Your iPhone is tracking you (and has been for a while)

Your iPhone is tracking you (and has been for a while)

Summary: Two researchers caused a stir yesterday when they published an article about a hidden file in iOS 4 that records the position of your device to a plain SQL file. But is it old news?

SHARE:

Two O'Reilly media researchers, Alasdair Allan and Pete Warden, caused quite a stir yesterday when they published an article about a hidden file in iOS 4 that regularly records the position of your device. All iPhones running iOS 4.0 or later log your location to a file called "consolidated.db" (a plain SQL file) which contains latitude-longitude coordinates and a timestamp.

This information was published in December 2010 and had been known even earlier -- but it largely flew under the radar.

In February 2011 Sean Morrissey and Alex Levinson previewed Lantern 2.0, which harvested data from consolidated.db, at the DoD Cyber Crimes Conference in Washington, DC:

Lantern 2.0 has been on the market for months now and performs the same functionality Mr. Warden’s utility does and much more. We correlate geolocational data embedded in images and third party application. We give you a geolocational timeline of events in list view showing much more than baseband logs within consolidated.db.

The problem is that Lantern is a commercial forensics application that sells for $600-$700 so it's out of reach of the average user. If you'd like to see the effects of consolidated.db in action, simply download Warden's open source, proof-of-concept OS X application iPhone Tracker and run it.

All iPhones appear to log your location to a file called "consolidated.db." This contains latitude-longitude coordinates along with a timestamp. The coordinates aren't always exact, but they are pretty detailed. There can be tens of thousands of data points in this file, and it appears the collection started with iOS 4, so there's typically around a year's worth of information at this point.

iPhone Tracker automatically finds the file in your last iPhone backup, and plots your location over time on a map. You can zoom in on specific areas on the map and even watch a time lapse animation of your phone's location on a "heat map." It even includes a dragable slider bar that lets you look at a specific moment in time. (Hint: you need to drag the little bar on the zoom meter, clicking + and - doesn't work)

A screenshot of my iPhone Tracker heat map is posted at the top of the story. Here's one of the duo's demo videos:

Washington DC to New York from Alasdair Allan on Vimeo.

It's amazing that this file is just sitting, unencrypted on your hard drive and available to anyone with access to your Mac (or its backups). What makes it even more nefarious is that this file stores almost a year's worth of data dating back to whenever you installed iOS 4, which was released on June 21, 2010. And the data file is almost impossible to delete and it persist across device upgrades and backups and restores.

So what to do?

A. Don't Panic.

there's no immediate harm that would seem to come from the availability of this data. Nor is there evidence to suggest this data is leaving your custody. But why this data is stored and how Apple intends to use it — or not — are important questions that need to be explored.

B. Protect yourself by encrypting your backups through iTunes (click on your device within iTunes and then check "Encrypt iPhone Backup" under the "Options" area).

Apple needs to respond to the concerns brought up by researchers about consolidated.db immediately. It should start by pushing out a maintenance release that, at minimum, encrypts and hides the file.

More on the topic:

Update: Andy Ihnatko reinforces my Don't Panic advice:

  • This database isn’t storing GPS data. It’s just making a rough location fix based on nearby cell towers. The database can’t reveal where you were…only that you were in a certain vicinity. Sometimes it’s miles and miles off. This implies that the logfile’s purpose is to track the performance of the phone and the network, and not the movements of the user.
  • A third party couldn’t get access to this file without physical access to your computer or your iPhone. Not unless you’ve jailbroken your iPhone and didn’t bother resetting its remote-access password…or there’s an unpatched exploit that would give Random Person On The Internet root access to your phone.
  • It’s pretty much a non-issue if you’ve clicked the “Encrypt iPhone Backup” option in iTunes. Even with physical access to your desktop, a no-goodnik wouldn’t be able to access the logfile.

Update 2: The forensic community has known about the consolidated.db file for a while now and has been using it. Alex Levinson notes that he's provided data from pre-iOS 4 iPhones to law-enforcement:

Through my work with various law enforcement agencies, we’ve used h-cells.plist on devices older than iOS 4 to harvest geolocational evidence from iOS devices.

Topics: iPhone, Apple, CXO, Mobile OS, Mobility, Operating Systems, Software

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

71 comments
Log in or register to join the discussion
  • My spies tell me...

    The file appears to be a cache of the GPS coordinates of cell towers that the iPhone (or iPad) hears. When a cell tower comes into range, the cache is checked to see if its location is known. If not, an online data base is queried, and the coordinates are added to the file.

    The cache is used to perform "assisted GPS," in which the cache speeds up knowing approximately where you are, and 'real' GPS is used only to fine tune the data.

    This makes location-dependent apps work a lot faster than they otherwise would.
    Robert Hahn
    • RE: Your iPhone is tracking you (and has been for a while)

      @Robert Hahn

      I wouldn't know if that theory was correct or not but it does sound plausible.
      kenosha77a
    • RE: Your iPhone is tracking you (and has been for a while)

      @Robert Hahn

      Interesting. I read (and we know how reliable on-line information is) that the data stored is an approximation of your location, based on the triangulation of cell sites, as opposed to the cell site location.

      What you're saying makes sense, since the data isn't being relayed to anyone else.
      msalzberg
    • Still, it got the attention of Washingon D.C.

      @Robert Hahn
      http://technolog.msnbc.msn.com/_news/2011/04/21/6508416-government-officials-want-answers-to-secret-iphone-tracking

      Until Apple answers, anything somebody says here is just speculation or a guess.
      Will Farrell
      • Lying greedy corporations out for evil!

        @Will Farrell When Apple answers, people will say that they're lying. Meanwhile, a data base table named CellLocations that contains the known locations of cell towers just might be what it says it is.
        Robert Hahn
    • RE: Your iPhone is tracking you (and has been for a while)

      @Robert Hahn
      This is something new?? Smartphones have been tracking pretty much since inception. So apps are built to enhance your experience and iPhone grabs significant market share and bam a stunning (not really) revelation. Even then who cares, use a credit card, atm, your car with OnStar, satellite radio, etc they all know where you are and track usage. I travel a lot and I get an email when I use my atm in a city that is a fair distance from where I was that morning or a day earlier. How did the bank know they track the data. A lot of fuss for what?
      wca54
  • Relax, Apple is NOT Google

    Like the article said: there's no "evidence to suggest this data is leaving your custody"

    Apple is not in the business of selling your personal data.
    iPad-awan
    • Right

      @iPad-awan Last time I checked they were implementing ad based services of their own and somebody has to pay for mobile me as well as hosting free apps.
      slickjim
      • RE: Your iPhone is tracking you (and has been for a while)

        @Peter Perry

        Last time I checked, MobilMe was not a free service. What does it have to do with this?
        msalzberg
    • RE: Your iPhone is tracking you (and has been for a while)

      @iPad-awan

      Even so, the fact that the user was not informed of this and given an option to disable it is wrong. If the iPad/iPhone wound up in the wrong hands it could be a disaster.
      Michael Kelly
    • RE: Your iPhone is tracking you (and has been for a while)

      @iPad-awan LOL. You serious?

      If you actually believe that, then Steve Jobs must have you brainwashed.
      Droid101
    • RE: Your iPhone is tracking you (and has been for a while)

      @iPad-awan , you are surely aware that "no evidence" doesn't mean it isn't happening...

      Besides, Apple may not sell your data today, but nothing stops them from selling it tomorrow. And now that everyone knows this data is there, expect malware (which some may regard to be legitimate apps) to take advantage of it immediately.
      rgcustomer@...
      • RE: Your iPhone is tracking you (and has been for a while)

        @rgcustomer
        Since the file is local to the device, and Apple does not have access to it. how, exactly, are you claiming they will do that?
        DeusXMachina
    • But Google (not Apple) is the one with the logo: Do no harm

      @iPad-awan: But Google (not Apple) is the one with the logo: Do no harm.
      Roque Mocan
      • RE: Your iPhone is tracking you (and has been for a while)

        @Roque Mocan Any company founded by a guy that totally screwed over the friend and coincidently brains behind the technology that started the company is never going to adopt a "Do no harm" mantra.
        ITSamurai
      • RE: Your iPhone is tracking you (and has been for a while)

        @ITSamurai<br><br>Apple was founded by BOTH of them. Equally. Steve Jobs was kicked out of Apple, so there is no continuous timeline here.
        DeusXMachina
    • RE: Your iPhone is tracking you (and has been for a while)

      @iPad-awan
      By that logic, it's okay for the goverment to be tracking us.
      ZackCDLVI
  • RE: Your iPhone is tracking you (and has been for a while)

    I guess they need more articles in how bad the iPhone is? Maybe because there are other phones that can?t match the iPhone in sales? If the phone was literally phoning home it would be one thing, but nothing suggests that it is.
    Rick_K
    • RE: Your iPhone is tracking you (and has been for a while)

      @Rick_K

      Are you actually saying you find this acceptable?
      Michael Kelly
      • RE: Your iPhone is tracking you (and has been for a while)

        @Michael Kelly

        What is unacceptable about it?
        DeusXMachina