Last Thursday I took the 4:00 PM Megabus from Boston to New York. I knew where I was going as did a few of my friends. AT&T has a record of the cell towers I accessed along the way, but they're not allowed to disclose that information without a court order. However, thanks to a tracking file stored on my iPhone and a recently released piece of software, anyone with access to my phone or my computer can find out exactly where I've been.
The presence of this tracking file was discovered by researchers Alasdair Allan and Pete Warden who disclosed their findings on the O'Reilly Radar blog and presented them at the Where 2.0 Conference in San Francisco (scroll down for a video of their presentation)
The pair had been working on data visualization projects including creating a map of radiation levels in Japan and were looking into ways to visualize mobile data when they discovered the file. Allan said that he was looking for data on contact information and "I started poking around backups on the Mac and I stumbled across a directory named location d." He looked around and found a file called "consolidated.db" which was full of latitudes and longitudes and time stamps and cell IDs. "The file," added Warden "was a plain SQI file" that was not encrypted."
Allan said that the phone contained "a year's worth of data for every cell that we've been through since we upgraded to IOS 4." And the data persists even if you change phones assuming you follow Apple's recommendation to backup and restore your phone to a computer via iTunes.
Free OS X software lets iPhone users create their own maps
To enable iPhone users to visualize their location data, the researchers created a Mac OS X application called iPhone Tracker that quickly displays your location based on the data from your iPhone backup. Before you download and run the application, you should backup your iPhone via iTunes.
As you can see from my map, there are gaps in the data and there are also data points that are not accurate, but there is enough accurate information to get a good picture of where I've been with my phone. Clicking on the map provides additional detail.
It is not clear why Apple is storing this data on the phone. The two researchers don't know but "one guess might be that they have new features in mind that require a history of your location, but that's pure speculation." As long as we're speculating, perhaps Apple is doing this for quality control or perhaps it was put there by a rogue engineer. Whatever the reason, the only way we're going to find out is if Apple discloses it. So far, Apple has said nothing about the controversy.
Senator has questions
In the meantime, Senator Al Franken (D-Minn) has written an open letter to Apple CEO Steve Jobs, asking why Apple is collecting this information and "does Apple believe that this conduct is permissible under the terms of its privacy policy?"
In a podcast Interview for CBS News and CNET, Electronic Privacy Information Clearinghouse President Marc Rotenberg questioned whether "Apple might have crossed the line and violated Federal communications law."
I'm also anxious to find out and urge Apple to hold a press conference to fully disclose the details behind this mysterious tracking file.
Update: Nate Anderson at Ars Technica pointed out that Apple answered questions about location data collection in a July, 2010 letter (PDF) to Rep. Edward Markey (D-MA) but I didn't see anything in that letter about an unencrypted file that could provide user information to anyone who found (or stole) an iPhone user's phone or computer. It did say that "Apple maintains a secure database containing information regarding known locations of cell towers and Wi-Fi access points. The information is stored in a database accessible only by Apple and does not reveal personal information about any customer." That may be true with data uploaded to Apple but obviously, the data on the phone and the user's computer is not secure.
In the following video, Allan and Warden explain their findings and demonstrate their software.
Follow Larry Magid on Twitter: www.twitter.com/larrymagid
Larry Magid: Will Lion Be the End of the Line for Mac OS X?
R/ PRONESE
Is there an upcoming date where Apple will respond to consumers about the secret location data storage hidden in the iphone?
Why was this information not disclosed to consumers upon purchase of the iphone?
What is the purpose of the collection and data storage of geographical movement?
is this information shared? If so,with whom?
Since this secret collection was hacked, how are consumers other personal data (besides what was undisclosed collection) protected from hackers?
Are there other hidden aspects to the phone not revealed to consumers?
Are my grandchildren safe having an Iphone? Is my house safe when I am away?
Do other Apple products have hidden things in them not disclosed to consumers?
Not only are "sleeper cells," stalkers, and hackers, out to get you, but now your grandchildren and house are under threat.
Best regards,
Good luck at not violating SOMETHING.
If you don't like Steve Jobs knowing where you went, don't use a cell phone. You could, like, ask your significant other what they want from the grocery store before you go there. Or actually invite a friend over and talk to them face to face. Pretty terrible, I know, but this was actually how people lived until a few years ago.
As an added bonus, you'll cut down on your risk of cancer and other health problems associated with exposure to the radiation cell phones emit (http://www.wireless-precaution.com/main/science.php).
they know when you're awake,
they know when you are bad or good so be good for goodness sake.
You better watch out,
you better not cry,
you better not pout I'm tellin' you why,
you'll be lock up forever more.
I downloaded the iPhone tracker and compiled it in Xcode. As soon as it launched it tried to go out and read my file however, I encrypt my iPhone backup (it's a checkbox in iTunes) so it died. Instantly. So I unchecked that switch, entered my password, and then it ran successfully. This means that with a minimal level of security you can protect yourself. Why? Because in order to get at this information you have to do the following:
1) Get access to the iPhone. If you are smart you have a lock code on your phone. My phone is set to turn itself into a paperweight after 10 failed tries to guess my lock code.
2) Login to my laptop meaning someone has to guess my password (and actually the way my Mac is setup you have to guess username and password).
3) Enter the correct password for the encrypted backup. (Which is not the same password for logging into the machine nor is it the same as the password for the key chain or my password manager)
Does that mean it's not possible for someone to get that information? No, but the three things you can do to protect yourself from unauthorized access to this file are things you should do anyway.
My point is that people here and people on Facebook are behaving as if this file was being posted to every web site hosted on a server from Houston to Katmandu and that anyone just strolling by your house could grab this information. I'm just trying to point out that, in fact, you can make this a non-issue (outside of the above rudeness of Apple) by three simple steps ALL of which any iPhone or iPad or, for that matter, computer user should be doing anyway. You should password protect your computer, you should password protect your phone, and since encrypting your iPhone backup is as simple as checking a box, there's no excuse not to do that either. Why act like the world is coming to an end when there's a very simple solution to the problem?
Do you see my point?
According to some it is no big deal because, well, I don't really know why, because it is a big company doing it?
No one should be able to gather information about you without your consent or knowledge, especially when this information is automatically sent to someone.
Personally, I don't have a smartphone or even a cell phone (yes, I am a dinosaur) but that isn't the point.
Michigan police are using a device to download all the information on your cell phone at ordinary traffic stops with a hand held device, therefore, anyone who can get their hands on this device can steal a cell phone (adult or child) and get a lot of information about their routine.
Who asked Apple and Google to do this? Is this why Android ads look as if they are done on a Borg ship?
As for the rest of it, I do blame everyone. For some reason modern technology has given everyone the idea that they are entitled to whatever they want in exchange for the privilege of using their stuff. So much for the "do no evil" philosophy of Google.
Given the general lack of response, I am beginning to wonder if this was done at the behest of someone, say, in Homeland Security? Given the anti-Constitutional approach to wiretapping it seems as if it is certainly possible.
Glad to be back amoung my blogging buds again!!!
On my return from ALBQ I noticed a Homeland Security message in my suitcase stating that this governmental agency felt free to search my suitcase without a search warrant which is unconstitutional.
I will not give up any of my rights or freedoms for any reason and if I had the money I would sue the U.S. Government for this unconstitutional act.
Americans must be aware by now that Homeland Security, the CIA, FBI, Blackwater, the NSA and the SIC (Security Industrial Complex) at a cost of 100 billion a year have established a police state in this country using the excuse that they are giving us all this security and that is a damn lie and no governmental agency has the right to ignore the U.S. Constitution FOR ANY REASON!!!
A people who are willing to give up their rights for security reasons will end up with neither one.
Big brother can find you just by accessing your phone records, people call or watch things on their IPhone at ballgames, movie theaters etc. People are addicted to all these functions and they use it for practically everything.
If someone is so worried about this tracking device then leave the IPhone at home
Use a pay phone, that is if you can find one ha ha