Researchers have discovered that Apple’s newest operating system, iOS4, is literally spying on iPhone and iPad 3G and iPad 2 3G users’ movements, using geolocation to create a file that records every place that the user carrying the device passes through. At least as bad, the file, called “consolidated.db”, not only is on your iPhone or iPad, but is unencrypted, meaning that anybody who can access the file can read your every move.
But here’s the biggest gotcha: You agreed to it.
That’s right, it’s right there in the iPhone’s terms of service:
“Apple and our partners and licensees may collect, use, and share precise location data, including the real-time geographic location of your Apple computer or device. This location data is collected anonymously in a form that does not personally identify you and is used by Apple and our partners and licensees to provide and improve location-based products and services. For example, we may share geographic location with application providers when you opt in to their location services.”
And Android users (who it turns out have their own similar file, which contains not only locations, but the last 200 wifi access points detected [not used or accessed – detected!] agreed to very similar language in Google’s TOS, including that they “allow Google’s location service to collect anonymous data. Collection will occur even when no applications are running.”
That said, so far it seems that the data is not being sent anywhere (not even to Apple), and the only way that someone can get at the data is to take it from the synched consolidated.db file on your computer, from when it is synched through iTunes. The file on your iPhone or iPad is hidden.
To protect against someone accessing the consolidated.db on your computer, go into iTunes, and under “Options” make sure that “encrypt backup” is turned on.
The discovery of the file with the location data was made by Pete Warden and Alasdair Allan, both, among other gigs, with O’Reilly. Warden and Allan discovered the file while looking at various ways that people create visualizations of various data on their mobile phones. Because certain information isn’t accessible under iOS, explains Allan, he started looking at the iPhone backup files that are resident on the Mac with which it is synced, and he found a directory called ‘location.d’. And, says Allan, “I thought ‘That looks interesting’.”
|Get notified of new Internet Patrol articles for free!
|Or Read Internet Patrol Articles Right in Your Inbox!
as Soon as They are Published! Only $1 a Month!
Imagine being able to read full articles right in your email, or on your phone, without ever having to click through to the website unless you want to! Just $1 a month and you can cancel at any time!
In that location.d directory he found the file “consolidated.db” which was, he says, “filled with latitudes and longitudes and timestamps, and cell IDs.”
|No Paywall Here! The Internet Patrol is and always has been free. We don't hide our articles behind a paywall, or restrict the number of articles you can read in a month if you don't give us money. That said, it does cost us money to run the site, so if something you read here was helpful or useful, won't you consider donating something to help keep the Internet Patrol free?|
Allan says that he thought it was probably a cache, with a day or two worth of data but, when he plotted it out, it turned out to contain the location information collected since the moment he had upgraded his device to iOS4.
On the tail of this, it was Magnus Eriksson, a programmer from Sweden, who discovered that Android phones keep a similar log of locations visited by users, however the locations recorded and stored are finite – limited to the last fifty cell towers, as well as, as mentioned above, the 200 most recent wifi networks picked up by the device. Once the limit is reached, older data is overwritten. By contrast, the Apple files seem to be created the moment that iOS4 is loaded and started, and never overwritten – they just keep adding new data to the old, storing it all.
It is unknown at this time whether Android phones are sending that information back to Google. It is known that, at least as of now, the location data stored by iPhones and iPads is not being sent to Apple.
On the other hand, the Android file is more difficult to get to than is the Apple file. In fact, Warden has written a small Mac application which will read the file from your hard drive, and plot out the location information on a map for you. Here is the location information that was being collected on Anne’s iPad 2 3G, plotted out on a map:
You can download this application here.
As of this writing, there is no way to delete consolidated.db from your device unless you want to jailbreak it. For jailbroken devices, there is an app in Cydia called Untrackerd which is said to do the trick. For those of you for whom the very term “jailbreak” gives you the heebie jeebies, read our article that includes information about how very easy it actually is to jailbreak an iPhone, iPod or iPad, and what it actually means.
No Paywall Here!
The Internet Patrol is and always has been free. We don't hide our articles behind a paywall, or restrict the number of articles you can read in a month if you don't give us money. That said, it does cost us money to run the site, so if something you read here was helpful or useful, won't you consider donating something to help keep the Internet Patrol free? Thank you!
|Get notified of new Internet Patrol articles!