Free Republic
Browse · Search
General/Chat
Topics · Post Article

Skip to comments.

3 Major Issues with the Latest iPhone Tracking “Discovery”
ALex Levinson Security Blog ^ | April 21, 2011 | Alex Levinson

Posted on 04/21/2011 11:47:24 PM PDT by Swordmaker

Today, two researchers for O’Reilly media published an article claiming discovery of a hidden tracking system on the iOS 4 operating system. Using simple techniques, Alasdair Allan and Pete Warden extracted data off of an iOS version 4 device and wrote an open source software utility to effectively graph this data onto a map. As a fellow researcher, I champion their creativity and their development. As an expert in this field, I have three points of argument to raise.

1) Apple is not collecting this data.

And to suggest otherwise is completely misrepresenting Apple. I quote:

Apple is gathering this data, but it’s clearly intentional, as the database is being restored across backups, and even device migrations.

Apple is not harvesting this data from your device. This is data on the device that you as the customer purchased and unless they can show concrete evidence supporting this claim – network traffic analysis of connections to Apple servers – I rebut this claim in full. Through my research in this field and all traffic analysis I have performed, not once have I seen this data traverse a network. As rich of data as this might be, it’s actually illegal under California state law:

(a) No person or entity in this state shall use an electronic tracking device to determine the location or movement of a person.

I don’t think that’s a legal battle Apple wants to face considering the sale of over 100 million iDevices worldwide. That raises the question – how is this data used? It’s used all the time by software running on the phone. Built-In applications such as Maps and Camera use this geolocational data to operate. Apple provides an API for access to location awareness called Core Location. Here is Apple’s description of this softare library:

The Core Location framework lets you determine the current location or heading associated with a device. The framework uses the available hardware to determine the user’s position and heading. You use the classes and protocols in this framework to configure and schedule the delivery of location and heading events. You can also use it to define geographic regions and monitor when the user crosses the boundaries of those regions.

Seems pretty clear. So now the question becomes why did this “hidden” file secretly appear in iOS 4?

2) This hidden file is neither new nor secret.

It’s just moved. Location services have been available to the Apple device for some time. Understand what this file is – a log generated by the various radios and sensors located within the device. This file is utilized by several operations on the device that actually is what makes this device pretty “smart”. This file existed in a different form prior to iOS 4, but not in form it is today.

Currently, consolidated.db lies within the “User Data Partition” on the device. This is a logical filesystem that maintains non-system level privileges and where most of the data is stored. When you perform an iOS Backup through iTunes, it is backing up this partition. Prior to iOS 4, a file called h-cells.plist actually existed in the /root/Library/caches/locationd folder, but with hidden access from other software and applications. h-cells.plist contained much of the same information regarding baseband radio locations as consolidated.db does now, but in Apple Property List format rather than sqlite3. Through my work with various law enforcement agencies, we’ve used h-cells.plist on devices older than iOS 4 to harvest geolocational evidence from iOS devices.

So lets recap.

h-cells.plist = Pre iOS 4 / Radio Logs including Geolocational Data / Hidden from Forensic Extraction (usually)

consolidated.db = iOS 4+ / Radio logs including geolocational Data / Easily acquired through simple forensic techniques

The change comes with a feature introduced in iOS 4 – Mutlitasking and Background Location Services. Apps now have to use Apple’s API to operate in the background – remember, this is not pure unix we’re dealing with – it is only a logical multitasking through Apple’s API. Because of these new APIs and the sandbox design of 3rd party applications, Apple had to move access to this data. Either way, it is not secret, malicious, or hidden. Users still have to approve location access to any application and have the ability to instantly turn off location services to applications inside the Settings menu on their device. That does not stop the generation of these logs, however, it simply prevents applications from utilizing the APIs to access the data.

3) This “discovery” was published months ago.

I understand that Mr. Allan and Mr. Warden are valued researchers for O’Reilly, but they have completely missed the boat on this one. In the spirit of academia, due diligence is a must to determine who else has done such research. Mr. Allan, Mr. Warden, and O’Reilly have overlooked and failed to cite an entire area of research that has already been done on this subject and claimed full authorship of it. Let’s break down my history:

Back in 2010 when the iPad first came out, I did a research project at the Rochester Institute of Technology on Apple forensics. Professor Bill Stackpole of the Networking, Security, & Systems Administration Department was teaching a computer forensics course and pitched the idea of doing forensic analysis on my recently acquired iPad. We purchased a few utilities and began studying the various components of apple mobile devices. We discovered three things:

After presenting that project to Professor Stackpole’s forensic class, I began work last summer with Sean Morrissey, managing director of Katana Forensics on it’s iOS Forensic Software utility, Lantern. While developing with Sean, I continued to work with Professor Stackpole an academic paper outlining our findings in the Apple Forensic field. This paper was accepted for publication into the Hawaii International Conference for System Sciences 44 and is now an IEEE Publication. I presented on it in January in Hawaii and during my presentation discussed consolidated.db and it’s contents with my audience – my paper was written prior to iOS 4 coming out, but my presentation was updated to include iOS 4 artifacts.

Throughout the summer, I worked extensively with Sean on both developing Lantern and writing custom software to interpret forensic data for customers of ours who needed better ways of searching for and interpreting data.

When the iPhone 4 came out, I was one of the first people in San Francisco to grab one (yes I waited to be in the front of that awful line).

Me in Line for the iPhone 4 in San Francisco

( Look for the RIT shirt )

Within 24 hours of the iPhone 4′s release, we had updated Lantern to support forensic analysis of iOS 4.0 devices. Within 36 hours, we had began writing code to investigate consolidated.db. Once a jailbreak came out for iOS 4, I wrote a small proof of concept application to harvest the contents of consolidated.db and feed it to a server for remote location tracking.

Ever since then, location artifacts have been a main area of interest for me. I’m now the Lead Engineer for Katana Forensics leading all technical research and development of both Lantern and private utilities. I travelled to Salt Lake City, UT in November for the Paraben Forensics Innovation Conference (PFIC) and presented with Sean on iOS Forensics including the content of consolidated.db. At that same conference, Sean and I announced the development of Lantern 2.0 which would fully support the interrogation of consolidated.db and other geolocational artifacts scattered throughout the device.

Sean and I even wrote a book detailing iOS forensics involving iOS 4 devices that came out on December 5th, 2010.

Sean Morrissey, Primary Author, Alex Levinson, Contributor

In the course of writing Chapter 10 – Network Forensics – I fully explain and detail the examination of consolidated.db and other network artifacts within the device!

Page 335 - Continued on page 336.

In February of 2011, Sean and I previewed Lantern 2.0 at the DoD Cyber Crimes Conference in Washington, DC including our geolocational features. Lantern 2.0 has been on the market for months now and performs the same functionality Mr. Warden’s utility does and much more. We correlate geolocational data embedded in images and third party application. We give you a geolocational timeline of events in list view showing much more than baseband logs within consolidated.db.

While forensics isn’t in the forefront of technology headlines these days, that doesn’t mean critical research isn’t being done surrounding areas such as mobile devices. I have no problem with what Mr. Warden and Mr. Allan have created or presented on, but I do take issue with them making erroneous claims and not citing previously published work. I’m all for creative development and research, as long as it’s honest.



TOPICS: Business/Economy; Computers/Internet
KEYWORDS: apple; franken; iphone; markey; tracking

1 posted on 04/21/2011 11:47:27 PM PDT by Swordmaker
[ Post Reply | Private Reply | View Replies]

To: ~Kim4VRWC's~; 1234; 50mm; Abundy; Action-America; acoulterfan; AFreeBird; Airwinger; Aliska; ...
The "tracking" that's in the iPhone and iPad is nothing to worry about... nor is it a "new" discovery, or anything sinister... it's been there since day one and is NOT what they are saying it is... read about it here. PING!

Please, No Flame Wars, Discuss technical issues, software, and hardware.
Don't attack people!

Don't respond to the Anti-Apple Thread Trolls!
PLEASE IGNORE THEM!!!


Apple "tracking" Low Down Ping!

If you want on or off the Mac Ping List, Freepmail me.

2 posted on 04/21/2011 11:51:31 PM PDT by Swordmaker (This tag line is a Microsoft product "insult" free zone.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Swordmaker

This is disinformation. I’ll just pick out one line, but my comments apply to the rest:

“Built-In applications such as Maps and Camera use this geolocational data to operate.”

There is no need for a long log of everywhere you have been to make the Maps and Cameras functions operable. A real time (or a record of the most recent GPS lock) would be sufficient for these functions.

Likewise with the rest of the excuses, except for the forensics aka government tracking...


3 posted on 04/21/2011 11:56:05 PM PDT by piytar (Talga Vassternich)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Swordmaker; All
Thanks for posting this. Franken (D-MN) and Markey (D-MA) are working themselves up over it.

I knew this had been discovered over 6 months ago. I'm glad this author is taking credit for having published about it and setting the record straight.

4 posted on 04/21/2011 11:56:27 PM PDT by newzjunkey
[ Post Reply | Private Reply | To 1 | View Replies]

To: piytar; All
How are real facts "disinformation" to you?

How useful would it be for law enforcement? It's not even GPS level data, just a rough location fix based on nearby cell towers. That might show you miles from your actual location. The data is likely kept as a cache. Android phones do it also, they only keep the most recent data.

The long history of data kept on the Apple phones maybe just be a programming error or oversight.

This is a tempest in a teapot. It's great for headline grabbing and morons like Ed Markey and Al Franken to bluster about.

5 posted on 04/22/2011 12:05:55 AM PDT by newzjunkey
[ Post Reply | Private Reply | To 3 | View Replies]

To: piytar
There is no need for a long log of everywhere you have been to make the Maps and Cameras functions operable. A real time (or a record of the most recent GPS lock) would be sufficient for these functions.

Sorry, but you really don't know what you are talking about. There is much more to what Core Location does that what you are referring to.

You offhandedly dismiss an EXPERT in forensic software analysis in favor of a couple of amateurs who really haven't a clue about what they found???

This guy writes software for police and governments to examine cellphone content... for a living. HE KNOWS WHAT HE IS TALKING ABOUT. Read the rest of the article before you dismiss what he has to say. He explains it and provides PROOF of what he says.

Further, this database does NOT keep what you claim... every time it logs the same location, it replaces the previous time you were there. It LOGS the location of the WIFI hotspot or Cell Tower radio, not the fact YOU were there and when is recorded just to know that newer data is to replace older data. It does not keep how many times you were by that radio point, just that you have been near that tower and the phone logged it... one record per radio source.

6 posted on 04/22/2011 12:09:30 AM PDT by Swordmaker (This tag line is a Microsoft product "insult" free zone.)
[ Post Reply | Private Reply | To 3 | View Replies]

To: newzjunkey; piytar
How useful would it be for law enforcement? It's not even GPS level data, just a rough location fix based on nearby cell towers. That might show you miles from your actual location. The data is likely kept as a cache. Android phones do it also, they only keep the most recent data.

It isn't useful for law enforcement... it is useful for quick zeroing in for the GPS so that users only have to wait seconds instead of having to wait minutes for the real GPS to find their locations from the satellite GPS signals. Apple uses Cell Tower assisted GPS geolocation based on this database... and it is fast because most people stay within a specific area and use cell towers within that area. Apple's Core Location system stores the specific location information for those towers in this database and doesn't have to ping them every time to assist the GPS system, thereby speeding up the display of where the iPad or iPhone is located on the screen... making it much more usable for the owner. Those who have turned off their database caching are finding their mapping, routing, and other apps that use these abilities are crippled, drastically. That is the stupidity of this panic.

7 posted on 04/22/2011 12:19:08 AM PDT by Swordmaker (This tag line is a Microsoft product "insult" free zone.)
[ Post Reply | Private Reply | To 5 | View Replies]

To: Swordmaker; newzjunkey
every time it logs the same location, it replaces the previous time you were there

Not what I read. I read that the phone keeps a continuous log of everywhere you've been. If what I read was wrong, then I concede the point. If I was right, then I see NO valid technical reason for keeping a year long log of where you've been.

8 posted on 04/22/2011 12:29:13 AM PDT by piytar (Talga Vassternich)
[ Post Reply | Private Reply | To 6 | View Replies]

To: Swordmaker; newzjunkey
From the article I linked:

I've downloaded and run the program and can confirm that it lets me retrace my movements over the past 10 months with a scary level of precision. (Warden and Allan have obfuscated the data slightly in their application by showing information on a week-by-week basis, though they say that the data file it draws from goes down to the second.) The two scientists will be presenting their findings on Wednesday at the Where 2.0 conference in San Francisco.

According to Warden and Allan, the data seems to be compiled from cell tower triangulation, rather than GPS, which reduces its full precision (in my own investigation, I noted there also appears to be a log of Wi-Fi location data as well). My own map showed clusters around my home in Boston; the Macworld office in San Francisco, which I visit frequently; and other locations that I've visited in the past year, including Chicago and Houston. Zooming in further shows more detailed information, to the point of letting me isolate individual trips I've taken. And because the information is timestamped, you can theoretically even retrace steps on an extremely granular basis.

What technical reason justifies a 10 month track including WiFi spots? And cell tower triangulation can get you to within a couple hundred feet, not a few miles.

9 posted on 04/22/2011 12:33:52 AM PDT by piytar (Talga Vassternich)
[ Post Reply | Private Reply | To 6 | View Replies]

To: Swordmaker
Wake me up when it can find my car keys...

ZZZZZZZzzzzzzzzzzz

10 posted on 04/22/2011 12:36:51 AM PDT by SGCOS
[ Post Reply | Private Reply | To 1 | View Replies]

To: piytar
According to Warden and Allan, the data seems to be compiled from cell tower triangulation, rather than GPS, which reduces its full precision (in my own investigation, I noted there also appears to be a log of Wi-Fi location data as well). My own map showed clusters around my home in Boston; the Macworld office in San Francisco, which I visit frequently; and other locations that I've visited in the past year, including Chicago and Houston. Zooming in further shows more detailed information, to the point of letting me isolate individual trips I've taken. And because the information is timestamped, you can theoretically even retrace steps on an extremely granular basis.

It reads the clock and puts a time stamp on the record. That's all. That's why it has an accurate time/date stamp on the file entry. Several people have examined the file and find ONE entry per cell tower: the latest time it was read. . . not every time it was read. Some claim that an error on their file handling (John Gruber) may have resulted in multiple entries. Most, have found only one entry per tower/WIFI site.

11 posted on 04/22/2011 1:43:16 AM PDT by Swordmaker (This tag line is a Microsoft product "insult" free zone.)
[ Post Reply | Private Reply | To 9 | View Replies]

To: Swordmaker

Obama wants to know where you go and what you do. Big brother is looking .


12 posted on 04/22/2011 5:06:48 AM PDT by ncfool (The new USSA - United Socialist States of AmeriKa. Welcome to Obummers world or Obamaville USSA.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Swordmaker

I am an anti-socialist and thus with the current political leadership my freedom of speech could be viewed as seditious.

Why take the chance?

I use a disposable Tracphone, if I do get a smartphone it will be in a portable farday shielded case, it will NOT be my monitor into where I am or what I do.


13 posted on 04/22/2011 5:09:53 AM PDT by Eye of Unk (Communism is a diease, a global failure and endorses Barack Hussein Obama.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Swordmaker

As far as I have understood cell phones, this is nothing really new. All cell phone carriers have always known which tower you are connected to when you call, and have made that information available to law enforcement without a warrant for years. I don’t see how this new revelation is any more intrusive than what has always been happening with cell phones.


14 posted on 04/22/2011 5:51:04 AM PDT by Vince Ferrer
[ Post Reply | Private Reply | To 1 | View Replies]

To: Swordmaker

I call BS. Users should be able to turn tracking on and off. I *believe* this is a feature in windows phone 7...users can choose whether to have location services on or off. That’s the way to do it. Maybe Apple will copy Microsoft and allow users to choose if they want to be tracked.


15 posted on 04/22/2011 6:10:29 AM PDT by for-q-clinton (If at first you don't succeed keep on sucking until you do succeed)
[ Post Reply | Private Reply | To 2 | View Replies]

To: Vince Ferrer

Here’s how it’s relevant. Now you can grab a co-workers iPhone...grab this file off of it and find out where he’s been going for the past year.

Maybe he likes to visit nursing homes and care for the elderly and doesn’t want people to know. Or maybe he’s cheating on his wife with your wife and doesn’t want you to find out.

Bottomline is this is bad and if Microsoft had done this everyone defending apple right now would be lampooning Microsoft for this.


16 posted on 04/22/2011 6:15:30 AM PDT by for-q-clinton (If at first you don't succeed keep on sucking until you do succeed)
[ Post Reply | Private Reply | To 14 | View Replies]

To: for-q-clinton

Bottom line: Even if there’s a legitimate reason for the phone to store this data, there’s no justification for the crap security (basically, mere security-by-obscurity) on it.


17 posted on 04/22/2011 7:26:54 AM PDT by technonerd
[ Post Reply | Private Reply | To 16 | View Replies]

To: technonerd

True. Police now have a device that it plugs into the iPhone and grabs all the users data. And they are getting this during traffic stops! So if they grab your file and see you were at a crime scene around the same time a crime was committed...wammo you are now a suspect. And in our police system you are GUILTY until proven innocent.

Thanks Apple.


18 posted on 04/22/2011 7:53:49 AM PDT by for-q-clinton (If at first you don't succeed keep on sucking until you do succeed)
[ Post Reply | Private Reply | To 17 | View Replies]

To: for-q-clinton
Or maybe he’s cheating on his wife with your wife and doesn’t want you to find out.

At the nursing home?

19 posted on 04/22/2011 12:28:40 PM PDT by Mind-numbed Robot (I retain the right to be inconsistent, contradictory and even flat-out wrong!)
[ Post Reply | Private Reply | To 16 | View Replies]

To: Swordmaker

Nothing in this article refutes the existence or magnitude of the problem; in one area, he basically confirms the worst case scenario. The author seems to be mainly concerned that he didn’t receive proper credit for finding out about these logs first. Apple should be scrambling to release a firmware update that lets the user turn off this data logging, and an application that allows past logs to be deleted from any computers or backups that were made when syncing.


20 posted on 04/22/2011 1:42:01 PM PDT by Turbopilot (iumop ap!sdn w,I 'aw dlaH)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Mind-numbed Robot

Possibly. I may need to check my wife’s iPhone to confirm. Oh wait...I need to get her an iPhone so I can easily track her where abouts.

There’s no escaping this privacy issue for the iBots...this is bad anyway you look at it.


21 posted on 04/22/2011 2:03:36 PM PDT by for-q-clinton (If at first you don't succeed keep on sucking until you do succeed)
[ Post Reply | Private Reply | To 19 | View Replies]

To: Swordmaker

When Google collects data, it is suspect.

When Microsoft has data leaks, fears are raised.

When Apple creates a log of your movements, it is defended.

Sorry, but anyone who defends this is a class-a hypocrite unless they can show where they have posted a defense of other companies doing the same thing.


22 posted on 04/22/2011 2:05:35 PM PDT by Erik Latranyi (Too many conservatives urge retreat when the war of politics doesn't go their way.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Turbopilot

There you go trying to put common sense into this. That will get you banned from the apple threads. They only like to listen to like minded pro-apple posts.


23 posted on 04/22/2011 2:07:28 PM PDT by for-q-clinton (If at first you don't succeed keep on sucking until you do succeed)
[ Post Reply | Private Reply | To 20 | View Replies]

To: for-q-clinton
Oh wait...I need to get her an iPhone so I can easily track her where abouts.

Couldn't she just go to the mall, or wherever, and then turn it off and go elsewhere? Upon completing her tryst she could return to the mall and turn it back on then go home.

There’s no escaping this privacy issue for the iBots...this is bad anyway you look at it.

As others have explained, I am not smart enough to know, the phone only stores the last time a tower or other hotspot was used, not each time it was used. That makes creating a long term map of travel impossible.

Also, for law enforcement purposes, a warrant for the information from the service provider will produce the same thing. I remember years ago a well know preacher in Dallas killed (allegedly) his wife to be with another woman. The strongest evidence against him was his cell phone records showing where he was when. So, this has been available a long time.

24 posted on 04/22/2011 2:43:06 PM PDT by Mind-numbed Robot (I retain the right to be inconsistent, contradictory and even flat-out wrong!)
[ Post Reply | Private Reply | To 21 | View Replies]

To: piytar

I agree this is disinformation.

Divorce lawyers include cell phone records in their discovery requests and this week this was the buzz for a new request to preserve this file as evidence.

Not just for affairs, but how many times did a person go to the bank? which bank?


25 posted on 04/22/2011 3:13:09 PM PDT by longtermmemmory (VOTE! http://www.senate.gov and http://www.house.gov)
[ Post Reply | Private Reply | To 3 | View Replies]

To: Mind-numbed Robot

1) She can’t just turn it off if she needs it to stay in contact and return my calls when I call her.

2) This does make a map...this is a bit of damage control in this thread that’s not 100% accurate.

3) The point is a warrant is a bit harder to get...but as it stands right now in Michigan police have a tool to grab this from an iPhone no warrant needed.


26 posted on 04/22/2011 3:46:29 PM PDT by for-q-clinton (If at first you don't succeed keep on sucking until you do succeed)
[ Post Reply | Private Reply | To 24 | View Replies]

To: for-q-clinton
Here’s how it’s relevant. Now you can grab a co-workers iPhone...grab this file off of it and find out where he’s been going for the past year.

Not that easy. You still have to get past the pass codes. It's also just been revealed that Android phones and devices send location data directly to Google several times an hour. . . not just keeps it on the phone for the phone's Apps' use, never sending it to Apple, as is the case with the iPhone. Apple does not mine this data for anything personal.

27 posted on 04/22/2011 10:22:10 PM PDT by Swordmaker (This tag line is a Microsoft product "insult" free zone.)
[ Post Reply | Private Reply | To 16 | View Replies]

To: for-q-clinton

Also you CAN turn location services off in iPhones and iPads. You can’t turn off the cell tower ID logging that is recorded. That’s in every phone including Windows7 phones. It’s part of the functionality of the phones. That’s what this is. That’s ALL this is. READ THE ARTICLE. Apple is not mining this data! That is illegal. The author states that as a fact. He also states as a fact that analysis of the signals coming from the devices have never found this data being transmitted. It is merely retained in the phone in a DB file for the purposes of the apps in the phone as he describes.


28 posted on 04/22/2011 10:32:49 PM PDT by Swordmaker (This tag line is a Microsoft product "insult" free zone.)
[ Post Reply | Private Reply | To 15 | View Replies]

To: Turbopilot
Nothing in this article refutes the existence or magnitude of the problem; in one area, he basically confirms the worst case scenario. The author seems to be mainly concerned that he didn’t receive proper credit for finding out about these logs first. Apple should be scrambling to release a firmware update that lets the user turn off this data logging, and an application that allows past logs to be deleted from any computers or backups that were made when syncing.

Why??? The data is NOT as accurate as these breathless claims make out. It is a list of the cell towers locations and WIFI hotspots your phone was connected to as you moved around the areas you went. These can be as much as THREE MILES away from your real location. . . Or more. It is NOT GPS data at all. The author's point was not that he was the "discoverer", but rather that there is nothing "new" here because there was nothing to "discover!!!" This was all well documented (it's called "Core Location") and Apple had moved the file to make it more usable and was providing APIs for developers to USE this data in their apps! Turning it off would cripple many of the functions that make the iPhone work as well as it does!

The author of this article's specialty and his book are about the Forensic use of the data, nothing more. He is not worried about claiming discovery rights for this data... Because it wasn't a discovery.

There is NOTHING SINISTER about this data. It is just the FUD spin that these two ignorant "discoverers" are putting on something that they think they "found" that is making headlines among equally ignorant news people... And paranoid people who are believing the hype!

29 posted on 04/22/2011 10:55:33 PM PDT by Swordmaker (This tag line is a Microsoft product "insult" free zone.)
[ Post Reply | Private Reply | To 20 | View Replies]

To: longtermmemmory
"I agree this is disinformation.

Divorce lawyers include cell phone records in their discovery requests and this week this was the buzz for a new request to preserve this file as evidence.

Not just for affairs, but how many times did a person go to the bank? which bank?"

____________________________________________

Plus the fact that this data is unencrypted. The people defending this sound like Obama supporters... no logic.
30 posted on 04/22/2011 11:05:49 PM PDT by Minus_The_Bear
[ Post Reply | Private Reply | To 25 | View Replies]

To: for-q-clinton
2) This does make a map...this is a bit of damage control in this thread that’s not 100% accurate.

Sure it makes a map... It plots the cell tower and WIFI locations your phone has connected to around where you've been... What do you expect? It does not put a trail showing your pathway.

As for the Michigan Police? Don't give them permission to search you or your vehicle. They have to arrest you to search you or your vehicle without permission.

31 posted on 04/22/2011 11:15:33 PM PDT by Swordmaker (This tag line is a Microsoft product "insult" free zone.)
[ Post Reply | Private Reply | To 26 | View Replies]

To: Swordmaker
Why???

Seriously? There's no good use for this data collection, and plenty of ways it could be misused. Would you want the IRS demanding you send them the file to prove any business trips or mileage deductions you've taken? The police calling you in for an interview because you were in the same area at the same time a crime was committed? Apparently at least one police department in Michigan already has the ability to pull saved data off cell phones, so this is not just a theoretical concern.

The author is cavalier because he's in forensics, so from his perspective these data can be useful. From a consumer's perspective, I don't want to be under a forensic microscope - I at least deserve the choice of whether or not I want this information about myself collected.

It's not FUD. The data are being collected, and while it may not be as accurate as GPS coordinates, it's a lot more accurate than your worst-case 3 miles estimate, in most cases. I absolutely stand by my original comment that Apple should immediately release a software update that allows the user to turn off this data collection feature and delete any previously saved logs both on the phones and on any computers they're backed up to.

32 posted on 04/22/2011 11:18:35 PM PDT by Turbopilot (iumop ap!sdn w,I 'aw dlaH)
[ Post Reply | Private Reply | To 29 | View Replies]

To: Minus_The_Bear
Plus the fact that this data is unencrypted. The people defending this sound like Obama supporters... no logic.

Good grief. It's unencrypted because most people with iPhones and iPads CHOOSE not to encrypt the iPhone files. It is perfectly possible to encrypt them to 256 bit AES encryption if the user wants it. Most don't worry about it. As I've pointed out the accuracy of this data is REALLY poor... Like a three mile radius for cell tower IDs. . . 300 feet for WIFI hotspots. . . At worst.

33 posted on 04/22/2011 11:30:26 PM PDT by Swordmaker (This tag line is a Microsoft product "insult" free zone.)
[ Post Reply | Private Reply | To 30 | View Replies]

To: Swordmaker

Add to which reports today on fox that Android/Google does the same with the added twist the info is tied to the actual device.

iPhone post.


34 posted on 04/22/2011 11:36:45 PM PDT by moehoward
[ Post Reply | Private Reply | To 1 | View Replies]

To: Turbopilot
Seriously? There's no good use for this data collection, and plenty of ways it could be misused. Would you want the IRS demanding you send them the file to prove any business trips or mileage deductions you've taken? The police calling you in for an interview because you were in the same area at the same time a crime was committed? Apparently at least one police department in Michigan already has the ability to pull saved data off cell phones, so this is not just a theoretical concern.

There certainly IS a good use for this data. It's used to assist the GPS in finding locations in seconds rather than minutes. From other reading on the Core Location DB file, it's my understanding that each cell tower's data is replaced at each encounter. It is against the law for Apple to track anyone. . . As pointed out by the article. If Apple were doing it, they would be at risk of severe legal repercussions.

As for IRS seeking confirmation, I have no fear of that as my claimed mileage is legitimate. Isn't yours? Fourth amendment, anyone? The cell towers in the vicinity of the crime scene already have the ID code of your phone. The police have no need of your phone's log. It's proves nothing.

Are you aware that Google Android phones have been found to report their GPS location several times an hour to Google, not just keep a log of cell towers and hotspots in a file on the phone and cached on the phone owner's computer???? What is GOOGLE doing with those data???

35 posted on 04/23/2011 12:08:09 AM PDT by Swordmaker (This tag line is a Microsoft product "insult" free zone.)
[ Post Reply | Private Reply | To 32 | View Replies]

To: Swordmaker
There certainly IS a good use for this data. It's used to assist the GPS in finding locations in seconds rather than minutes.

That might* be a good reason for the phone to know where it is "now". So might geotagging pictures or getting driving directions from your current location. But none of those reasons require or are benefitted by the phone keeping a log of where it was a week, a month, or a year ago.

*-iPhones and iPads can locate themselves very precisely with GPS in seconds, not minutes, even without the benefit of a 3G signal, so the devices don't even need current cell tower position information to work just fine.

From other reading on the Core Location DB file, it's my understanding that each cell tower's data is replaced at each encounter.

Have you looked at a map of the data stored from a phone? Your understanding does not comport with the information displayed on such a map.

If Apple were doing it, they would be at risk of severe legal repercussions.

I couldn't care less if Apple (or Google, or Microsoft, or Nokia) were collecting the data, although there's no technical reason why they couldn't. It's the potential use by government or private parties who might want to track me, personally, that's the problem.

As for IRS seeking confirmation, I have no fear of that as my claimed mileage is legitimate. Isn't yours?

Of course. I just don't want to have to go through yet another layer of data collection to prove it. Nor do I think the IRS needs to know where I went on vacation or how I spend my Saturday nights because they demand my location data so I can deduct my business expenses, even though my activities in those situations are entirely legal.

Are you aware that Google Android phones have been found to report their GPS location several times an hour to Google, not just keep a log of cell towers and hotspots in a file on the phone and cached on the phone owner's computer???? What is GOOGLE doing with those data???

I was not aware. But I was very young when I learned that just because one person is doing something wrong, it's not okay for someone else to do the same thing. Google should release an update giving Android users the ability to shut off that data collection, just as Apple should.

36 posted on 04/23/2011 12:44:17 AM PDT by Turbopilot (iumop ap!sdn w,I 'aw dlaH)
[ Post Reply | Private Reply | To 35 | View Replies]

To: Swordmaker
Not that easy. You still have to get past the pass codes.

Dude...you don't know what you're talking about. The devices passes any pinlocks and passcodes. So yes it is that easy.

I agree google has issues too. What I don't know is if Android allows you to turn it off. My friend who has an android swears he can, but I think he's confused.

I know on my windows phone 7 I can turn it off though. I don't know if MS is still recording the info though, but so far it appears Windows phone 7 is the phone to get if you care about privacy.

37 posted on 04/23/2011 8:10:00 AM PDT by for-q-clinton (If at first you don't succeed keep on sucking until you do succeed)
[ Post Reply | Private Reply | To 27 | View Replies]

To: Swordmaker

Michigan police. Well that’s not really an option right now :-( That’s why the ACLU is getting involved.


38 posted on 04/23/2011 8:11:24 AM PDT by for-q-clinton (If at first you don't succeed keep on sucking until you do succeed)
[ Post Reply | Private Reply | To 31 | View Replies]

To: Swordmaker
There certainly IS a good use for this data. It's used to assist the GPS in finding locations in seconds rather than minutes.

Two things. Windows phone 7 has an option to turn on this feature for fast finding the phone (by default it is off).

Two why does Apple need to keep a history of it forever and then transfer it from device to device?

39 posted on 04/23/2011 8:15:38 AM PDT by for-q-clinton (If at first you don't succeed keep on sucking until you do succeed)
[ Post Reply | Private Reply | To 35 | View Replies]

To: Minus_The_Bear
The people defending this sound like Obama supporters... no logic.

True. But isn't that the norm? This is the typical way these threads go when apple has bad press.

In this thread the iBots say it's ok because Apple isn't doing anything with the data (even though WSJ shows the data going back to Apple). Then they say but Google is doing it and tracking it every hour so that's bad, but it's ok for Apple to do similar things.

One of my favorites on another topic is that the Apple Max OSX was the first hacked machine for 3 years in a row at a hacking competition. Yes Linux and Windows both were more secure and took longer to hack. At first they were silent for at least 1 week...then they got their marching orders. The reason it happened is it took a NASA scientist to hack the Mac and it was pre-staged (3 years in a row!!!). As if that makes it any better. It's not like Russia and China doesn't have any smart hackers ya know. But to them it's ok because it was just one uber smart guy that was able to hack the Mac...while it took others more time to hack Linux and Windows. I know it makes no sense but hey it's like you said they remind us of Obama supporters.

40 posted on 04/23/2011 8:25:54 AM PDT by for-q-clinton (If at first you don't succeed keep on sucking until you do succeed)
[ Post Reply | Private Reply | To 30 | View Replies]

To: for-q-clinton
Two why does Apple need to keep a history of it forever and then transfer it from device to device?

What part of it doesn't keep the history forever do you fail to understand?... it replace each tower data every time it's encountered so that the data for that tower is only the most recent... There is a map of where you have been... but not every time. Transferring from device to device makes the device smart... it doesn't have to REBUILD your database for each new device. Understand now?

41 posted on 04/23/2011 11:32:09 AM PDT by Swordmaker (This tag line is a Microsoft product "insult" free zone.)
[ Post Reply | Private Reply | To 39 | View Replies]

To: Swordmaker

Actually that’s the biggest damage control spin I think I’ve ever seen. Plus it doesn’t jive with what the reports are saying about it. So you can damage control all day long but no one is buying it.


42 posted on 04/23/2011 5:02:00 PM PDT by for-q-clinton (If at first you don't succeed keep on sucking until you do succeed)
[ Post Reply | Private Reply | To 41 | View Replies]

To: Swordmaker

Plus according to the Wall Street Journal:

Apple Inc.’s iPhones and Google Inc.’s Android smartphones regularly transmit their locations back to Apple and Google, respectively, according to data and documents analyzed by The Wall Street Journal—intensifying concerns over privacy and the widening trade in personal data.

Read more: http://online.wsj.com/article/SB10001424052748703983704576277101723453610.html#ixzz1KOTCjKJ9

Looks like they are transmitting data back to Apple. But I thought you said they weren’t. Who do I believe? A well respected new sources or a spin doctor for Apple? Tough call, but I’m going with the WSJ on this one.


43 posted on 04/23/2011 5:05:29 PM PDT by for-q-clinton (If at first you don't succeed keep on sucking until you do succeed)
[ Post Reply | Private Reply | To 41 | View Replies]

To: for-q-clinton
Looks like they are transmitting data back to Apple. But I thought you said they weren’t. Who do I believe? A well respected new sources or a spin doctor for Apple? Tough call, but I’m going with the WSJ on this one.

I said Apple was not sending this DB data to itself, it isn't. The author of this article, an EXPERT on forensic data extraction, analyzing the data coming from the iPhone did not find the data being sent. Apple says it isn't. Ergo, this data isn't. I stand on that evidence.

What is being sent?

Here's what the WSJ actually said about what Apple actually said they do with the data:

Apple, meanwhile, says it "intermittently" collects location data, including GPS coordinates, of many iPhone users and nearby Wi-Fi networks and transmits that data to itself every 12 hours, according to a letter the company sent to U.S. Reps. Edward Markey (D-Mass.) and Joe Barton (R-Texas) last year. Apple didn't respond to requests for comment. . .

. . . In its letter to Congress last year, Apple said that it only collects location data from people who use apps that require location. It doesn't specify how often a person must use the app for intermittent collection to occur.

Apple also said in the letter that it collects Wi-Fi and GPS information when the phone is searching for a cellular connection. Apple said the data it transmits about location aren't associated with a unique device identifier, except for data related to its mobile advertising network. (emphasis mine, Swordmaker)

Apple gathers the data to help build a "database with known location information," the letter says. "This information is batched and then encrypted and transmitted to Apple over a Wi-Fi Internet connection every twelve hours (or later if the device does not have Wi-Fi Internet access at that time)," the company wrote in the July letter to Congress.

The letter, which is available on Rep. Markey's website, became newsworthy this week in light of findings from two researchers who uncovered a file on iPhones that keeps a record of where the phone has been and when it was there. The file is unencrypted and stored by default. .

In other words, the ONLY time Apple gets data associated with location that has a phone Identifier connected with it is when the user clicks on an ad requesting information about the item or service being advertised—so that a proper response may be sent to the user. That's part of what Apple has stated Core Location services does... Nothing hidden or sinister. All other times the data is purely raw data sent anonymously and associated with the search for cellular connections.

So, yes, why NOT go with your own article from the Wall Street Journal and their primary source on this claim. . . The letter sent to Congressman Markey last year explaining then, up front and plainly Apple's policy.

44 posted on 04/23/2011 11:27:06 PM PDT by Swordmaker (This tag line is a Microsoft product "insult" free zone.)
[ Post Reply | Private Reply | To 43 | View Replies]

To: Swordmaker

More damage control I see. But at least you do acknowledge it’s wrong for Google to do this, but for Apple it’s ok.


45 posted on 04/24/2011 8:13:02 AM PDT by for-q-clinton (If at first you don't succeed keep on sucking until you do succeed)
[ Post Reply | Private Reply | To 44 | View Replies]

To: for-q-clinton
More damage control I see. But at least you do acknowledge it’s wrong for Google to do this, but for Apple it’s ok.

You want to believe everything is evil, especially about Apple.

No, not damage control, I'm cutting through the FUD and hyperbole with truth. I've told you it isnt what it seems and is claimed to be by the FUD spreaders like a certain Senator. And it isn't! Check out the facts of what is REALLY GOING ON.

46 posted on 04/25/2011 12:40:17 AM PDT by Swordmaker (This tag line is a Microsoft product "insult" free zone.)
[ Post Reply | Private Reply | To 45 | View Replies]

To: Erik Latranyi

This is just an instance in Apple’s case where the goose is not good for the gander.


47 posted on 04/27/2011 11:46:34 AM PDT by Blue Highway
[ Post Reply | Private Reply | To 22 | View Replies]

Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.

Free Republic
Browse · Search
General/Chat
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson