Print 58 comment(s) - last by xti.. on Apr 26 at 12:27 PM

Apple's iPads and iPhone track a user's every move. Two security researchers made this shocking discovery while searching through the iPhone's files.  (Source: BKK Photography)

A map shows a users' movements across England. The data can be collected and analyzed by anyone with access to a user's computer, or the machine they sync their device with.  (Source: Pete Warden and Alasdair Allan)

The researchers are presenting their findings at Where 2.0 in San Francisco.  (Source: O'Reilly Publishing)
Apple users -- big brother Jobs is watching you

Pete Warden and Alasdair Allan, a pair of security researchers, have made a discovery about Apple Inc.'s (AAPL) popular iPhone and iPad devices.  According to an in depth study they performed, Apple not only tracks its iPhone and iPad users' every move, but it stores that information in a local file.

According to the researchers, the feature popped up with the release of iOS 4.  

It has been known for some time that the iPhones collect data on their user's position and uses it to target iAds at them.  Apple had received a great deal of criticism for doing that.  But nobody knew just how far Apple had gone in violating its users’ privacy -- until now.

The file is found in both iPad and iPhone.  It even transfers when users purchase a new device.

Describes Mr. Allan in an interview with British news site Guardian, "Apple might have new features in mind that require a history of your location, but that's our speculation. The fact that [the file] is transferred across [to a new iPhone or iPad] when you migrate is evidence that the data-gathering isn't accidental."

The pair discovered the data file on accident.  Recalls Mr. Warden, "We'd been discussing doing a visualization of mobile data, and while Alasdair was researching into what was available, he discovered this file. At first we weren't sure how much data was there, but after we dug further and visualized the extracted data, it became clear that there was a scary amount of detail on our movements."

Strangely, Apple does not appear to be directly transmitting the data to a central location, so it’s unclear why exactly its storing it locally.  The decision to track and store a users' location in a local file is highly unusual.  Mr. Warden and Mr. Allan searched for similar code in Google Inc.'s (GOOG) open source smart phone/tablet operating system, Android, but could not find one.

States Mr. Warden, "Alasdair has looked for similar tracking code in [Google's] Android phones and couldn't find any.  We haven't come across any instances of other phone manufacturers doing this."

He says that Apple has committed a shocking breach of privacy.  He comments, "Apple has made it possible for almost anybody – a jealous spouse, a private detective – with access to your phone or computer to get detailed information about where you've been."

The file is also transferred to the user's computer when they sync their device.  This raises the possibility that a computer thief or someone with access to the user's laptop could track their recent whereabouts.

Simon Davies, director of the pressure group Privacy International, agrees that the implications of the discovery are alarming.  He states, "This is a worrying discovery. Location is one of the most sensitive elements in anyone's life – just think where people go in the evening. The existence of that data creates a real threat to privacy. The absence of notice to users or any control option can only stem from an ignorance about privacy at the design stage."

The data is stored any direct agreement or approval from the user.  However, iTunes' 15,200-word terms and conditions contract does state:

Apple and our partners and licensees may collect, use, and share precise location data, including the real-time geographic location of your Apple computer or device. This location data is collected anonymously in a form that does not personally identify you and is used by Apple and our partners and licensees to provide and improve location-based products and services. For example, we may share geographic location with application providers when you opt in to their location services.

If users opt out, they are banned from iTunes.

Apple refused to comment on why its devices are monitoring its users' every move.

For Apple users, about the only way to provide yourself with a degree of safety is to try to encrypt the file.  Details can be found at a webpage the pair has been set up.  More details can also be found in an article the pair authored for the site O'Reilly's Radar.

The pair are presenting their findings later today, in detail, at the Where 2.0 conference in San Francisco.

Comments     Threshold

This article is over a month old, voting and posting comments is disabled

I'm surprised more people aren't upset
By zephyr1 on 4/20/2011 5:47:54 PM , Rating: 5
The implications of this are scary. Location data is collected minute by minute, stored on your phone, and transfered when you sync. This shows that Apple designed the system to retain and preserve data even when a new device is purchased. The data collection was discovered in June 2010, and so far there has been no "Oops, we'll fix it" from Apple, which means they want the data collection continued. The data is stored in a hidden folder, unencrypted, with no way for a typical user to delete it. The only way a user can effectively "opt out" is to root the phone, something most users are incapable of doing. The fact that Apple is not accessing the data doesn't mean a thing. Now here comes the scary part: When an individual is arrested in the United States, the law allows any device in his possession to be searched without a warrant. That includes a cell phone. So the police can easily and legally obtain a minute by minute location fix showing where the phone (and presumably you) have been, going back a year or more! Maybe I just have my tin foil hat on today, but this scares the heck out of me.

I can find no legitimate use for the retention of this data other than allowing the government to easily track an individual when needed. Remember, the data is not sent to Apple, only maintained on your phone and any other Apple device it syncs to. Apple can claim no privacy violation because they don't see the data, but the data is still available for use by the authorities.

RE: I'm surprised more people aren't upset
By xti on 4/20/2011 11:30:55 PM , Rating: 1
oh no, they know im mom knows when im home, thats much worse.

RE: I'm surprised more people aren't upset
By Smilin on 4/21/2011 10:08:35 AM , Rating: 2
Your mom also knows *everywhere* you've been with your phone...if she has access to your computer.

By xti on 4/26/2011 12:27:38 PM , Rating: 2

By frobizzle on 4/21/2011 10:48:38 AM , Rating: 2
I'm surprised more people aren't upse

No surprise. These are primarily Apple zombies. In their pea brains, anything Jobs wants or does has to be good!

After all, it's magic!

RE: I'm surprised more people aren't upset
By JediJeb on 4/21/2011 2:59:35 PM , Rating: 2
I'm not surprised at all. Most people today care more about convenience or status and very little about what they have to give up for it.

I guess I will be hanging on to my RAZR a lot longer now as it retains much less information than most of the new phones out now. Though it probably still retains more info than I would want it to.

By messele on 4/21/2011 3:15:16 PM , Rating: 2
I wouldn't worry too much about what info the handset retains, at least you posses that. If you are really fitting yourself out for a tinfoil hat then worry more about the relationship between your phone's IMEI number and your telco who can triangulate it's position whenever they like...

"A politician stumbles over himself... Then they pick it out. They edit it. He runs the clip, and then he makes a funny face, and the whole audience has a Pavlovian response." -- Joe Scarborough on John Stewart over Jim Cramer

Latest Headlines

Most Popular Articles5 Cases for iPhone 7 and 7 iPhone Plus
September 18, 2016, 10:08 AM
Automaker Porsche may expand range of Panamera Coupe design.
September 18, 2016, 11:00 AM
Walmart may get "Robot Shopping Carts?"
September 17, 2016, 6:01 AM
No More Turtlenecks - Try Snakables
September 19, 2016, 7:44 AM
ADHD Diagnosis and Treatment in Children: Problem or Paranoia?
September 19, 2016, 5:30 AM

Copyright 2016 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki