Print 58 comment(s) - last by xti.. on Apr 26 at 12:27 PM

Apple's iPads and iPhone track a user's every move. Two security researchers made this shocking discovery while searching through the iPhone's files.  (Source: BKK Photography)

A map shows a users' movements across England. The data can be collected and analyzed by anyone with access to a user's computer, or the machine they sync their device with.  (Source: Pete Warden and Alasdair Allan)

The researchers are presenting their findings at Where 2.0 in San Francisco.  (Source: O'Reilly Publishing)
Apple users -- big brother Jobs is watching you

Pete Warden and Alasdair Allan, a pair of security researchers, have made a discovery about Apple Inc.'s (AAPL) popular iPhone and iPad devices.  According to an in depth study they performed, Apple not only tracks its iPhone and iPad users' every move, but it stores that information in a local file.

According to the researchers, the feature popped up with the release of iOS 4.  

It has been known for some time that the iPhones collect data on their user's position and uses it to target iAds at them.  Apple had received a great deal of criticism for doing that.  But nobody knew just how far Apple had gone in violating its users’ privacy -- until now.

The file is found in both iPad and iPhone.  It even transfers when users purchase a new device.

Describes Mr. Allan in an interview with British news site Guardian, "Apple might have new features in mind that require a history of your location, but that's our speculation. The fact that [the file] is transferred across [to a new iPhone or iPad] when you migrate is evidence that the data-gathering isn't accidental."

The pair discovered the data file on accident.  Recalls Mr. Warden, "We'd been discussing doing a visualization of mobile data, and while Alasdair was researching into what was available, he discovered this file. At first we weren't sure how much data was there, but after we dug further and visualized the extracted data, it became clear that there was a scary amount of detail on our movements."

Strangely, Apple does not appear to be directly transmitting the data to a central location, so it’s unclear why exactly its storing it locally.  The decision to track and store a users' location in a local file is highly unusual.  Mr. Warden and Mr. Allan searched for similar code in Google Inc.'s (GOOG) open source smart phone/tablet operating system, Android, but could not find one.

States Mr. Warden, "Alasdair has looked for similar tracking code in [Google's] Android phones and couldn't find any.  We haven't come across any instances of other phone manufacturers doing this."

He says that Apple has committed a shocking breach of privacy.  He comments, "Apple has made it possible for almost anybody – a jealous spouse, a private detective – with access to your phone or computer to get detailed information about where you've been."

The file is also transferred to the user's computer when they sync their device.  This raises the possibility that a computer thief or someone with access to the user's laptop could track their recent whereabouts.

Simon Davies, director of the pressure group Privacy International, agrees that the implications of the discovery are alarming.  He states, "This is a worrying discovery. Location is one of the most sensitive elements in anyone's life – just think where people go in the evening. The existence of that data creates a real threat to privacy. The absence of notice to users or any control option can only stem from an ignorance about privacy at the design stage."

The data is stored any direct agreement or approval from the user.  However, iTunes' 15,200-word terms and conditions contract does state:

Apple and our partners and licensees may collect, use, and share precise location data, including the real-time geographic location of your Apple computer or device. This location data is collected anonymously in a form that does not personally identify you and is used by Apple and our partners and licensees to provide and improve location-based products and services. For example, we may share geographic location with application providers when you opt in to their location services.

If users opt out, they are banned from iTunes.

Apple refused to comment on why its devices are monitoring its users' every move.

For Apple users, about the only way to provide yourself with a degree of safety is to try to encrypt the file.  Details can be found at a webpage the pair has been set up.  More details can also be found in an article the pair authored for the site O'Reilly's Radar.

The pair are presenting their findings later today, in detail, at the Where 2.0 conference in San Francisco.

Comments     Threshold

This article is over a month old, voting and posting comments is disabled

RE: The police will love this
By kleinma on 4/20/2011 4:54:00 PM , Rating: 2
They could do that through the cell carrier without ever needing to bother trying to obtain the device (or access to iTunes) from the perp directly. So while I agree you should leave your iPhone at home when you rob a bank, that is just for the fact that any phone you would have on you at any time could be tracked back to a pretty finite area (with cell tower triangulation) or exact (with GPS). I would be way more worried about malware that lifts this file from iTunes or malware on the phone itself that could grab this data from an app that look safe because permissions don't require location based access.

RE: The police will love this
By morphologia on 4/20/2011 4:59:46 PM , Rating: 2
There's a difference between knowing where someone is when they made a particular phone call, and knowing where someone is, or where they have been, anytime you want. I'm pretty sure cell carriers can only find you based on the tower you were using (and various other factors) at the time of a particular call.

RE: The police will love this
By Master Kenobi on 4/20/2011 6:59:32 PM , Rating: 2
I'm pretty sure cell carriers can only find you based on the tower you were using (and various other factors) at the time of a particular call.

More likely whenever that phone has to do "something", most phones these days do far more than make a phone call and that connection has to come from somewhere.

RE: The police will love this
By smackababy on 4/20/2011 9:19:38 PM , Rating: 2
Any time your phone is connected to a tower they can triangulate it IIRC. So, if you turn your phone off they can't do anything.

RE: The police will love this
By ThisSpaceForRent on 4/21/2011 12:13:10 AM , Rating: 5
Might need to do a bit more than turn it off. =)

RE: The police will love this
By JReyh on 4/21/2011 1:37:38 AM , Rating: 3
Says: "If a phone has in fact been modified to act as a bug, the only way to counteract that is to either have a bugsweeper follow you around 24-7, which is not practical, or to peel the battery off the phone"

I thought you can't do that with iPhones.

RE: The police will love this
By callmeroy on 4/21/11, Rating: 0
RE: The police will love this
By callmeroy on 4/25/2011 3:57:11 PM , Rating: 2
As I said....(just to piss people off for the hell of it)...

Or you can just life a honest, law-abiding lifestyle and then you don't have to give a rat's ass about being tracked...

RE: The police will love this
By theapparition on 4/21/2011 9:34:20 AM , Rating: 1
If the phone is on, then you can be tracked. Remember, each cell tower needs to know where you are, otherwise, you'd never be able to recieve calls. My wife likes to watch "The First 48". Can't tell you how many episodes I've seen where they've tracked a suspects movements based on thier cell phone data.

Phones that have special tracking software can even track the phone when turned off. Only way is to remove the battery.

RE: The police will love this
By tastyratz on 4/21/2011 1:12:08 PM , Rating: 3
You watch too much tv.
A phone that is powered off can not be tracked. If the phone was booted up and connecting to cell towers while powered off it would drain battery almost as fast as if it was on. You can leave a battery in a phone and turn it off for extended periods with little impact to life compared to if the battery jus tsat.

Cell phone triangulation is also incredibly inaccurate. It does not locate you finer than a many many mile radius. Phones have GPS signaling these days which is what makes this alarming. While law enforcement might be able to subpoena cellular records based on tower logs and triangulate from there... it does not tell them more than you are currently within a triangle drawn from the nearest 3 towers with x signal strength, no better. It might be a 20 mile radius in some areas even...

Onboard gps however can track your location within feet and prove you were in the house not the driveway, etc. You also do not need to be of authority to illegally obtain the records - this is why this invasion of privacy is alarming. You could just as soon have this information retrieved by a virus, hacker, family member, etc.

"DailyTech is the best kept secret on the Internet." -- Larry Barber

Latest Headlines
Inspiron Laptops & 2-in-1 PCs
September 25, 2016, 9:00 AM
The Samsung Galaxy S7
September 14, 2016, 6:00 AM
Apple Watch 2 – Coming September 7th
September 3, 2016, 6:30 AM
Apple says “See you on the 7th.”
September 1, 2016, 6:30 AM

Most Popular Articles5 Cases for iPhone 7 and 7 iPhone Plus
September 18, 2016, 10:08 AM
No More Turtlenecks - Try Snakables
September 19, 2016, 7:44 AM
ADHD Diagnosis and Treatment in Children: Problem or Paranoia?
September 19, 2016, 5:30 AM
Walmart may get "Robot Shopping Carts?"
September 17, 2016, 6:01 AM
Automaker Porsche may expand range of Panamera Coupe design.
September 18, 2016, 11:00 AM

Copyright 2016 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki