iPhone and Location: Don't Panic 362
stonemirror writes "There's a lot of blind panic out there over the discovery of a database file on the iPhone which contains dated location information. Without actually looking at the data, a lot of folks have proclaimed that the 'iPhone is tracking your every move.' I actually did take a look at the data, and it's not doing anything like that."
Re:Anecdotal (Score:2, Informative)
Re:Anyone tried the Android version? (Score:4, Informative)
Re:Anecdotal (Score:5, Informative)
It's not the same kind of information at all. The android file (only available if you have root) is a temporary cache. That is totally difference then the Apple file which holds the data about your location since you bought the phone.
The fact that he considers them the same, and the rest of his article, make it clear that he is merely some obscure, inaccurate, apologist.
With this story being reported all over the Internet, by media and blogs both respectable and ridiculous, why did /. choose to use this ridiculous one. /. seems to have turned into a sort-of FOX news of tech discussion - without even a pretense of objectivity.
Speaking of which, here's one of my favorites pieces so far. A Forces columnist asks whether this discovery (of the Apple location history file) is cool or creepy and concludes that it is cool. She decides that it is actually a great feature and pushes Google to get to it and see if they can come up with a similar feature:
http://blogs.forbes.com/kashmirhill/2011/04/20/cool-or-creepy-your-iphone-and-ipad-are-keeping-track-of-everywhere-you-go-and-you-can-see-it/ [forbes.com]
So maybe the blog post that /. choose for this whole saga is not actually the worst piece written on the topic.
Rotten Apple (Score:3, Informative)
According to Apple, Apple sends itself your precise location data and shares that location data with whoever it wants to...
http://markey.house.gov/docs/applemarkeybarton7-12-10.pdf [house.gov]
As far as I know, Apple isn't the phone company and shouldn't be in the business of tracking its users from cell tower to cell tower or Wi-Fi to Wi-Fi.
What if Toyota or GM or Ford started tracking the users of its cars? How freaky would that be? Actually, if they partner with Apple, they can track you in your car. That Orwellian 1984 Ad from Apple, back in 1984, really makes sense now...except the roles are reversed. If Google does this too, then Rotten Google indeed.
Precise Orwellian location tracking, massive sales in authoritarian China...hmm...
http://techland.time.com/2011/04/21/iphone-growth-suddenly-soaring-in-china/ [time.com]
= 9J =
Re:Anecdotal (Score:5, Informative)
There's a lot of stuff thats being reported about this that is somewhere between sensationalist and wrong. The "researchers" who published this have been pretty sloppy in what they are claiming. I've helped out police forces with using extracting and trying to use this data, over a number of years so I've a reasonably good idea what is there and what isn't.
The data is not new to iOS 4, it has been there at least back to iOS 2, its just the name of place that it is stored is different.
This existence of this data isn't secret, the use of this data is the subject of a session for Apple Developers at the World Wide Developers Conference each year - usually something like "Using Location Services in iOS" or similar in title.
The location data is not the GPS location of the user, it is the location of cell towers the phone can see. All the location data is time stamped, and stamped with the carrier network ID, and the ID of the individual and there's no way you can be in 3, or 6, or 9 different locations at the same time. Depending on how many cell towers were visible, all this tells you is that the phone was within maybe a few km, but up to 25-50km of the tower. If you then take that data and use it to triangulate the users location, you'd typically get a location that was at best accurate to a bit under 1km, and more likely a few km.
The collecting of the data isn't continuous, it appears to be event based. Anecdotally - the phone waking from sleep and reconnecting to the carrier network appears to be one of the events, as is rebooting the phone, and re-connecting to the carrier's network when you come out of a dead spot. It seems plausible, that it may also be snapshotted every time Location Services is fired up, eg by launching the Maps App and consenting to use of location services. That pattern of even driven acquisition would explain the differences that various people out there on the net report.
Similar data is also being tracked and logged by the carrier, but in their case, its harder to get to as it is sitting on carrier systems on their internal network. That is true for all phones. In this case, the data is pretty easy to get to if you have physical possession of the phone.
Thats good enough to tell that you actually went off to Hawaii with your mistress when you told your wife you were going on a work trip to California, but for most people , most of the time, it will only be pretty vague as to where they where - knowing that you are in Baltimore when thats where you live and work isn't that big a revelation.
If the user of the phone opts out of Location Services, the file isn't updated. This is done from Settings.
Like all files that need to be read/written in the background by the system, its always readable to root - it isn't readable (directly) to Apps , although they benefit from it indirectly by Location Services calls responding faster. If you jailbreak your phone, then Apps can read this data and transmit it for their own purposes.
Files in that data protection class can be recovered off the filesystem over USB tether. Technically it is encrypted, but the encryption is really only of use for a fast remote wipe of the device, and it isn't being encrypted in a class that increases the security of the data.
It does reside in the backup, so thats certainly a good reason to always encrypt your iPhone backups and use a strong passphrase for them.
Apple has also been clear in its earlier deposition response as to how user location data is anonomised when it is collected.
Its entirely possible that the persistence of the file is actually a bug - I can see why it would be useful to cache it for a few days to maybe a month at the high end, but back to the start of the epoch seems excessive. In my view its the persistence of the file thats the biggest issue. That not hard for them to fix.
So its bad, but its not where near as extreme a situation as what some people are saying.
Re:Anecdotal (Score:4, Informative)
I saw the blog and I wondered what conclusion the blogger would have had if it was microsoft instead of apple. Personally, I was on the creepy side of the scale and was stunned when she thought it was cool. I am so glad I am not cool.
It's not known for sure that Vladimir Lenin came up with the phrase, but it is attributed to him. The phrase is "useful idiots".
The very fact that someone would feel differently about Microsoft doing it than they would about Apple doing it qualifies them as a moron. To allow the legitimacy of a business practice to be defined by your personal feelings about the corporation is pure emotion that has no place in a discussion about the facts of the matter. I especially expect anyone who wants to be a reporter, blogger, pundit, or commentator to understand this.
Re:Anecdotal (Score:4, Informative)
Exellent post. There's more on this blog [wordpress.com] where a forensics expert points out this is old news, with a picture of a book from 2010 that contains all the information on this "secret" and "scary" database file. Guess these "researchers" don't keep up with the literature, heh.