Apple Logging Locations of All iPhone Users

An anonymous reader writes "The Guardian reports that researchers have found a hidden file on all iPhones, iPads and any computers to which they synchronize, logging timestamped latitude and longitude coordinates of the user since June 2010. A tool is available on their website to check on your own."

Phone is tracking, Apple is not.

[chaim79]

Though it is a very fine distinction, Apple isn't receiving any of this information, it's simply being stored.

From the Article

Is Apple storing this information elsewhere?

There’s no evidence that it’s being transmitted beyond your device and any machines you sync it with.

As bad as some may play it, without Apple receiving this information it's simply information that is stored, not "Big Brother"/Apple monitoring your every move.

Re:Do I have this right?

[drb226]

There is no evidence that this data is being sent to Apple or anyone else.

As the article illustrates, any app you install has easy access to this data.

Re:ummm

[jordan314]

Most people's backups are not encrypted. I just tried the app and it worked flawlessly from my my backups. You do not need to jailbreak to run the app.

Populist nonsense

[fingon]

The file contains only unique wifi spots seen over time period, each once. In my case, that is 12k different wifi basestations, but any repeated travel is unlikely to see those points again..

mini ~/temp/x/library/caches/locationd>sqlite3 consolidated.db 'select * from WifiLocation' | wc
      11907 23814 257383
mini ~/temp/x/library/caches/locationd>sqlite3 consolidated.db 'select * from WifiLocation' | cut -d '|' -f 1 | sort | uniq -c | egrep -v ' 1 '
mini ~/temp/x/library/caches/locationd>

Nothing to see here, move on..

Re:ummm

[msauve]

My impression is that it is a cache file which they fail to clean.

The article clearly states "[the file] is transferred across [to a new iPhone or iPad] when you migrate..."

That's not an uncleaned cache, it's a deliberately maintained database.

The FAQ which is pointed to states "it's an SQLite database file, you can use any standard SQLite browser...Open up the file, choose the 'CellLocation' table, and you can browse the tens of thousands of points that it has collected. The most interesting data is the latitude, longitude location and the timestamp." It also says "As far as we can tell, the location is determined by triangulating against the nearest cell-phone towers."

Backup encryption is something which must be enabled (how many iPhone users do that, or even know of it?), so your implying that the data is encrypted is misleading, as is the claim that a jailbreak is necessary. Finally, there's nothing to indicate your claim that this won't collect data when location services are turned off is correct.

Re:Mac fanboys

[Cimexus]

Well it certainly sounds bad if you just read the headline, but let's think though this. It seems that the phone tracks the location of the cell towers it's been connected to in a file on the device. The data is not sent anywhere, it's just living in a file. That file then gets copied to your machine every time you do a sync (since a full backup of the phone is also made at the same time).

So the question comes down to: what's the purpose of the file? Does it exist for a legitimate reason? Or something more sinister? Since the file is never sent anywhere, it's hard to see how Apple directly benefit here. Perhaps it's actually just a location services cache file or something (designed to be consumed by any application that then relies on the location service), that doesn't ever get cleared for one reason or another.

Actually come to think of it, it's the CARRIERS that benefit from this data, not Apple. It's not storing your GPS location ... just the location of the cell towers you've hit. So it's giving, essentially, a map of network load caused by your phone. Aggregated with other phones, this would be pretty interesting information to a carrier, you'd think. Perhaps carriers wanted Apple to do this kind of logging? But again, since the data isn't sent to anyone, it's still hard to see how this could be useful for anything other than a legitimate reason related to the phone itself (e.g. caching your previous locations so that it can more quickly use AGPS to pinpoint you again).

Unless you are the Michigan State Police

[cruff]

With their phone data slurper tools (Michigan State Police Could Search Cell Phones During Traffic Stops [slashdot.org]), they could get your location database in a couple of minutes.

There is more than that

[Anonymous Coward]

I am just looking into the file.

The database contains also a huge list of access points.

basically it seems that for each and every WiFi network the iPhone "sees" (not only if you join it, and even if the network is hidden)...the toy stores the Mac Address of the access point, timestamp of detection, coordinates (including height and accuracy), speed, ...

See table WiFiLocation
CREATE TABLE WifiLocation (MAC TEXT, Timestamp FLOAT, Latitude FLOAT, Longitude FLOAT, HorizontalAccuracy FLOAT, Altitude FLOAT, VerticalAccuracy FLOAT, Speed FLOAT, Course FLOAT, Confidence INTEGER, PRIMARY KEY (MAC));

Mine contains >50000 entries, basically I have the entire WiFi Map of Milano.... nice but, isn't this what Google was fined for doing ???

Interestingly, each and every iPhone user is doing the same "crime" committed by Google,, but unintentionally (and no, this does not seem to collect packets).

Andrea Cocito

Re:Where is this file on the phone?

[digismack]

/var/root/Library/Cache/locationd/consolidated.db

Re:Can we start using examples other than Divorce?

[Lord_Jeremy]

Agreed. I've got a 3-year-old nokia clamshell crap phone that works much better than my girlfriend's Droid X. Seriously, when we're out and want to reach someone it's always mine that is used because her battery is perpetually dead. She keeps bugging me to "upgrade" and get an iPhone or some other similar device. My response is that I already carry around an iPod Touch and iPad, not to mention laptop sometimes. The purpose of a phone is to make phone calls and my week-long-lasting nokia is more of a phone than any android of ios device in existence.

Re:ummm

[NeverVotedBush]

Earlier on Slashdot...

"The Michigan State Police have a high-tech mobile forensics device that can be used to extract information from cell phones belonging to motorists stopped for minor traffic violations. The American Civil Liberties Union (ACLU) of Michigan last Wednesday demanded that state officials stop stonewalling freedom of information requests for information on the program. A US Department of Justice test of the CelleBrite UFED used by Michigan police found the device could grab all of the photos and videos off of an iPhone within one-and-a-half minutes. The device works with 3000 different phone models and can even defeat password protections. 'Complete extraction of existing, hidden, and deleted phone data, including call history, text messages, contacts, images, and geotags,' a CelleBrite brochure explains regarding the device's capabilities."

Re:ummm

[Anonymous Coward]

Apple 1984 commercial [youtube.com]

Re:ummm

[sglewis100]

"Apple has location services as something that can be turned off completely" It's closed source, so how do you know it's not continuing to collect data, even if that collection isn't made visible to the user? How do you know that the file in question is a result of the location services which can be turned off?

Apple's Guy Tribble, VP of Software Technology gave senate testimony on the very subject [senate.gov].

Re:Much worse than Google's WiFi tracking

[pclminion]

Imagine that, somebody might subpoena you for evidence relevant to a legal dispute! Shocker!

A subpoena is a legal process and is not an invasion of your privacy. If you don't want it coming up in a court room, do not do it, say it, or write it down somewhere. Is this hard to grasp?