this gets fixed in the next iOS update.



Time will tell.

Meanwhile I know Apple phobes will be jizzing in their shorts over this non-event (and lets face it it if you hate Apple then the way the company seems to be taking over the world is bound to engender a shortness of jizz and a tendency to flaccidity so you have to grab what you can) but a bigger story is that in the most recent quarter Apple overtook Nokia to become the world's largest phone vendor in terms of revenue.

Apple's iPhone revenue of $11.9 billion surpassed Nokia, which saw its revenue shrink to $9.4 billion.

Apple took the top position in just fours years from a position of having zero products or profile in the mobile phone industry. Nice.


RE: And this is a good move because...
By bug77 on 4/21/2011 3:26:53 PM , Rating: 2
quote:
b) No evidence that this was intentional c) Circumstantial evidence that this is a bug rather than a feature. Location data gets cached but no delete is written and thus it piles up.


I guess you missed this little detail:

quote:
The fact that [the file] is transferred across [to a new iPhone or iPad] when you migrate is evidence that the data-gathering isn't accidental.


Or do you think synching cache files is just another bug? And no means to clean the said cache is another one.

It's not unthinkable, it could be a bug after all, but you seem to give them an undeserved benefit of the doubt.


RE: And this is a good move because...
By Tony Swash on 4/22/2011 8:18:59 AM , Rating: 1
quote:
I guess you missed this little detail:

quote:
The fact that [the file] is transferred across [to a new iPhone or iPad] when you migrate is evidence that the data-gathering isn't accidental.


Apple is not collecting the information. It's stored on your iPhone, and on your desktop through iTunes backups. Apple does not collect the information from your iPhone, and it doesn't collect it from iTunes either. The fact that a bug involved in caching data might also effect syncing data does not seem very far fetched.

If this was intentional by Apple and if Apple is not collecting the data (and if there is evidence that Apple has done so then by all means share it) then why would Apple do this?

It seems to me the most likely explanation is it's a bug. The same mechanism exists in Android by the way but in that OS the data culling mechanism works better. But even on Android the data on your most recent locations can exist for a very long time, it does not get wiped nor does it expire (it will prune the data during updates, but not when nothing is happening), so you can use it to figure out he last 50 towers a phone contacted... Even if the phone has been off for an extended period of time.


RE: And this is a good move because...
By yomamafor1 on 4/23/2011 2:56:07 AM , Rating: 2
No, its not a bug. It is even specifically stated within iTune's EULA that they do collect information such as your occupation, locations, area code, and even time zone. (which may I point out, that Apple would ban you from iTune if you opt out of the clause).

quote:
We may collect information such as occupation, language, zip code, area code, unique device identifier, location, and the time zone where an Apple product is used so that we can better understand customer behavior and improve our products, services, and advertising.


RE: And this is a good move because...
By B3an on 4/25/2011 2:09:17 AM , Rating: 1
Yeah this isn't a bug. But lets pretend it is, and lets also pretend Apple does not collect data, even then it's still bad. Anyone could access this file with access to your phone or computer.


By Smilin on 4/21/2011 3:50:33 PM , Rating: 2
quote:
b) No evidence that this was intentional


Yeah their lawyer was walking down the hall with a huge stack of papers. He tripped and while trying to catch himself managed to scribble a new addition into the EULA to cover the data collection. Not intentional at all.

True story.


By Smartless on 4/20/2011 3:45:22 PM , Rating: 2
I mean I'm not saying Iphone users are non-technologically inclined (smirk) but wouldn't it require us downloading a third party app or jail-breaking it just to see this file?




By sprockkets on 4/21/2011 2:56:08 PM , Rating: 2
Depends. I regularly find ipod touches mount as a usb drive. The file might be accessible.

And if itunes backs it up, it must also be somewhere on the computer too.


By morphologia on 4/20/2011 4:55:58 PM , Rating: 3
Felony stalking? There's an app for that...or there will be before long.

:p




Classic
By sprockkets on 4/20/2011 11:56:21 PM , Rating: 3
quote:
Apple CEO Steve Jobs admitted last summer that the company had been "naive" about how some companies were using the data they collected. Developers had violated Apple's privacy policy by forwarding device and location data to a third party network.

The practice drew Jobs' ire last year when Flurry Analytics published the data as evidence of the then-unannounced iPad. "It's violating every rule in our privacy policy," said Jobs. "We went through the roof about this. So we said: No, we're not going to allow this. It's violating our privacy policies and its pissing us off that they're publishing data about our new products."


Remember, apple only cares about their privacy, not yours.

The walled garden is a lie.




By djsims on 4/21/2011 6:13:44 AM , Rating: 2
By secrectly collecting our personal data without out express consent violates our basic rights to privacy. Whether or not the data leaves our laptops or iphone, apple have knowingly and maliciously created a program that compromise our privacy.




By jklauderdale on 4/21/2011 9:15:30 AM , Rating: 2
Earlier this year, California's Supreme Court ruled that your cell phone is the equivalent of a pack of cigarettes. As such, the police are allowed to search it for known contacts, chat logs etc without a warrant.




Color me unsurprised
By munky on 4/21/2011 1:18:22 PM , Rating: 2
Does the average iphone user care about privacy? I would guess not. If they did, probably wouldn't have bought an Apple product in the first place.




Big brother
By PassionForGod on 4/23/2011 4:19:08 AM , Rating: 2
It's funny how the tables have turned from the 1984 ad that Apple did when they portait IBM as a big brother watching your every move.

Live your life for God.. and God will lead your life to a world full of LOVE and true HAPPINESS.




oh please...
By kattanna on 4/20/11, Rating: -1
RE: oh please...
By edge929 on 4/20/2011 3:41:41 PM , Rating: 2
Some of us encrypt everything, pictures, home videos, tax documents, etc and do not allow our browsers to save passwords or even address info. Sitting down at my computer, besides being an incredible experience in and of itself, will not give the user anything they had before they say down (except maybe an unpleasant odor from the 10 years of farts lovingly applied into my chair).


RE: oh please...
By Breathless on 4/20/2011 4:50:49 PM , Rating: 2
Open up SIW on your system and you might find out that someone else may be able to find more than you bargained for.


RE: oh please...
By snikt on 4/20/2011 3:42:04 PM , Rating: 2
quote:
anyone who has direct physical access to your phone or computer can pull up far more "damning" info


I'm sure I don't know what you're talking about. That's my story and I'm sticking to it.


RE: oh please...
By invidious on 4/20/2011 3:44:22 PM , Rating: 3
The only way "damning" info would normally be on your phone or computer is if you put/left it there. The problem here is that no one is chosing to keep this location data on their device. Apple is putting it there.


RE: oh please...
By dubldwn on 4/20/2011 3:43:55 PM , Rating: 2
That's a good point. I'd be much more concerned about my computer. Regarding the article, when I go to the whore house or the gay part of town to buy some blow, I do always turn my phone off. I'd imagine if I was going to commit a murder or similar, I'd probably just leave my phone at home. If anything, I guess that would help with my alibi.


RE: oh please...
By Souka on 4/20/2011 5:01:33 PM , Rating: 2
Good idea, I'll have to remember that next time...


RE: oh please...
By cfaalm on 4/21/2011 7:34:30 AM , Rating: 2
Or even better, send the phone around with Fedex. That'll keep 'em busy.


RE: oh please...
By nafhan on 4/20/2011 3:46:36 PM , Rating: 2
Since evidence generally isn't an either or proposition, the GPS coordinates would probably be used in addition to any other information. It's easy to come up with a scenario where having location info turns iffy circumstantial evidence into really good circumstantial evidence.


RE: oh please...
By MPE on 4/20/2011 4:17:46 PM , Rating: 1
But that does not excuse Apple.


Usual sensationalist crap...
By messele on 4/20/11, Rating: -1
RE: Usual sensationalist crap...
By ZaethDekar on 4/20/2011 5:35:34 PM , Rating: 1
quote:
In any case don't all desktop operating systems have user accounts these days? Problem solved.


yes, but doesn't mean people dont use it. I don't have a password on my desktop as it his hooked up to my TV so family can hop on to watch movies or have music playing...

Granted all of my important documents are secured on my external harddrive that stays with me. However that portion is in the minority. A lot of people I have worked with or talked to don't have a password on their computer... even their laptop which is their only computer at times.

So really, the problem really is between the keyboard and chair.


RE: Usual sensationalist crap...
By messele on 4/21/2011 2:48:28 AM , Rating: 2
The problem is always between the computer and the chair. Got a virus? That's probably because you agreed to install it as your sense of danger is lax...

If somebody could get to that database file on my machine then it'd be fairly low down my list of things that I would not want outsiders snooping for. If people choose not to do something as simple as create a proper user account on their machine then fine, but it's not as if it's difficult to do if people really are concerned about this stuff.

Apple collecting data that is stored on YOUR own hardware and collected (albeit unwittingly) by yourself is infinitely preferable to Google's lame tactic of wardriving the streets of the world where collected data is only under THEIR control (even after they were caught out and came up with that really poor excuse), and we all know what Google's primary business is yet this seems to bother few people?

I'm reading reports that far from tracking users that file has everything to with collecting data to enable improvements to wireless networks. That may be utter rubbish but it would make a lot of sense since if the intention was to track users there would be data from all of the wireless radios as well as GPS right?


RE: Usual sensationalist crap...
By tng on 4/20/2011 6:00:38 PM , Rating: 1
quote:
data remains under the owners control and is never sent to Apple.
So far.....


RE: Usual sensationalist crap...
By morphologia on 4/20/2011 6:13:25 PM , Rating: 2
Don't forget...no one really OWNS an Apple product except Apple. The consumers are just paying for the privilege of keeping the devices in their houses...or wherever they keep them.

Doesn't matter, 'cause Apple can find out where they are kept whenever they want...(sinister laugh)


By MechanicalTechie on 4/20/2011 7:23:30 PM , Rating: 2
Isn't that the truth, I have no respect for anyone that own... sorry loans an Apple product. What is wrong with people who happily accept a company to take the piss, just so they can feel cool??

Apple Loanership = Total Moron!!


RE: Usual sensationalist crap...
By W00dmann on 4/21/11, Rating: 0
RE: Usual sensationalist crap...
By W00dmann on 4/21/2011 8:03:55 PM , Rating: 2
Ah yes, voting me down with no counterargument. Proving my point much more effectively than I ever could. Thanks, looks good on ya! :D


don't take it personally, babe
By Conner on 4/20/11, Rating: -1
RE: don't take it personally, babe
By Conner on 4/20/11, Rating: 0
By MechanicalTechie on 4/20/2011 11:09:49 PM , Rating: 4
Are you seriously suggesting they are just storing this data for fun?? For whatever reason they are doing it (and there most certainly is a reason), it will not be in the benefit of the user, it will be for Apples own reasons.

I mean since when has Apple stopped itself from using its customers as cash cows, the ultimate in taking the piss, don't allow your customers to actually own the product and then milk them for every last cent you can. Nice!!


I smell bull...
By neonbinary on 4/20/11, Rating: -1
WIndows Phone 7
By ZaethDekar on 4/20/11, Rating: -1
RE: WIndows Phone 7
By Smilin on 4/21/2011 3:59:24 PM , Rating: 1
No, WP7 doesn't have this feature.

It has location features similar to other phones on the market: GPS/Location for emergency services, applications, and stolen phone recovery.

It does not record the information.

Further more you can turn off GPS/Location any time you wish (for emergency services, or just apps). Apple allows this but won't clear your location records and if you wipe the phone yourself a backup will remain on your computer.

And sure it might be something nice for parents but guess what? I'm a grown up.

It's also something nice for criminals. Sure I stole your iPhone but now I know where you live and that you leave your house for road trips frequently.

quote:
Why is this such a big deal?


Think.


"We basically took a look at this situation and said, this is bullshit." -- Newegg Chief Legal Officer Lee Cheng's take on patent troll Soverain














botimage
Copyright 2014 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki