Guardian article: iPhone keeps record of everywhere you go

Status
Not open for further replies.
W

Wes

venison crêpe
Security researchers have discovered that Apple's iPhone keeps track of where you go – and saves every detail of it to a secret file on the device which is then copied to the owner's computer when the two are synchronised.

The file contains the latitude and longitude of the phone's recorded coordinates along with a timestamp, meaning that anyone who stole the phone or the computer could discover details about the owner's movements using a simple program.

For some phones, there could be almost a year's worth of data stored, as the recording of data seems to have started with Apple's iOS 4 update to the phone's operating system, released in June 2010.

"Apple has made it possible for almost anybody – a jealous spouse, a private detective – with access to your phone or computer to get detailed information about where you've been," said Pete Warden, one of the researchers.

Only the iPhone records the user's location in this way, say Warden and Alasdair Allan, the data scientists who discovered the file and are presenting their findings at the Where 2.0 conference in San Francisco on Wednesday. "Alasdair has looked for similar tracking code in [Google's] Android phones and couldn't find any," said Warden. "We haven't come across any instances of other phone manufacturers doing this."

Simon Davies, director of the pressure group Privacy International, said: "This is a worrying discovery. Location is one of the most sensitive elements in anyone's life – just think where people go in the evening. The existence of that data creates a real threat to privacy. The absence of notice to users or any control option can only stem from an ignorance about privacy at the design stage."

Warden and Allan point out that the file is moved onto new devices when an old one is replaced: "Apple might have new features in mind that require a history of your location, but that's our specualtion. The fact that [the file] is transferred across [to a new iPhone or iPad] when you migrate is evidence that the data-gathering isn't accidental." But they said it does not seem to be transmitted to Apple itself.

Although mobile networks already record phones' locations, it is only available to the police and other recognised organisations following a court order under the Regulation of Investigatory Power Act. Standard phones do not record location data.

iphone-data-map-007.jpg

- Map shows location data collected from an iPhone that had been used in the southwest of England

MPs in 2009 criticised the search engine giant Google for its "Latitude" system, which allowed people to enable their mobile to give out details of their location to trusted contacts. At the time MPs said that Latitude "could substantially endanger user privacy", but Google pointed out that users had to specifically choose to make their data available.

The iPhone system, by contrast, appears to record the data whether or not the user agrees. Apple declined to comment on why the file is created or whether it can be disabled.

Warden and Allan have set up a web page which answers questions about the file, and created a simple downloadable application to let Apple users check for themselves what location data the phone is retaining. The Guardian has confirmed that 3G-enabled devices including the iPad also retain the data and copy it to the owner's computer.

If someone were to steal an iPhone and "jailbreak" it, giving them direct access to the files it contains, they could extract the location database directly. Alternatively, anyone with direct access to a user's computer could run the application and see a visualisation of their movements. Encrypting data on the computer is one way to protect against it, though that still leaves the file on the phone.

Graham Cluley, senior technology consultant at the security company Sophos, said: "If the data isn't required for anything, then it shouldn't store the location. And it doesn't need to keep an archive on your machine of where you've been." He suggested that Apple might be hoping that it would yield data for future mobile advertising targeted by location, although he added: "I tend to subscribe to cockup rather than conspiracy on things like this – I don't think Apple is really trying to monitor where users are."

iphone-data-001.jpg

- The data inside the file containing the location and time information. This is used to plot the map above

The location file came to light when Warden and Allan were looking for a source of mobile data. "We'd been discussing doing a visualisation of mobile data, and while Alasdair was researching into what was available, he discovered this file. At first we weren't sure how much data was there, but after we dug further and visualised the extracted data, it became clear that there was a scary amount of detail on our movements," Warden said.

The pair of data scientists have collaborated on a number of data visualisations, including a map of radiation levels in Japan for The Guardian. They are developing a Data Science Toolkit for dealing with location data.

Davies said that the discovery of the file indicated that Apple had failed to take users' privacy seriously.
Click to expand...

Reporter: Charles Arthur. Story link here.
 
I find this concerning as it's so easy to access the data. at least it's not being sent back to Apple but, jeesh, it's a security lapse to leave this data on your synced computer and have it so easy to read.

that said, I'm curious to download the Mac app tonight and view the map data.
 
Well it is accurate. Here's me:
V7C3d.png


Even when I took that train trip from Beijing to Hong Kong (but it somehow didn't triangulate my information in that big gap, and I'm positive my phone was on and on 3G during that time):
KiEwm.png
 
It's real. I checked the data on my laptop and while it was mostly accurate, it had a number of locations pegged in a province that I've never visited. I guess it's possible that my phone has been sneaking out while I sleep.
 
Apple can legitimately claim that it has permission to collect the data: near the end of the 15,200-word terms and conditions for its iTunes program, used to synchronise with iPhones, iPods and iPads, is an 86-word paragraph about "location-based services".

It says that "Apple and our partners and licensees may collect, use, and share precise location data, including the real-time geographic location of your Apple computer or device. This location data is collected anonymously in a form that does not personally identify you and is used by Apple and our partners and licensees to provide and improve location-based products and services. For example, we may share geographic location with application providers when you opt in to their location services."
Click to expand...
.
 
OriginalThinking said:
I first caught mention of it on Engadget. Sometimes they post rumours which within a few hours get updated to say 'move along, nothing to see'
Click to expand...

yeah that's annoying but Engadget are pretty good and they normally link to a source.

The Guardian are a reputable newspaper so you can pretty much trust what they post is real

I edited my original post to include a link to the site mentioned in the article that has the software.
 
D4Danger said:
yeah that's annoying but Engadget are pretty good and they normally link to a source.

The Guardian are a reputable newspaper so you can pretty much trust what they post is real

I edited my original post to include a link to the site mentioned in the article that has the software.
Click to expand...

Oh don't worry I trust the Guardian. They are my favourite newspaper :-)
 
krypt0nian said:
.
Click to expand...
And what is your point exactly, aside from being a rote Apple apologist?

Nobody is trying to sue here, just being made aware of something that isn't explicitly noted and might be seen as an invasion of privacy.

Or are you claiming superiority as though you read the entire Apple TOS on your phone and so you aren't surprised by this?
 
krypt0nian said:
.
Click to expand...
Just because they can legally claim the right to do this doesn't mean people have to like it and continue to use their products. (not saying you're implying this, just pointing it out)
 
Click-bait. It's simply the phones location stuff that can be easily turned off under settings. There's nothing nefarious or secret about it.
 
The information is stored on the phone, not transmitted to Apple, at least apparently not.

The application looks at your backups in iTunes I think. It doesn't have location info from my old iPhone and I think I've deleted my old backup for that (though wouldn't the data have transferred when I loaded up my new iPhone from backup)?
 
Leona Lewis said:
I'm pretty sure you can disable this in "Location Settings."
Click to expand...
edgefusion said:
Click-bait. It's simply the phones location stuff that can be easily turned off under settings. There's nothing nefarious or secret about it.
Click to expand...
You can't turn off the logging in Location Services. You can only turn off Location Services altogether or turn it off per-app. So if you ever want to use your phone's GPS feature, you're also getting this stuff logged.

For the record, I'm okay with versions of this that don't attach it to a particular user (as stated in the User Agreement) - I understand that it helps carriers to be able to figure out where their clients go, and as long as my identity isn't attached to the data, I don't consider that a violation of my privacy.

Actually logging that data on my phone, and then copying it to my computer, though, IS attaching that data to my identity, and not only does it make that data accessible to other people if they get their hands on my phone or computer, it also creeps me the fuck out. Logging it like that is a violation of my privacy.
 
badcrumble said:
Actually logging that data on my phone, and then copying it to my computer, though, IS attaching that data to my identity, and not only does it make that data accessible to other people if they get their hands on my phone or computer, it also creeps me the fuck out. Logging it like that is a violation of my privacy.
Click to expand...
In the mean time, if you are scared about the implications, the first thing you should do is load up iTunes, navigate to your device's screen, and tick the "encrypt backups" option. This will at least prevent anyone from reading the location log from your iTunes backup folder without your password, so you'll be protected if (say) someone steals your computer.
Click to expand...
.
 
^ bingo for badcrumble's post

first, I don't think it should be logged. and, second, I don't think it should be logged in a user readable file and transferred to my PC.

Unless there is software that users knowingly install and use on their phones to take advantage of this stuff, the data should be purged after use.
 
nVidiot_Whore said:
I immagine this has to do with the "Find my phone" feature or whatever the hell they call it.

*yawn*
Click to expand...
That'd be fine if it'd only actually log the most recent location instead of keeping all of them.
 
indefensible, apple. someone should e-mail steve jobs about this one!

won't stop me from buying iphones though. :P
 
Well this sucks and I don't like it at all. Hopefully the article bringing it to light will force a change, but only if enough people get up in arms about it.

Edit: I'm a little surprised it took so long for someone to find this.
 
badcrumble said:
That'd be fine if it'd only actually log the most recent location instead of keeping all of them.
Click to expand...

Considering how inaccurate it is according to the data people are presenting.. what if the "last location" logged was one of these erroneous GPS hits?

A year is excessive.. and Apple will most likely change this, or make it optional... but I immagine the purpose of this has to do with things like find my phone. And logging JUST the "last location" wouldn't make that feature very accurate.

Or Apple is gathering it for analysis for marketing reasons.. which is really the only reason any company ever wants any of your personal information.
 
Apple has a earnings call today. It's a semi-press conference; maybe they'll be asked about this. Only investment analysts will ask questions though, so they're always focused on things like gross margins and stuff, though they occasionally slip in things like questions about Flash.
For some phones, there could be almost a year's worth of data stored, as the recording of data seems to have started with Apple's iOS 4 update to the phone's operating system, released in June 2010.
Click to expand...

OH, they've only started recording since iOS 4. That's interesting. I was wondering why it didn't have my 3G data.

Now that I know it's only iOS 4, I think that gap in the map below might be when I was sleeping. So maybe the phone is not recording information when it is on, but you're not using it?
KiEwm.png
 
part of me thinks it would be cool data to see, the rest of me would be super creeped out (have a droid)

Also, afaik this was being done using tower triangulation, which works regardless of the location setting.
 
nVidiot_Whore said:
Considering how inaccurate it is according to the data people are presenting.. what if the "last location" logged was one of these erroneous GPS hits?

A year is excessive.. and Apple will most likely change this, or make it optional... but I immagine the purpose of this has to do with things like find my phone. And logging JUST the "last location" wouldn't make that feature very accurate.

Or Apple is gathering it for analysis for marketing reasons.. which is really the only reason any company ever wants any of your personal information.
Click to expand...


Or they provide it to telcos so that they can update their shitty tower locations for those that are more in tune to where iPhone users actually travel.

Or it could be part of a travel service that Apple is rumored to be developing.

Or it could just be a debug cache of crap that has no real nefarious purpose whatsoever.
 
my iphone needs to get out to the east coast more.

looking at the map zoomed in it looks more like cell towers you have connected to than GPS coordinates.
 
Status
Not open for further replies.

Similar threads

Alexander Ovechkin Breaks Wayne Gretzky's All-Time Record For Most Goals In NHL History
25
769
StreetsofBeige replied
I never understood why you can't go faster than light - until now
36
2K
Power Pro replied
Grummz drama after journalists discover his porn folder for article research
Drama Cringe  2 3
109
7K
Dr.Morris79 replied
People with outdoor TVs - are you able to keep them functioning?
5
771
ClanOfNone replied
Apple delays Siri AI to iPhone 17 (after advertising it for 16 Pro), gets sued
16
1K
Haint replied
Top Bottom