Print 58 comment(s) - last by xti.. on Apr 26 at 12:27 PM

Apple's iPads and iPhone track a user's every move. Two security researchers made this shocking discovery while searching through the iPhone's files.  (Source: BKK Photography)

A map shows a users' movements across England. The data can be collected and analyzed by anyone with access to a user's computer, or the machine they sync their device with.  (Source: Pete Warden and Alasdair Allan)

The researchers are presenting their findings at Where 2.0 in San Francisco.  (Source: O'Reilly Publishing)
Apple users -- big brother Jobs is watching you

Pete Warden and Alasdair Allan, a pair of security researchers, have made a discovery about Apple Inc.'s (AAPL) popular iPhone and iPad devices.  According to an in depth study they performed, Apple not only tracks its iPhone and iPad users' every move, but it stores that information in a local file.

According to the researchers, the feature popped up with the release of iOS 4.  

It has been known for some time that the iPhones collect data on their user's position and uses it to target iAds at them.  Apple had received a great deal of criticism for doing that.  But nobody knew just how far Apple had gone in violating its users’ privacy -- until now.

The file is found in both iPad and iPhone.  It even transfers when users purchase a new device.

Describes Mr. Allan in an interview with British news site Guardian, "Apple might have new features in mind that require a history of your location, but that's our speculation. The fact that [the file] is transferred across [to a new iPhone or iPad] when you migrate is evidence that the data-gathering isn't accidental."

The pair discovered the data file on accident.  Recalls Mr. Warden, "We'd been discussing doing a visualization of mobile data, and while Alasdair was researching into what was available, he discovered this file. At first we weren't sure how much data was there, but after we dug further and visualized the extracted data, it became clear that there was a scary amount of detail on our movements."

Strangely, Apple does not appear to be directly transmitting the data to a central location, so it’s unclear why exactly its storing it locally.  The decision to track and store a users' location in a local file is highly unusual.  Mr. Warden and Mr. Allan searched for similar code in Google Inc.'s (GOOG) open source smart phone/tablet operating system, Android, but could not find one.

States Mr. Warden, "Alasdair has looked for similar tracking code in [Google's] Android phones and couldn't find any.  We haven't come across any instances of other phone manufacturers doing this."

He says that Apple has committed a shocking breach of privacy.  He comments, "Apple has made it possible for almost anybody – a jealous spouse, a private detective – with access to your phone or computer to get detailed information about where you've been."

The file is also transferred to the user's computer when they sync their device.  This raises the possibility that a computer thief or someone with access to the user's laptop could track their recent whereabouts.

Simon Davies, director of the pressure group Privacy International, agrees that the implications of the discovery are alarming.  He states, "This is a worrying discovery. Location is one of the most sensitive elements in anyone's life – just think where people go in the evening. The existence of that data creates a real threat to privacy. The absence of notice to users or any control option can only stem from an ignorance about privacy at the design stage."

The data is stored any direct agreement or approval from the user.  However, iTunes' 15,200-word terms and conditions contract does state:

Apple and our partners and licensees may collect, use, and share precise location data, including the real-time geographic location of your Apple computer or device. This location data is collected anonymously in a form that does not personally identify you and is used by Apple and our partners and licensees to provide and improve location-based products and services. For example, we may share geographic location with application providers when you opt in to their location services.

If users opt out, they are banned from iTunes.

Apple refused to comment on why its devices are monitoring its users' every move.

For Apple users, about the only way to provide yourself with a degree of safety is to try to encrypt the file.  Details can be found at a webpage the pair has been set up.  More details can also be found in an article the pair authored for the site O'Reilly's Radar.

The pair are presenting their findings later today, in detail, at the Where 2.0 conference in San Francisco.

Comments     Threshold

This article is over a month old, voting and posting comments is disabled

Usual sensationalist crap...
By messele on 4/20/2011 4:04:14 PM , Rating: -1
So on the one hand "Apple is tracking iPhone, iPad users locations" and on the other hand this data remains under the owners control and is never sent to Apple.

That's about the quality of Journalism we've come to expect from you Jason, I'm only surprised you are so slow breaking this one.

Let's get one thing clear. If your phone, or any other device, has a cell transceiver then you are already being tracked, though it's usually benign, but the potential is there for you to be monitored by persons and it's all outside of your control. It's certainly not Apple, or Google (actually it might be Google) or Microsoft that would be doing this.

It's absolutely no surprise that Apple are logging this data, and so other mobile operating systems will be doing the same. Perhaps the only part that is morally questionable is the fact that it's stored when syncing with iTunes (and therefore by definition is not real-time by the way) so nosey householders can trace your tracks, but honestly how many people trust their own families so little, or have that much to hide, that it's a real problem.

In any case don't all desktop operating systems have user accounts these days? Problem solved.

RE: Usual sensationalist crap...
By ZaethDekar on 4/20/2011 5:35:34 PM , Rating: 1
In any case don't all desktop operating systems have user accounts these days? Problem solved.

yes, but doesn't mean people dont use it. I don't have a password on my desktop as it his hooked up to my TV so family can hop on to watch movies or have music playing...

Granted all of my important documents are secured on my external harddrive that stays with me. However that portion is in the minority. A lot of people I have worked with or talked to don't have a password on their computer... even their laptop which is their only computer at times.

So really, the problem really is between the keyboard and chair.

RE: Usual sensationalist crap...
By messele on 4/21/2011 2:48:28 AM , Rating: 2
The problem is always between the computer and the chair. Got a virus? That's probably because you agreed to install it as your sense of danger is lax...

If somebody could get to that database file on my machine then it'd be fairly low down my list of things that I would not want outsiders snooping for. If people choose not to do something as simple as create a proper user account on their machine then fine, but it's not as if it's difficult to do if people really are concerned about this stuff.

Apple collecting data that is stored on YOUR own hardware and collected (albeit unwittingly) by yourself is infinitely preferable to Google's lame tactic of wardriving the streets of the world where collected data is only under THEIR control (even after they were caught out and came up with that really poor excuse), and we all know what Google's primary business is yet this seems to bother few people?

I'm reading reports that far from tracking users that file has everything to with collecting data to enable improvements to wireless networks. That may be utter rubbish but it would make a lot of sense since if the intention was to track users there would be data from all of the wireless radios as well as GPS right?

RE: Usual sensationalist crap...
By tng on 4/20/2011 6:00:38 PM , Rating: 1
data remains under the owners control and is never sent to Apple.
So far.....

RE: Usual sensationalist crap...
By morphologia on 4/20/2011 6:13:25 PM , Rating: 2
Don't one really OWNS an Apple product except Apple. The consumers are just paying for the privilege of keeping the devices in their houses...or wherever they keep them.

Doesn't matter, 'cause Apple can find out where they are kept whenever they want...(sinister laugh)

By MechanicalTechie on 4/20/2011 7:23:30 PM , Rating: 2
Isn't that the truth, I have no respect for anyone that own... sorry loans an Apple product. What is wrong with people who happily accept a company to take the piss, just so they can feel cool??

Apple Loanership = Total Moron!!

RE: Usual sensationalist crap...
By W00dmann on 4/21/11, Rating: 0
RE: Usual sensationalist crap...
By W00dmann on 4/21/2011 8:03:55 PM , Rating: 2
Ah yes, voting me down with no counterargument. Proving my point much more effectively than I ever could. Thanks, looks good on ya! :D

"We shipped it on Saturday. Then on Sunday, we rested." -- Steve Jobs on the iPad launch

Copyright 2015 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki