[THS] iPhone Tracks Your Every Move, and There's a Map for That

Sun Apr 24 14:57:15 CEST 2011

iPhone Tracks Your Every Move, and There's a Map for That
By Brian X. Chen  April 20, 2011

http://www.wired.com/gadgetlab/2011/04/iphone-tracks/

Update 4 p.m. PT, Thursday: Wired.com has obtained a letter from Apple explaining
how and why iOS devices store geo data and transmit it to Apple.

Your iPhone or 3G-equipped iPad has been secretly recording your location for the
past 10 months.

Wired.com can confirm that fact: The screengrab above shows a map containing
drop pins of everywhere yours truly has been in the past year.

Software hackers Peter Warden and Alasdair Allen discovered an unencrypted file
inside Apple's iOS 4 software, storing a long list of locations accompanied with time
stamps. The file is labeled "consolidated.db."

"Ever since iOS 4 arrived, your device has been storing a long list of locations and
time stamps," Warden and Allen wrote. "We're not sure why Apple is gathering this
data, but it's clearly intentional, as the database is being restored across backups,
and even device migrations."

Warden is providing an open source program "iPhone Tracker" for iPhone and 3G
iPad customers to output their location file into an interactive map, like the one
above, so they can see for themselves. All you have to do is plug in your iDevice
through USB and run Warden's application. The software requires OS X 10.6 (Snow
Leopard).

The iPhoneTracker application features a sliding bar for users to see where they were
in specific times of the year.

Apple did not immediately respond to a request for a comment. Apple has not
previously disclosed that iPhones and iPads are constantly tracking and storing user
location.
The discovery is the latest in a series of alarming incidents that serve as cautionary
tales about privacy in the always-connected mobile era.

Recently, German politician and privacy advocate Malte Spitz sued his phone carrier
Deutsche Telekom to get every piece of information it had about him. The carrier
delivered to him a gigantic file containing 35,000 data points of his location for six
months. Later, a German publication plotted Spitz's data onto an interactive map.

This iPhone and iPad privacy leak is eerily similar, and creepier, considering that
Apple has sold over 100 million iPhones and 15 million iPads.

The location data stored inside "consolidated.db" cannot be accessed by Safari or
any apps, said Charlie Miller, a security researcher known for discovering
vulnerabilities in the iPhone. However, the data file is sensitive because a thief who
gains physical access to an iPhone or iPad could look at the file and see everywhere a
customer has been, or a hacker could remotely break in and read the file, Miller said.

It's not simple for a hacker to remotely access an iPhone to get to that file. But in the
past, Miller found an exploit that would allow a hacker to hijack an iPhone just by
sending a text message to it containing malicious code. Apple later patched that
exploit, but security researchers say there are plenty of vulnerabilities in the wild left
unaddressed.

Sharon Nissim, consumer privacy counsel of the Electronic Privacy Information
Center, said it is possible Apple is violating the Wireless Communications and Public
Safety Act, which allows telecom carriers to provide call information only in
emergency situations.

"By asking for permission to collect location data, Apple may be trying to get around
its legal obligations, by asking people to give up privacy rights they don't even know
they have," Nissim said.

She added that a potential privacy concern is that law enforcement would be able to
subpoena these types of records from people's iPhones or iPads.