Researchers announced on Wednesday that they found what look like secret files on the iPhone that track user location and store it on the device, without the permission of the device owner.
It is unclear what the data is used for and why Apple has been collecting it in iOS products that carry a 3G antenna for nearly a year now.
Alasdair Allan, senior research fellow in astronomy at the University of Exeter, and writer Pete Warden, who discovered the log file and created a tool that lets users see a visualisation of that data, say there's no evidence of that information being sent to Apple or anybody else. Even so, the pair note that the data is unencrypted, giving anyone with access to your phone or computer where backups may be stored a way to grab the data and extrapolate a person's whereabouts and routines.
To help users understand more about the data that's being collected, what the risks are, and what they can do about it, ZDNet UK's sister site CNET News has put together this FAQ:
Who are the researchers and how did they find this?
Warden, who used to work at Apple (though not on the iPhone), and Allan had been collaborating on some location data visualisation projects, including a visualisation of radiation levels over time in Japan after the earthquake, when Allan discovered the file on an iPhone. "After we dug further and visualised the extracted data, it became clear that there was a scary amount of detail on our movements," they wrote in a blog post.
The data is unencrypted, giving anyone with access to your phone or computer where backups may be stored a way to grab the data and extrapolate a person's whereabouts.
When did this start and what devices are tracking this data?
According to Allan and Warden, the tracking did not begin until iOS 4, which was released in late June 2010. This was the first version of iOS to drop support for devices like the original iPhone, with devices like the iPhone 3G and second-generation iPod Touch getting a more limited feature set. Along with iPhones, 3G-enabled iPads are also keeping track of the data, though it's unclear if this is true for people who have 3G devices without active cellular subscriptions.
The tracking data itself was actually discovered in 2010. A tool by French programmer Paul Courbis, similar to the one released by Allan and Warden, is able to plot up to 10,000 of these data points from the database file to a Google Map. The issue was known in forensics circles but not widely, Allan and Warden said in a news conference on Wednesday at the Where 2.0 conference in Santa Clara, California. An application they released that allows people to see what data is on individual devices makes the abstract tracking concept more real.
Researchers announced on Wednesday that they found what look like secret files on the iPhone that track user location. Screenshot: Josh Lowensohn/CNET News
Did they contact Apple on their findings?
The researchers said they had contacted Apple's Product Security team, but hadn't heard back.
Where is this data being stored?
The database of location information is stored primarily on your phone, though due to the iOS device backup system in iTunes, these files can also end up on your computer. When iTunes saves these backups, which are set by default to be stored every time you sync an iOS device, the data file goes along with it.
What's curious is that this log can extend across multiple devices as long as those devices use the same restore point. Allan and Warden noted that the database used as part of the project spanned an iPhone 3GS and an iPhone 4, the latter of which had used a restore point.
The researchers have more technical details and the downloadable application to see a visualisation of the data collected from your phone over time in this FAQ. The application does not work with iPhones on US network Verizon, the researchers said.
What's inside this data?
A database of cell tower co-ordinates and time stamps to indicate when your device was connecting with them. This includes which operator you're on and the country code. The research also found that Apple was tracking data about what Wi-Fi networks you were connecting to, which also included slightly less accurate location information, but continued to track that data by time.
The researchers' visualisation app (above) shows large blue dots for frequent activity and smaller red or orange-coloured dots for less frequent activity. However, it's unclear exactly what is triggering the logging, they said.
Is there an easier way to see that information than a giant database form?
Yes, Allan and Warden created an open-source software program that is able to go through the data from the database file and turn it into a visualisation of what towers your device connected to based on the dates and times. The pair say...
Talkback
This post has been removed by a moderator.
Is this information, or for that matter any mbile phone information recorded by mobile phone companies via triangulation or GPS available to individuals under the Data Protection Act - Subject Access Request?
If so when I loose my Smartphone - surely I can submit a SAR to request the data for its last known location for no more than £10
Actually, it seems that Allen and Warden did NOT discover this.
They drew public attention to it, but it's been known for a long time.
http://alexlevinson.wordpress.com/2011/04/21/3-major-issues-with-the-latest-iphone-tracking-discovery
Levinson says this data cache isn't new in IOS4, it just moved, and reckons it isn't particularly sinister, either.
This post has been removed by a moderator.
There is a simple way to subvert any tracking of an IPhone. I don't own one. Perhaps I would if companies would simply provide a service and quit trying to follow my every move. First of all it doesn't do any good because I simply trash, shred, add to my junk mail, or delete any advertisement sent to me that I didn't request. I am bombarded enough on the radio and TV.
Great article! Apple may not be intentionally "tracking" users, but given there careless handling of the geodata they may as well be. The most precise iPhone maps yet shed new light on this issue. https://www.msu.edu/~kg/iphone.htm
Unfortunately Apple has chosen to keep everything about the iPhone proprietary, so it's difficult to tell what they are really up to. And even though Google's phones are based on open source Linux, it still adds proprietary applications that can be doing secret things as well. For now since we don't really have a true open source phone, we have no way to know exactly what it is gathering. The workaround? You can minimize your vulnerability by using an older style non smart phone. But for many, this is impractical.