Hey, wonderful: there’s a location-tracking file on my iPhone.

What sort of data does your phone log to a file…and why?

That’s the most annoying mystery of these superphones that we carry everywhere. It’s a master key to pretty much everything we’ve got going on in our lives: where we’ve been, the people with whom we associate, what we say, and all of the things we’ve seen that we considered worth snapshotting. The phone maker should be both completely open about the data the device collects and should act as though disastrous things would happen if that data were ever to fall into the wrong hands. Because they would. The worst-case scenario of a lost or stolen or otherwise compromised phone is pretty goddamned bad.

So imagine my disappointment when I visited this page (thoughtfully forwarded to me by Dave Bittner). Developers Alasdair Allan and Pete Warden, while working on some mobile data-visualization tools, poked around inside their iPhones and found an SQL database containing a detailed log of the phone’s locations over the past several months. To demonstrate the problem, they wrote a little app that will pull up this file from your desktop iPhone backup, analyze it, and “replay” your movements over time on a map.

Yeah, it works. The app was written just as an illustration, so it intentionally fudges the accuracy. But if I fast-forward to last summer, I reveal a very rough track of the day I decided to blow off work and go to the Cape for an afternoon of swimming and fried clams. Here’s a video demo of the map, provided by the developers:

Washington DC to New York from Alasdair Allan on Vimeo.

A few reality checks, lest I inadvertently do a Glenn Beck number on all of you, here:

  • This database isn’t storing GPS data. It’s just making a rough location fix based on nearby cell towers. The database can’t reveal where you were…only that you were in a certain vicinity. Sometimes it’s miles and miles off. This implies that the logfile’s purpose is to track the performance of the phone and the network, and not the movements of the user.
  • A third party couldn’t get access to this file without physical access to your computer or your iPhone. Not unless you’ve jailbroken your iPhone and didn’t bother resetting its remote-access password…or there’s an unpatched exploit that would give Random Person On The Internet root access to your phone.
  • It’s pretty much a non-issue if you’ve clicked the “Encrypt iPhone Backup” option in iTunes. Even with physical access to your desktop, a no-goodnik wouldn’t be able to access the logfile.

But still! What a nervous can of worms. This is an open, unlocked file in a known location in a standard database format that anybody can read. If someone has physical access to your Mac — or remote access to your user account — it’s a simple matter of copying a file and opening it. And while the logfile can’t tell someone that you were at a specific house, it can obviously tell your boss that you went to the Cape on the day you called in sick.

And it’s not as though Apple and these two developers are the only people who know that this file exists and that it’s so easy to access. By the time the Good Guys blow the whistle, the Bad Guys have had it for months. Lord only knows what they’ve been doing with this information.

It’s also, frankly, another reason why I value my iPhone’s “remote nuke” feature and wish it were possible to nuke all data directly from the handset. I can’t think of any circumstance under which my location data would possibly be damaging, incriminating, or even just embarrassing. That’s not the point: if I can’t control the data that my phone is collecting, I should at least have the power to destroy it utterly.

[Edited to clarify: what I want is a real “overwrite with zeros” feature, like the one you see in Disk Utility. Yup, you can go to Preferences and restore your iPhone to factory settings but I believe that this leaves your data vulnerable to recovery. I imagine a made-for-TV kind of scene in which the Angry Lawyer Bringing A Frivolous Lawsuit Against Me is fumbling for his phone, trying to get a court order to mine data off of my iPhone but before the paperwork comes through, I’ve already tapped nineteen buttons and there’s nothing on that phone that can be recovered.]

Finally, there’s “The ‘Ick’ Factor.” I don’t believe that Apple is up to anything nefarious here (again, I think it’s tracking the performance of the phone and not the movements of the user) but it makes the iPhone look very, very bad. That’s not to say that other phones don’t do even ickier things with user data…but this one’s big and public and easy to demonstrate on a nightly newscast.

Apple should treat this like a serious problem. I’ll be very, very pleased if I or anybody else can get a statement from them explaining what this file is for, and how the next iOS update will secure it.

124 thoughts on “Hey, wonderful: there’s a location-tracking file on my iPhone.

  1. Pingback: Your iPhone is tracking you (and has been for a while) – JailBake

  2. Pingback: Andy Ihnatko calms your fears about iPhone location collecting – Gadgetron - Tuscaloosa News - Tuscaloosa, AL - Archive

  3. Steko

    One thing that’s not reported widely is that in 3.0 this file was frequently cleared because the data was collected every week or so.

    In 4.0 it appears they stopped collecting either they didn’t want or need the data anymore or it’s a bug/broken code. But the log file keeps right on logging, somewhat embarrassingly.

  4. Pingback: It’s a bug not a feature « A Man With A Ph.D.

  5. Pingback: Apple and the Latest Security Scare: Location Tracking Stored | Build Your Business on a Solid Infrastructure

  6. Pingback: Sen. Franken Quizzes Steve Jobs On iPhone Tracking | mobile-phones.co.za

  7. Pingback: Sen. Franken Quizzes Steve Jobs on iPhone Tracking

  8. Privacy Advocate

    God, if there is one thing I hate it’s corporate apologists. Even more I hate inaccuracies in corporate propaganda. Please remove this from your sycophantic blog post:

    It’s pretty much a non-issue if you’ve clicked the “Encrypt iPhone Backup” option in iTunes

    It’s a lie.

    Other readers should please take note of this article:

    http://abcnews.go.com/Technology/michigan-police-cellphone-data-extraction-devices-aclu-objects/story?id=13428178

    The large story, and great tragedy of our time, is that our institutions cannot keep up with rapidly changing technology.

    If there was anything left other then an empty shell of the enlightenment values our society was based on, Steve Jobs would be strung up next to the top cop in Michigan…

  9. Pingback: Ugh! My iPhone is spying on me … « slappHappe

  10. Aaron

    @ GadgetGav – Yes, I would guess that someone would most likely go the route of least resistance for learning about your personal details; however, the data still might be used to exploit more time-based information about you (when you leave for work, how long it takes you to get from home to work, etc), which could potentially be information they use to better target you for other crimes.

    Since many folks who do jailbreak their iDevices don’t go through the common steps to reset the root password, etc, they could become the victims of drive-by data theft.

    If it was discovered that a WP7, Blackberry, or Android device was doing this, I think there would be a lot more noise about it. Regardless, any information that I is being given up or stored on my behalf without my express consent or knowledge I would deem a violation of my trust.

  11. Pingback: Michael Tsai - Blog - consolidated.db

  12. Pingback: Un bug all'origine della registrazione dei dati di localizzazione dell'utente, ma non sono dati GPS | Nonsolomac

  13. Dann Berg

    Yeah, this is more of a security issue rather than the severe privacy issue that everyone seems to be making it out to be. Encrypt the file, and go about your business. If Apple (or anyone) was farming this information, that would be another issue…

  14. Pingback: Sen. Franken Quizzes Steve Jobs On iPhone Tracking | NexGen SEM

  15. Pingback: Your iPhone is tracking you (and has been for a while) | Apple Online

  16. Anthony

    The local wipe function could be done by setting a password and entering it incorrectly 10 times. That will throw away the encryption key for the ssd drive.

  17. Pingback: Sen. Franken Quizzes Steve Jobs On iPhone Tracking | Stu Haugen

  18. Pingback: "Locationgate:" Invasion of Privacy or Epic FAIL? | iPhone Tweaks

  19. Pingback: Your iPhone is tracking you (and has been for a while)Garmin GPS Reviews – Garmin Nuvi 255W GPS | Garmin GPS Reviews - Garmin Nuvi 255W GPS

  20. Pingback: my iphone stalks me, and i like it : Lou Lesko

  21. GadgetGav

    @ Aaron “If it was discovered that a WP7, Blackberry, or Android device was doing this, I think there would be a lot more noise about it.”

    You’re kidding, right? *More* noise than this story has got over the last few days? I don’t think so. And if a WP7 phone was doing it, who’d notice?

    I don’t see how a data leak on a jailbroken phone with the default root password is Apple’s problem either…

    As someone who was a victim of a home invasion (2 people in our house at 3am while we were home), I don’t see why a thief would go to these lengths to get “time-based information” that they could get much more easily (without access to your phone or computer) just by parking outside your house. Even then, most crimes of that nature are opportunistic, not planned in great detail. Most of us don’t live in a spy movie.

    As for express consent and knowledge, we all clicked ‘Agree’ on the Terms & Conditions. Who can say they read and understood every line in that document? I’d bet we have all agreed to what ever data is being collected and stored, we were just too lazy to read what we were signing.

  22. Pingback: Hamm On Wry » Blog Archive » You asked who?

  23. Pingback: "Locationgate:" Invasion of Privacy or Epic FAIL? | iPhone Jail Break Instructions and Links

  24. Pingback: Despite that, your honour, I wasn’t ACTUALLY there @ The Paepae

  25. Pingback: Cassandra – Friday Review: The Weekend Arrives

  26. Pingback: Is your smartphone really tracking you? | Vehicle Tracking Device Site

  27. Pingback: "Locationgate:" Invasion of Privacy or Epic FAIL? | The iPhone Index

  28. Pingback: 404 Not Found

  29. Pingback: Sen. Franken Quizzes Steve Jobs On iPhone Tracking | CashKlick

  30. Don

    Interesting that my iPad, which is 9 months old and uses ATT has this data file and it shows a map of the cell phone towers I use, not where I actually have been. There are versions of the tracker script out there the do not obscure the data and you can tell beyond any doubt that the map shows tower locations.

    Interestingly my month old Verizon iPhone does not have this file. Or at least i can not find it in the same backup file location as the iPad backup file. Does the bug not exist on Verizon iPhones?

  31. Jim

    Andy, you mention you would like a nuke function and that you want it to be to rewrite all data. What happens when I enter my access code wrong 10 times. I thought that was the same thing. I am wrong?

  32. Pingback: iPhone keeps record of everywhere you go - Page 3

  33. Jonathan

    One big misconception is that this would be a log of where you’ve been. Superficially true, but it is in fact a cache of cell towers and WiFi networks, that can be used to geolocate you. Any one point in the database is not you; it’s a network. It’s typically updated with tens of nearby cells or hundreds of WiFi networks at once. That allows an iDevice to geolocate itself without waiting for GPS or an internet connection (guess where the spread in the data comes from). Even if it doesn’t have any of that like an iPod touch, as long as it’s been at a hotspot in the area. It just seems that this cache is never pruned, so it leaves a rough footprint of where you’ve been.

    The exact data it contains is the lat-lon of each point, an identifier like MAC address for WiFi (each appears only once, even if it’s been updated after), a timestamp of when it was last updated (doesn’t occur very often and in batches of several networks – I only have 97 unique cell timestamps and 231 WiFi over half a year or so, and many of the old ones haven’t been overwritten even though I’ve been there again), and some miscellaneous stuff like expected accuracy.

    At least there’s a clear innocent purpose. I’d be more worried about the communication with Apple’s servers to fill that cache in the first place, which we all know about already. In fact, on the upside, it probably reduces such communication in areas where the networks are cached already. Cell providers also know roughly the same thing.

    @Don: As for the Verizon thing, the database has separate tables for GSM, CDMA, and WiFi. I’m not sure if this application will recognize CDMA. If you tried manually looking for the same file name, instead of finding the right one in the Manifest files, that won’t work.

  34. Pingback: iPhone Tracks Everything You Do

  35. Pingback: Closer Look at iPhone’s Location-Tracking Database | Apple Daily Magazine

  36. Pingback: Friday Varia and Quick Hits « The New Archaeology of the Mediterranean World

  37. Pingback: Latest Declutter Your Home Auctions | New ways to organize a room

  38. Pingback: Congressman asks Jobs to respond about consolidated.db | ZDNet

  39. Pingback: Apple to Fix the tracking bug in iOS 4.3.3/4.4 , reports | Tech GadgetX

  40. Pingback: Latest Organizing Kitchen Auctions | New ways to organize a room

  41. Pingback: Latest Organizing Closets Auctions | New ways to organize a room

  42. Pingback: The iPhone’s User Tracking May Boil Down to ‘Oops’ | Dice Blog Network

  43. Pingback: Google Is Tracking Android Users’ Location Data, Say Researchers | Datacentre Management . org

  44. Pingback: Latest Organize Your Office Auctions | New ways to organize a room

  45. Pingback: Latest Clutter Clearing Auctions | New ways to organize a room

  46. Pingback: Android Is Tracking Your Location, Too at NEWS.GeekNerdNetwork.com

  47. Pingback: Congressman asks Jobs to respond about consolidated.dbGarmin GPS Reviews – Garmin Nuvi 255W GPS | Garmin GPS Reviews - Garmin Nuvi 255W GPS

  48. Robert M

    Andy, there is one way to “nuke” your iPhone without using MobileMe or Exchange to remote-nuke it. Enable passcode lock and set it to erase your iPhone after 10 failed attempts. This erases the decryption key, leaving the phone useless. Of course, this only works on newer iPhones (3GS & 4) which encrypt the phone’s contents.

  49. Pingback: Yes, your iPhone is tracking you -- the question's why

Comments are closed.