Warden and Alasdair Allan, a pair of security researchers, have made a discovery
about Apple Inc.'s (AAPL) popular iPhone and iPad
devices. According to an in depth study they performed, Apple not only
tracks its iPhone and iPad users' every move, but it stores that
information in a local file.
According to the researchers, the feature popped up with the release of iOS 4.
It has been known for some time that the iPhones collect
data on their user's position and uses it to target iAds at them.
Apple had received
a great deal of criticism for doing that. But nobody knew just
how far Apple had gone in violating its users’ privacy -- until now.
The file is found in both iPad and iPhone. It even transfers when users
purchase a new device.
Describes Mr. Allan in an interview with
British news site Guardian, "Apple might have new features in
mind that require a history of your location, but that's our speculation. The
fact that [the file] is transferred across [to a new iPhone or iPad] when you
migrate is evidence that the data-gathering isn't accidental."
The pair discovered the data file on accident. Recalls Mr. Warden,
"We'd been discussing doing a visualization of mobile data, and while
Alasdair was researching into what was available, he discovered this file. At
first we weren't sure how much data was there, but after we dug further and visualized
the extracted data, it became clear that there was a scary amount of detail on
Strangely, Apple does not appear to be directly transmitting the data to a
central location, so it’s unclear why exactly its storing it locally. The
decision to track and store a users' location in a local file is highly
unusual. Mr. Warden and Mr. Allan searched for similar code in Google
Inc.'s (GOOG) open source smart
phone/tablet operating system, Android, but could not find one.
States Mr. Warden, "Alasdair has looked for similar tracking code in
[Google's] Android phones and couldn't find any. We haven't come across
any instances of other phone manufacturers doing this."
He says that Apple has committed a shocking breach of privacy. He
comments, "Apple has made it possible for almost anybody – a jealous
spouse, a private detective – with access to your phone or computer to get
detailed information about where you've been."
The file is also transferred to the user's computer when they sync their
device. This raises the possibility that a computer thief or someone with
access to the user's laptop could track their recent whereabouts.
Simon Davies, director of the pressure group Privacy
International, agrees that the implications of the discovery are alarming.
He states, "This is a worrying discovery. Location is one of the
most sensitive elements in anyone's life – just think where people go in the
evening. The existence of that data creates a real threat to privacy. The
absence of notice to users or any control option can only stem from an
ignorance about privacy at the design stage."
The data is stored any direct agreement or approval from the user.
15,200-word terms and conditions contract does state:
Apple and our partners and licensees may collect, use, and share
precise location data, including the real-time geographic location of your
Apple computer or device. This location data is collected anonymously in a form
that does not personally identify you and is used by Apple and our partners and
licensees to provide and improve location-based products and services. For
example, we may share geographic location with application providers when you
opt in to their location services.
opt out, they are banned
Apple refused to comment on why its devices are monitoring its users' every
For Apple users, about the only way to provide yourself with a degree of safety
is to try to encrypt the file. Details can be found at a
webpage the pair has been set up. More details can also be found
in an article the
pair authored for the site O'Reilly's Radar.
The pair are presenting their findings later today, in detail, at the Where 2.0
conference in San Francisco.
quote: The big question of course, is why Apple is storing this information. I don’t have a definitive answer, but my little-birdie-informed understanding is that consolidated.db acts as a cache for location data, and that historical data should be getting culled but isn’t, either due to a bug or, more likely, an oversight. I.e. someone wrote the code to cache location data but never wrote code to cull non-recent entries from the cache, so that a database that’s meant to serve as a cache of your recent location data is instead a persistent log of your location history. I’d wager this gets fixed in the next iOS update.
quote: b) No evidence that this was intentional c) Circumstantial evidence that this is a bug rather than a feature. Location data gets cached but no delete is written and thus it piles up.
quote: The fact that [the file] is transferred across [to a new iPhone or iPad] when you migrate is evidence that the data-gathering isn't accidental.
quote: I guess you missed this little detail:quote:The fact that [the file] is transferred across [to a new iPhone or iPad] when you migrate is evidence that the data-gathering isn't accidental.
quote: We may collect information such as occupation, language, zip code, area code, unique device identifier, location, and the time zone where an Apple product is used so that we can better understand customer behavior and improve our products, services, and advertising.
quote: b) No evidence that this was intentional