IPhones and 3G iPads log your location in an unencrypted file on the device

I didn't know this was news. I and other security researchers &#38; law enforcement have known about it for a while. I assisted in one court case where the data was used as evidence.<p>I suspect the slick-looking iPhoneTracker app finally made it interesting to the media.<p>Edit: There was a similar deal on iOS 3 but it seemed more like a bug, not a feature. Data would be purged at some unpredictable interval. I can't recall the file path and don't have an iOS 3 device handy.

I'll be checking in here for technical questions. The github direct link is <a href="http://petewarden.github.com/iPhoneTracker/" rel="nofollow">http://petewarden.github.com/iPhoneTracker/</a>

So after doing a quick analysis of the data on my iPhone, I've come to the conclusion that this isn't a huge issue at all.<p>First, I'll start with the WiFi data (WifiLocation table): Among the information captured is MAC, Timestamp, and Lat/Long. I have a total of 118,640 records in my table. I did a "SELECT DISTINCT MAC FROM WifiLocation", and got... 118,640 records. This tells me that it's not "tracking my every move" via Wifi location since there's a single entry for each MAC. The question might be, is it updating the Timestamp when I'm near a specific Wifi Network? My guess is no. I did the backup and analysis this morning, April 20th. Yet the last entries in my database are from April 16th. This tells me that it's not an always on tracker and that it's not updating timestamps.<p>Next, I looked at the CallLocation table: The same thing held true with this table. The last entry on my phone was from April 16th. Also, I have 6300 entries in my CellLocation table. I decided to start restricting the precision of the Lat/Long to see if there were duplicates that would indicate "tracking". At 5 decimal points, there were no duplicates. At 4 decimals, there were a handful that had 2 dups. At 3 decimals, there were more dups, with the most being 6. At this point I still had 5672 uniques. At 2 decimals, the most had 89 and I had 2468 uniques. At 1 it really went down, obviously, and I was down to 253 uniques. The other thing I noticed was that there was no regular timing of entries, and that when there were entries, a large number of them had the same timestamp.<p>So based on my analysis, this isn't a feature that enables detailed tracking of a user. It will allow you to see if a user has been in a certain location the first time, but that's the extent of it. For instance, I could see that I made a trip to Washington DC in late October of last year. But you can't really tell my movements around my home town with any amount of precision. My assumption, like others, is that Apple is using this to enable easier use of Location based services. I assume (which I'm going to test), that whenever a user enables a Location Based app (Google Maps, FourSquare), iOS updates this database with all local cell towers/wifi locations and the Latitude/Longitude. The more comprehensive the local database is, the quicker/easier it is for Location Based Services to help pinpoint a users location. Instead of waiting for GPS to spin up and get a satellite lock, it will be able to get a more accurate lock off of cell tower/wifi triangulation.

It might not be directly related but there was a news story on CNET [1] yesterday about cops in Michigan using a device from Cellebrite to download information from phones of people they stopped for violations that includes contacts, phone logs, messages, photographs and location history.<p>Does Apple's decision of having such information stored on the phone unencrypted make it easy for such devices? The device claims to subvert phone passwords though.<p>[1]<a href="http://news.cnet.com/8301-17938_105-20055431-1.html" rel="nofollow">http://news.cnet.com/8301-17938_105-20055431-1.html</a>

&#62; We're not sure why Apple is gathering this data, but it's clearly intentional, as the database is being restored across backups, and even device migrations.<p>My understanding is that <i>all</i> data and files is persisted in that manner. Not sure why they're implying this file has been singled out.

I wish this wasn't presented as sinister.<p>The fact is, that phone companies store all that data for EVERY cell phone, and it's always available to government agencies and divorce attorneys after a subpoena.<p><i>All this does is raise the common man's awareness</i>, and possibly provides an afternoon of fun looking at your travel history. If you want your iphone data secret, it prompts you to encrypt your backups when you first plug the phone in.

For those with jailbroken iPhones and SSH, the data can be accessed or copied directly. The information is stored in this file: /private/var/root/Library/Caches/locationd/consolidated.db<p>The file can be viewed with any ol' SQLite browser, and the location information is stored in the "CellLocation" table.<p>After using an iPhone 4 since release day, I have ~1400 entries.

This is a perfect timing for promotion of Playbook and BB security. I am sure RIM will miss the opportunity though.

Someone should make an app for jailbroken phones to disable this location logging (or delete it regularly).. many would likely pay for it!

This was noted last September by C. Vance here:<p><a href="http://blog.csvance.com/?p=39" rel="nofollow">http://blog.csvance.com/?p=39</a><p>Good detail on how and why it is generated.

BTW <i>all</i> cellular devices are recorded as they move through tower locations while they are on and police don't feel they need a warrant for such data, so your location is pretty much available without that file.

Created a GPX file generator. Use it to convert the database into a GPX file format. Open it up with Google Earth.<p><a href="https://github.com/serialx/iphonegpx" rel="nofollow">https://github.com/serialx/iphonegpx</a>

The same community that would generally react very negatively to reports of a company storing passwords unencrypted in a database seems to effortlessly explain away Apple's approach to storing a significant amount of personal tracking data unencrypted, not on one pretty inaccessible server but on multiple easily-accessible devices. Fascinating.

Could this be related to the mobleMe "Find my iPhone" feature that Apple added in 4.0?<p>If so, this is probably a non-story. I'd be interested if it still logs if Location Services are off, too.

Of course, Apple would know your location most of the time anyway, whether or not this file exists. You send the ID's of cell towers and wifi points to Apple, which returns you the location of those points. Apple could always have been storing your location based on that interaction alone.<p>In fact, keeping a database like this could actually give Apple LESS information about your location, as you don't have to request a new location if you already have the info of all the near ID's in your database. I'm not sure if this actually happens though.<p>The same, of course, can be said for any Android device and Google's A-GPS database; you have no guarantees that Google isn't logging your location whenever you're using location services.

In addition to cell tower and Wi-Fi hotspot locations iTunes keeps a backup of all text messages and recent calls. A while ago I've even made a small web app to chart it - <a href="http://datalysed.com/?p=130" rel="nofollow">http://datalysed.com/?p=130</a>

Apple is simply building a mandatory foursquare competitor, it's not a big deal guys

I can sort of understand the outrage but I don't see the utility of it. Apps that are written for the App store don't have access to this data without the permission of the user. And the only way an app would be allowed access to a file outside the sandbox is if its jailbroken.<p>I'm not familiar with the in and outs of iOS LocationManager but it generally gives you the immediate coordinates at the time you request and nothing more. As for why the database of locations? It's entirely possible they are using it for QoS.<p>As for access to device backups. If someone has unauthorized control of your desktop computer you have bigger problems.

Whether or not this is true, Apple should add something like File Vault to iOS. Encrypting your backups is redundant if you're already encrypting your whole home directory, but none of that matters if they have access to your unencrypted phone. Check out the police downloader devices the ACLU is investigating: <a href="http://www.aclumich.org/issues/privacy-and-technology/2011-04/1542" rel="nofollow">http://www.aclumich.org/issues/privacy-and-technology/2011-0...</a>

About 6 months ago, I left an ipad on a plane. Unsurprisingly, all my attempts to recover it led to dead ends. I didn't have the mobileme / findmyiphone app installed on it. I understand privacy concerns, but I'd actually like it if Apple did have a copy of this db, and they allowed me to proxy through them / law enforcement so that I could locate this lost device. I know someone has it b/c I can see they were using my Netflix account.

Okay, but do the devices do this if 'Location Services' are turned off.<p>And I assume Cydia will now get an app that forces them off if the os ignores the setting.

Funny, I had to go to a location without internet access, but where I periodically have to "mark" where I am so I can reference it later. I was about to write my own app for this purpose when I saw this post. To boot, I had my iPhone on me the last few days anyway, so this will definitely come in handy.<p>Despite the utility I got out of this, I wish we would be told about it...

I can imagine a jealous spouse saying now to the other "i love you so much honey and from now on i will do your iphone backups. Just to make sure everything is safe for you" Then the jealous spouse downloads the iphone tracker visualization tool: "So honey, where were you last night? Really ? Dont you dare lie to me" :)

The simple solution is select encrypt backups in your iTunes options. If my computer or phone got stolen, I'd have more important things to worry about than whether the thief can find a list of locations I've been. It's fun/interesting to see it mapped out though.

Does no one else agree with me that this is awesome? I love being able to visualize my comings and goings. It's the story of the last year or so of my life, in colored dots.<p>I hope Apple doesn't respond to the "outrage" by no longer collecting this data. To a first order approximation, I am with Scott McNealy over in the "Privacy?! Get over it" camp:<p><a href="http://www.wired.com/politics/law/news/1999/01/17538" rel="nofollow">http://www.wired.com/politics/law/news/1999/01/17538</a><p>As an aside, can real outrage even exist anymore in this age of the easy forum post or re-tweet or tumblr entry or Facebook post? And if it does, how do you identify it? And if you can identify it, what does it mean?

From what I understand, at least with google, this data (the data sent anonymously) is used amoung other things, for the maps traffic feature. If a fair number of phones are traveling below the speed limit on a road, it can be assumed that the traffic is bad on that road. Not sure if the apple data is used for that, or if they get the traffic data from google, but it is one legitimate use.

When I read this I simply had to try it out for myself and quickly plot the data. It's a nice reminder of the places I have been over the past year.<p>I don't mind that Apple have saved the information on the device, what I mind is that they haven't given us an option to clear the logs or to actually visualise the data directly from the phone.

Not news at all to someone in the digital forensic community: <a href="https://alexlevinson.wordpress.com/2011/04/21/3-major-issues-with-the-latest-iphone-tracking-discovery/" rel="nofollow">https://alexlevinson.wordpress.com/2011/04/21/3-major-issues...</a>

I assume Apple collects this data to pass back to skyhook so they can update their database of wifi-to-geolocation data. Must be nice to have millions of sensors roaming around collecting data for you.

A workaround for hacked iOS devices:<p><a href="http://technicalmusings.blogspot.com/2011/04/ios-consolidateddb-workaround-for.html" rel="nofollow">http://technicalmusings.blogspot.com/2011/04/ios-consolidate...</a>

Apple license agreement covering the collection of location data - <a href="http://pastebin.com/EdFJr6iU" rel="nofollow">http://pastebin.com/EdFJr6iU</a>

This has been happening for a long time, has it not?

If you have a 3G device the cell towers already know this and the data is already tracked. So what is new here?

Jailbreak + cron + rm

Apple has been known to collect this information for a while now [1] but storing all this information in a database should not be required for this.<p>If you tuink about how much information you have on your phone, if somebody has access to it or to your backups, I think your locstion history is the least of your problems. But I do agree that it should not store this information, encrypted or not...<p>[1] <a href="http://news.cnet.com/8301-31021_3-20010948-260.html" rel="nofollow">http://news.cnet.com/8301-31021_3-20010948-260.html</a>

If the man really wants your location, he can just ask the phone company.

All of this from a device which prevents you from ever removing its battery.