iOS is watching you ... always watching!
Remember when the iPhone had that antenna bug? Well, it turns out that it now it is a bug, a bug that silently tracks your movements.
Yesterday a story broke that iOS devices are secretly logging your locations multiple times a day and storing this information is an unencrypted file that's stored on your iDevice, and also copied to your PC/Mac when you sync with iTunes. But just how much of a big deal is this?
First, a quick recap. This data logging issue came to the attention of the blogosphere yesterday after two O’Reilly researchers, Alasdair Allan and Pete Warden, published an article about location data being logged on iOS devices in an SQL file called consolidated.db. It turns out that iOS4 devices has been silently logging latitude and longitude information along with a timestamp ever since it was released back in June 2010, creating tens of thousands of data points over that time.
While it was Allan and Warden who were responsible for this matter getting the attention that it is now getting, the forensic community have known about, and have been actively making use of this information. The excellent book, iOS Forensic Analysis by Sean Morrissey and Alex Levinson and published in 2010 covers this along with many other ways of extracting information from iOS devices.
Note: Read this book (like I've done during the past few hours) and you'll never look at your iOS device the same way again!
Who else knows about this? Well, it seems that law enforcement do, and that some departments are routinely grabbing data from motorists stopped for minor traffic violations.
OK, so what do we know. This data logging started when iOS 4 was released in June 2010, although according to Morrissey and Levinson iOS devices were logging similar information prior to this release. There's no way to prevent the iPhone from logging this information (although owners of jailbroken handsets can download a tool that will wipe the data off the handset) as it is not dependant on whether Location Services are switch on on not. Location data stored in the file is gathers from cell tower positions and NOT from the GPS data. The data is pretty accurate overall, but there are situations where it can be off by over 50 miles.
Interestingly, consolidated.db also logs the estimate positions of all WiFi hotspots your phone sees, although it seems that this data is, for some reason, prone to wild inaccuracies.
The file is very persistent. It is copied to the iTunes iOS backup during every sync, and even if you replace your iOS device, the old file is copied over to the new device. The data is unencrypted both on the handset and in the iTunes backup (unless you choose to encrypt your iTunes backup, in which case the backup copy is encrypted) and stored in an SQLlite database.
There's a lot of data collected. The average seems to be around 40 per day, but I've seen instances where the logging can jump into high gear and the iOS device can be logging at over ten times this rate. It seems that the more you move about, the more the handset logging. It's hard to get a better fix on what actually triggers the handset to log a new position - it's certainly not triggered by a timer or changing cells or anything along those lines.
Grabbing the data from unencrypted iTunes backups is trivial whether you're on Mac OS X or Windows. It takes just seconds to do and leave no trace. Data from these apps has been deliberately 'fuzzed' for privacy, but I've been able to successfully remove the fuzzing from the Windows application.
Those of you who choose to encrypt your iTunes backups might be feeling a little smug, thinking you're safe. Think again. There are tools that will chew away at the problem of figuring out the iTunes backup password.
Failing access to an unencrypted iTunes backup (or a backup of a system that has a unencrypted iTunes backup, it is possible to grab the file directly off of a handset, but it will need jailbreaking (not all that difficult to do).
Feeling smug because you use Android? Hmmmm, maybe you shouldn't as there's now a tool available that parses the files from the Android location provider too.
Why is Apple doing this? Well, all wild theories aside, I tend to agree with F-Secure's Mikko Hypponen as to the purpose of this file:
Where did Apple get their location database? They used to license it from a company called Skyhook. How did Skyhook obtain this information? Well, they had their own cars drive around the world, just like Google.
However, the Skyhook database is expensive. So beginning with iPhone OS 3.2 released in April 2010, Apple started replacing the Skyhook location database with their own location database.
And the real question is: How did Apple create their own location database? They did not have cars driving around the world. They didn't need to. They had existing iPhone owners around the world do the work for them.
If you run a modern iPhone, it will send your location history to Apple twice a day. This is the default operation of the device.
Here's what I think Apple should do:
- Come clean about what's going on here - why is this data being stored in the fist place?
- Encrypt the data - this shouldn't really need saying ...
- Offer the user a way to delete the data, or even prevent it being logged in the first place!
What can you do in the interim?
- Don't panic!
- If you're not already encrypting your iTunes backups, start doing so!
- If you're really worried about this, jailbreak your handset and wipe the log.
Thoughts? Questions?