Apple Logging Locations of All iPhone Users 591
An anonymous reader writes "The Guardian reports that researchers have found a hidden file on all iPhones, iPads and any computers to which they synchronize, logging timestamped latitude and longitude coordinates of the user since June 2010. A tool is available on their website to check on your own."
ummm (Score:4, Funny)
Surprise!
Re:ummm (Score:5, Funny)
Re: (Score:3)
Re:ummm (Score:5, Insightful)
Re: (Score:3, Informative)
Apple 1984 commercial [youtube.com]
Re:ummm (Score:5, Funny)
Now put the ear buds back in please.
and push them in until they touch each other...
Re: (Score:3)
Yes, he's knows what's best. We should all agree with you.
Re:ummm (Score:4, Interesting)
We knew Apple were doing this nearly a year ago [slashdot.org]
Next, they'll be sharing it with their 'partners', and using it for direct advertising. You've already agreed to it in the terms.
Nonsense! (Score:3)
Obviously you are not an iPhone user, being intentionally disingenuous, or you have not been reading how pissed off the "partners" are about Apple locking up privacy. Any app or content purchase explicitly asks if the purchaser wants to share info, and he must affirmatively approve of it each time. The idea that iPhone users have already agreed to sharing info with partners in
Re: (Score:3)
They are not sharing it, they are selling it. That is clearly spelled out in the EULA.
Imagine if Google did anything like this. People would go beserk.
Re:ummm (Score:5, Informative)
Re:ummm (Score:5, Informative)
"The Michigan State Police have a high-tech mobile forensics device that can be used to extract information from cell phones belonging to motorists stopped for minor traffic violations. The American Civil Liberties Union (ACLU) of Michigan last Wednesday demanded that state officials stop stonewalling freedom of information requests for information on the program. A US Department of Justice test of the CelleBrite UFED used by Michigan police found the device could grab all of the photos and videos off of an iPhone within one-and-a-half minutes. The device works with 3000 different phone models and can even defeat password protections. 'Complete extraction of existing, hidden, and deleted phone data, including call history, text messages, contacts, images, and geotags,' a CelleBrite brochure explains regarding the device's capabilities."
Re: (Score:3)
I have to raise doubts about the 90 second claim.
I have a 32 GB iPhone, and 32 GB in 90 seconds would be 364 MByte/second or 2,900 Mbit/second. Over a USB 2 connection. Suuure.
At most, MOST, you can extract 4.4 GB in 90 seconds (90 seconds * 400 Mbit/s), and I seriously doubt you'll find any phone that delivers that amount of throughput.
And keep in mind, the quote you have says "ALL of the photos and videos". The smalles iPhone is 8 GB, and at a much more realistic speed of 100 Mbit/s, that'd be close to 11
Re:ummm (Score:5, Informative)
The article clearly states "[the file] is transferred across [to a new iPhone or iPad] when you migrate..."
That's not an uncleaned cache, it's a deliberately maintained database.
The FAQ which is pointed to states "it's an SQLite database file, you can use any standard SQLite browser...Open up the file, choose the 'CellLocation' table, and you can browse the tens of thousands of points that it has collected. The most interesting data is the latitude, longitude location and the timestamp." It also says "As far as we can tell, the location is determined by triangulating against the nearest cell-phone towers."
Backup encryption is something which must be enabled (how many iPhone users do that, or even know of it?), so your implying that the data is encrypted is misleading, as is the claim that a jailbreak is necessary. Finally, there's nothing to indicate your claim that this won't collect data when location services are turned off is correct.
Re: (Score:3)
Re:ummm (Score:4, Funny)
Re: (Score:3)
Stop trying to make yourself look foolish. It's not clear if you are trolling, stupid, simply can't read, or some combination of the three. As the article says, it appears to use cell towers to determine location [wikipedia.org], by which rough location can be determined quite easily. So, no "magical GPS" necessary. Now, do you want to claim that iPhone users commonly travel with their phone service disabled?
Yes, it can do so. But again, Apple has location services as something that can be turned off completely, which would mean it does not track this information, even if the cell phone was on. Also, location services are specific to apps, so some apps can track, others can't. As to this file, well, luckily, you can't access my PC, so I guess it's safe. But I just turned on encrypted backups. Voila! Problem solved! PS: There are lots of other things in the backups, that if not encrypted, are readable.
Re:ummm (Score:4, Insightful)
It's closed source, so how do you know it's not continuing to collect data, even if that collection isn't made visible to the user? How do you know that the file in question is a result of the location services which can be turned off?
According to Apple [apple.com], "Location Services is on by default, but you can turn it off if you don't want to use this feature or to conserve battery life. You can also individually control which applications have access to Location Services data." Which application do you turn off to prevent this file from being created/updated? Additionally, Apple says "Location Services allows applications such as Maps, Camera, and Compass
Re:ummm (Score:5, Informative)
"Apple has location services as something that can be turned off completely" It's closed source, so how do you know it's not continuing to collect data, even if that collection isn't made visible to the user? How do you know that the file in question is a result of the location services which can be turned off?
Apple's Guy Tribble, VP of Software Technology gave senate testimony on the very subject [senate.gov].
Re: (Score:3)
Stop trying to make yourself look foolish
If nobody KNOWS, then nobody KNOWS. The GP said "That's not an uncleaned cache, it's a deliberately maintained database." The tense implies that this is a known fact, when the information was just pulled out of his arse.
Might be true. Might not. Who knows?
Re:ummm (Score:4, Insightful)
Nobody knows for sure, but judging from the evidence presented and the circumstances surrounding them, a clear verdict should be possible.
A cached database of location points is only created for a reason, especially when it's done on a mobile device, using scarce CPU cycles and even scarcer battery power to do it. The GPS receiver and CPU consume quite a bit of power, which is the most precious resource on a smartphone. Switching on the main radio for triangulating its position when GPS is unavailable is even worse, considering it is then usually triggered inside buildings, where the main radio has to ramp up transmit power to get to their cell tower.
Fine-grained tracks recorded when no application is actively requesting them?
An uncalled-for but constant drain on the most precious resource and deciding factor of a smartphone - its battery?
Neat position databases with no discernible limits in length, just for a cache?
Large amounts of data synchronized to a new phone via the owner's synced computer, by accident?
All this effort for a database that until now wasn't documented, unused and unavailable to any existing app in the entire app store, for a legitimate reason?
All cheaters usually exclaim even when caught red-handed "It's not what you think, it's not what it seems, there's a good explanation for it."
But all things considered, this is a textbook example of "if it quacks like a duck". And Apple cheated on this one. Face it and show them the door.
Re:ummm (Score:5, Interesting)
Reference yesterday's story...
http://apple.slashdot.org/story/11/04/19/2231240/Michigan-Police-Could-Search-Cell-Phones-During-Traffic-Stops [slashdot.org]
I wonder if this location data would be part of what could be extracted there...
Re: (Score:3)
Re: (Score:3)
I did not read that article in fact.
Checking out the app now, here's a couple finds :
- as stated elsewhere it doesn't appear to log *your* exact position but that of cell towers you use. The data points on the map are laid out in a sort of rectangular grid across my home town.
- the sqlite file contains tables such as WifiLocation and CellLocation which reinforce my idea that it's some sort of cache/database file used by the OS to make better connections and to do it faster by remembering past connections f
Re: (Score:3)
If you read the appmakers' FAQ, they mention it deliberately downgrades the resolution:
Regarding your idea that "it's some sort of cache/
Much worse than Google's WiFi tracking (Score:5, Insightful)
Tracking people's whereabouts is truly evil. Wait until the divorce lawyers start subpoena them for location data to help their clients.
Evil? Really? (Score:2, Insightful)
Let's put away the hyperbole before the language no longer means anything, K?
Re:Evil? Really? (Score:5, Insightful)
There are varying degrees of many things, of which many subsets can be constructed.
Apple is a Tier-2 evil. They are more evil than the neighborhood bully, but they are less evil than...say, Hitler.
Just like evil, there are subsets of happy.
Think about "I just got an 'attaboy' from my boss" happy versus "I just got with this super-hot girl I've been into for a long time" happy.
Re: (Score:3)
Apple is a Tier-2 evil. They are more evil than the neighborhood bully, but they are less evil than...say, Hitler.
Not tiers, circles. Dante covered this already.
Re: (Score:3)
disapprove off
This is why it is a always a bad idea to be a spelling/grammar Nazi. You always end up being a hypocrite. The parent poster's comment was criticizing content of your post, which was worthy of criticism.
You don't even seem to understand the difference between illegal and evil. Here is a hint. They are not synonymous.
Re: (Score:3)
Agreed. Stop the hyperbole. Plain old bole would be more than enough here . . .
Re: (Score:2)
Can we start using examples other than Divorce? (Score:5, Interesting)
Okay I'm all for explaining why this is bad, but why the fuck do we insist as a group using the example of a private eye tracking down a cheating spouse for the purpose of divorce as a reason to take privacy concerns seriously? The average citizen is going to be like "Oh well I don't have to worry about that, I have nothing to hide from my spouse!" even if they are lying to themselves. The political and social leadership will be like "well then don't cheat and you'll be fine!"
WORST... EXAMPLE...EVAR...
Here's some better examples for this specific situation:
1) A burglar determining a pattern when you aren't home so they can rob your house.
2) A stalker determining the best place to attack you
3) Someone who doesn't like you smearing your character publicly simply because your phone walked by a strip club (he must have gone in, he's a sinner!!!), even though 2 blocks away is the hospice you volunteer once a week at.
Let's try to come up with better examples that make people actually care please?
Re:Can we start using examples other than Divorce? (Score:5, Interesting)
Visiting the hiring interview room at a competitor on your day off, with your company issued must-carry phone? This could get really weird...
Insurance company requiring tracking data to prove you don't go to fast food joints or tobacco shops, and you do visit the gym regularly?
Police / employers harassing you when they download your coordinates and find out you're volunteering at the "wrong" political election office or you attend the "wrong" church? (Or more likely, at least in the backwards USA, the wrongness would be defined as not attending church at all?)
Company wants a record of exactly where your phone went on your "sick" day. God help you if you left the house to visit doctor or pharmacy, because thats not "staying home and resting".
Every day I'm happier I have an ipod touch to do i-stuff with, and a plain ole VM pay as you go phone for that old fashioned "telephone call" functionality. The coolest part is when I drain the ipod battery from screwing around with music / videos / games, I can still do the important stuff like make and receive phone calls. I know people whom absolutely squeal when angry birds fly off with their battery charge and then they can't talk on the phone or text for a couple hours. Lately I've been facetiming thru open wifis instead of making phone calls on my old fashioned cellphone, if everyone I knew did facetime, I'd probably ditch the phone entirely.
Re: (Score:3, Informative)
Re:Can we start using examples other than Divorce? (Score:4, Insightful)
Let's try to come up with better examples that make people actually care please?
Oh wait I've got a fun one... The only legal people that matter in the USA anymore are corporations, so ... What is the legal liability to a company that tracks the location of all its employees and then knowingly does nothing with the knowledge of the employee being in an illegal location? Perhaps he's only got a S clearance or entirely uncleared, yet here is proof of him walking around in the TS offices and warehouses... If the company does absolutely nothing with its proof of illegal activity, and later the guy gets caught (camera, whatever) then exactly how liable is the company or its agents as a co-conspirator?
Re: (Score:2)
The moral is: Turn off your iPhone before entering the Champagne Room!
Re:Much worse than Google's WiFi tracking (Score:4, Informative)
Imagine that, somebody might subpoena you for evidence relevant to a legal dispute! Shocker!
A subpoena is a legal process and is not an invasion of your privacy. If you don't want it coming up in a court room, do not do it, say it, or write it down somewhere. Is this hard to grasp?
Re: (Score:2)
The ends don't justify the means.
Re: (Score:3)
Horse shit. Spying is spying, no matter that your target may be as sleazy as you are. Next, you'll be suggesting that a crooked cop should get off, because he's less of a criminal than the average criminal, or some other crazy nonsense.
What the FUCK, Apple? (Score:3, Insightful)
What good reason could they have for pulling something like this? I know, I know, I'm not thinking creatively and/or cynically enough. Give the caffeine an hour or so.
This is why I'm quite happy with my N900. No carrier lockability, no Big Brother bullshit, and it's a better phone to boot. As the longtime owner of two Power Macs and a 4G iPod (you know, the kind that can run RockBox, that alternative firmware that you guys hate so much) I feel compelled to tell you, Apple, to get bent.
Re: (Score:2, Insightful)
Re:What the FUCK, Apple? (Score:5, Insightful)
Re: (Score:3)
Re:What the FUCK, Apple? (Score:4, Insightful)
Likewise with my Nexus S. I know it tracks itself, because I have joined Latitude and keep my GPS turned on, but I can opt out of Latitude and disable the GPS, so it can't track itself. And at least I own that device, unlike the iStuff, which I apparently only lease from Apple...
we're sooo fucked (Score:3, Insightful)
Still surprises me how everybody accepts that kind of cryptototalitarian shit while saying while saying "OMG SHINY APPS!!!". Next thing you know, the economy is down for good, the chinese take over, then nobody cant say crap while they get painfully raped up their sociopolitical collectives arses. Fascism? There's an app for that!
So my phone tracks itself, big deal (Score:5, Insightful)
I assure you all that if someone were to do that, I'd have a lot more to worry about than my PC or phone giving up my travel habits.
Re: (Score:2)
Re:So my phone tracks itself, big deal (Score:5, Insightful)
FTW!!!! (Score:3, Interesting)
Apple is not logging. Your phone is logging. (Score:2, Insightful)
The phone logs the data for some reason.
This is then backed up when the phone is backed up.
It is never sent to Apple.
Really.
I mean, there are millions of things on the iPhone that checks your position. It gets embedded in photos. It gets uploaded to somewhere whenever you start the App you use to order pizza or check phone-directory.
Also, if Apple wanted to find you they would just send a "find my iPhone" ping to the phone.
This is a local list saved to the phone only (and then backed up).
It would be nice to
Security? (Score:2)
Why did they make an app to just view this information? Why didn't they make one that deleted the information or replaced it with 0's? Wouldn't that have made it more secure?
Re: (Score:2)
This isn't a big deal (Score:2, Funny)
It's not like someone is going to break into your house to steal your iphone location logs. Besides, if my phone or ipad gets ripped-off, It may actually help to reveal where the thief's travels took him. Possibly implicating other theives. I think it's good that Apple is thinking ahead this way. Everyone can be an active participant in crime fighting.
Maybe this will even be enough of a deterrent that the 'other' handset manufacturers will adopt the same strategy for their devices. It could mean the en
Unless you are the Michigan State Police (Score:4, Informative)
With their phone data slurper tools (Michigan State Police Could Search Cell Phones During Traffic Stops [slashdot.org]), they could get your location database in a couple of minutes.
Re: (Score:2)
He was joking. Just that the "irony" tags were subtle enough to get you trapped...
Find Your iPhone (Score:2, Insightful)
Apple has a service that allows you to find a lost or stolen iPhone. Presumably, the phone logs its position so it can upload it when asked. Nothing scary here, though the fact this data is available means people will try and extract it. My guess is that the next iOS release will wipe this data every seven days or so.
Do I have this right? (Score:2)
Re: (Score:3)
If it is being collected you can guarantee it is being sent, how and when is another question entirely. Never mind the privacy implications with respect to other people that may have access to your PC, or law enforcement suddenly knowing everywhere you've been over the last indefinite period.
But of course, no one has any rights before American Corporations.
Re:Do I have this right? (Score:5, Informative)
There is no evidence that this data is being sent to Apple or anyone else.
As the article illustrates, any app you install has easy access to this data.
That should be really easy!! (Score:3, Funny)
They are either at the Apple Store, North Face or Star Bucks. Done.
Re: (Score:2)
Phone is tracking, Apple is not. (Score:5, Informative)
Though it is a very fine distinction, Apple isn't receiving any of this information, it's simply being stored.
From the Article
As bad as some may play it, without Apple receiving this information it's simply information that is stored, not "Big Brother"/Apple monitoring your every move.
Re:Phone is tracking, Apple is not. (Score:4, Insightful)
Re: (Score:2)
I get it, it's your phone when Apple is using it to track you, but it's Apple's phone when it comes to deciding what code gets to run on it.
Re: (Score:3, Insightful)
Prove it.
Re: (Score:3)
The proof is in the agreement you make with Apple where you grant them permission to share this data with their "partners" (no specific corporations or people listed). They collect it, they log it, they tell you they share it. Maybe they don't send it now, maybe they do: the point is they intend to.
Re: (Score:3, Interesting)
"The most immediate problem is that this data is stored in an easily-readable form on your machine. Any other program you run or user with access to your machine can look through it."
Apple may not upload it while syncing or by using a scheduled cron job, but any single individual app can read it. Also, as the others said, prove to me at no event does any proprietary apple application access the file. The location data resolution is set to one second intervals, that is insane. They can easily know when I
The data is crap (Score:4, Interesting)
Re: (Score:2)
Karma (Score:4, Interesting)
Interesting Law enforcement use (Score:2)
Currently, law enforcement can track cell phones historically via cell site information. This can be useful in breaking an alibi defense, or loosely grouping a band of people together over time. This only problem with cell site information is the fact that cell site info is only recorded as the cell phone is being used. This new info has the potential to tell law enforcement where the phone, and likely the owner, was at times when the cell phone was not even in use.
As with all things cell phones, most st
Low accuracy, but pretty neat... (Score:4, Interesting)
I'm looking forward to using this feature to help me track my location. Since the phone is already doing this "for free" it's not going to "cost" me any more battery power to use this log. It's not as accurate as GPS, but it's accurate enough for my needs.
Once I've got a cron job setup to offload the file from my (jailbroken) iPhone 3GS to a box on my network I'll work out how to wipe the file on the device after each upload (so that the device isn't carrying around weeks or months of my position data).
Re: (Score:3)
Re:Low accuracy, but pretty neat... (Score:4, Funny)
There is more than that (Score:5, Informative)
I am just looking into the file.
The database contains also a huge list of access points.
basically it seems that for each and every WiFi network the iPhone "sees" (not only if you join it, and even if the network is hidden)...the toy stores the Mac Address of the access point, timestamp of detection, coordinates (including height and accuracy), speed, ...
See table WiFiLocation
CREATE TABLE WifiLocation (MAC TEXT, Timestamp FLOAT, Latitude FLOAT, Longitude FLOAT, HorizontalAccuracy FLOAT, Altitude FLOAT, VerticalAccuracy FLOAT, Speed FLOAT, Course FLOAT, Confidence INTEGER, PRIMARY KEY (MAC));
Mine contains >50000 entries, basically I have the entire WiFi Map of Milano.... nice but, isn't this what Google was fined for doing ???
Interestingly, each and every iPhone user is doing the same "crime" committed by Google,, but unintentionally (and no, this does not seem to collect packets).
Andrea Cocito
Re: (Score:3)
You can promise all you want, but we have clear evidence to the contrary.
Project Guardian (Score:3)
As much as I hate to admit that the crazies are right [slashdot.org], these things really are Stalin's wet dream: mobile devices are a wonderland of surveillance hardware. It's past time to push back on this, hard. That means two things:
1) free and open-source operating systems and
2) a public policy framework that makes this kind of data logging so terrifying and risky for companies that they really would prefer you to have control over your phone.
Here's the best shot I've seen at the software side of this:
http://arstechnica.com/open-source/news/2011/04/for-paranoid-androids-guardian-project-supplies-smartphone-security.ars [arstechnica.com]
Re:I wonder which government (Score:5, Insightful)
Do you really need to invoke a government conspiracy? This is Apple we're talking about.
Re: (Score:2)
Re: (Score:3)
you kidding? Apple labels this a feature! Do you not remember that mobile me thing which tracks location? Tracking location on a cellphone is pretty trivial anyway, since you're continually connecting to cell towers it's not hard to place where you are/where you are going, generally. I believe there was a study of this from some politician in germany recently.
Re: (Score:3)
I suppose if you say no to the request then they would not be able to slurp data off of your phone without a court order.
It appears the ACLU asked the department to confirm that was the rule, they wont. I have been pulled over for 10 MPH over the speed-limit, and had my car searched, items taken, and my pockets cleaned out without any permission (other than I opened my door to get out when the officer asked me to.) When asked, the officers response was more or less, "so sue me." but I can't they were protected by a superior ruling from a judge that no warrant was required, because they first saw a "weapon" (softball bat w
Re:Gotta love it... (Score:4, Insightful)
Look again. There is no link to upload anything only a link to download the application.
Re: (Score:2)
Which has a handy link to get the source and see what it does to be sure that its not doing anything fishy.
Re: (Score:2)
From the FAQ:
negative points for me =/
Re: (Score:3)
Re: (Score:2)
Yeah, this is the part that bothers me too - did the techies "trust & ignore" Apple for an entire year believing that Apple was being faddish but that's all?
I'm definitely courting the trolls on this one, but for that "cheating spouse" angle, do they have the Accelerometer data too?
Re:The data is on your phone (Score:5, Insightful)
Fascist shill of the gigacorporation! (Score:3)
You fool! This is Slashdot. If we're not seeing the End Of Freedom lurking in every shadow then the terrorists have already won!!1!!2!!
Re: (Score:3)
There's a big difference between telling a web site, or an app, where you are at this moment -- which is what the article you link to is about, and what Android/Blackberry do -- and keeping a log of everywhere you've ever been, without telling you.
Re: (Score:2)
Re: (Score:3)
To make it less useful for snoops, the spatial and temporal accuracy of the data has been artificially reduced. You can only animate week-by-week even though the data is timed to the second, and if you zoom in you’ll see the points are constrained to a grid, so your exact location is not revealed. The underlying database has no such constraints, unfortunately.
Re: (Score:3, Informative)
Well it certainly sounds bad if you just read the headline, but let's think though this. It seems that the phone tracks the location of the cell towers it's been connected to in a file on the device. The data is not sent anywhere, it's just living in a file. That file then gets copied to your machine every time you do a sync (since a full backup of the phone is also made at the same time).
So the question comes down to: what's the purpose of the file? Does it exist for a legitimate reason? Or something more
Re:Mac fanboys (Score:4, Insightful)
Re:Mac fanboys (Score:4, Interesting)
True, but even if it was being sent to Apple, I don't think it's particularly useful to them. Remember - it's logging the location of the cell towers you hit, not YOUR actual location. Given that there's only one cell tower every couple of kilometres in most areas, this is not particularly 'high resolution' data.
I've used the tool linked in TFA to examine the data on my own iPhone and you couldn't really figure precisely out where I lived or worked from the data. Only the 'general area' (e.g. 'oh the northwestern suburbs of city X'). Your phone company logs this data too as a natural consequence of providing you with service, and frankly I don't trust my phone company any more or less than Apple.
Agreed that Apple should probably address this issue (explain what the file exists for, and perhaps patch it so that you can turn it off/expire the data after X days etc.) It's mildly concerning but not enough to worry me too much. If it were logging exact GPS-derived location on the other hand, rather than cell towers, that would be bad.
(PS. the data is only connected 'per user' insomuch as you can restore an iPhone backup taken from one phone, onto another phone, if you so desire. It's not specifically being linked to you or your Apple account ... it's just that you are restoring an image taken of one phone onto your next phone, which happens to include this file. The 'new phone' becomes the 'old phone'. You may actually be a completely different user ... though that's unlikely in practice, since who's gonna use someone else's backup to restore their phone?)
Re:Mac fanboys (Score:4, Insightful)
Actually come to think of it, it's the CARRIERS that benefit from this data, not Apple. It's not storing your GPS location ... just the location of the cell towers you've hit. So it's giving, essentially, a map of network load caused by your phone. Aggregated with other phones, this would be pretty interesting information to a carrier, you'd think. Perhaps carriers wanted Apple to do this kind of logging? But again, since the data isn't sent to anyone, it's still hard to see how this could be useful for anything other than a legitimate reason related to the phone itself (e.g. caching your previous locations so that it can more quickly use AGPS to pinpoint you again).
Nice logic. Except that the carriers already know with great precision where you've been anyway. They run the towers you connect to, remember?
Re: (Score:3)
Let's see herea device I control that already knows my location because it's a sensor platform logs it. And it transfers it only to a computer I control. If I don't encrypt that file, and my computer is given to others, they can read it. Big deal. Is there nothing else on your computer or phone that's sensitive? Wouldn't the most basic of security practices be to keep your computer under your own control and not hand it out to others?
If there was evidence a location log was actually going to someone, then t
Re: (Score:3)
Re:Where is this file on the phone? (Score:5, Informative)
/var/root/Library/Cache/locationd/consolidated.db
Re: (Score:3)