Hey, wonderful: there’s a location-tracking file on my iPhone.

Posted on April 20, 2011 at 12:20 pm

What sort of data does your phone log to a file…and why?

That’s the most annoying mystery of these superphones that we carry everywhere. It’s a master key to pretty much everything we’ve got going on in our lives: where we’ve been, the people with whom we associate, what we say, and all of the things we’ve seen that we considered worth snapshotting. The phone maker should be both completely open about the data the device collects and should act as though disastrous things would happen if that data were ever to fall into the wrong hands. Because they would. The worst-case scenario of a lost or stolen or otherwise compromised phone is pretty goddamned bad.

So imagine my disappointment when I visited this page (thoughtfully forwarded to me by Dave Bittner). Developers Alasdair Allan and Pete Warden, while working on some mobile data-visualization tools, poked around inside their iPhones and found an SQL database containing a detailed log of the phone’s locations over the past several months. To demonstrate the problem, they wrote a little app that will pull up this file from your desktop iPhone backup, analyze it, and “replay” your movements over time on a map.

Yeah, it works. The app was written just as an illustration, so it intentionally fudges the accuracy. But if I fast-forward to last summer, I reveal a very rough track of the day I decided to blow off work and go to the Cape for an afternoon of swimming and fried clams. Here’s a video demo of the map, provided by the developers:

Washington DC to New York from Alasdair Allan on Vimeo.

A few reality checks, lest I inadvertently do a Glenn Beck number on all of you, here:

• This database isn’t storing GPS data. It’s just making a rough location fix based on nearby cell towers. The database can’t reveal where you were…only that you were in a certain vicinity. Sometimes it’s miles and miles off. This implies that the logfile’s purpose is to track the performance of the phone and the network, and not the movements of the user.
• A third party couldn’t get access to this file without physical access to your computer or your iPhone. Not unless you’ve jailbroken your iPhone and didn’t bother resetting its remote-access password…or there’s an unpatched exploit that would give Random Person On The Internet root access to your phone.
• It’s pretty much a non-issue if you’ve clicked the “Encrypt iPhone Backup” option in iTunes. Even with physical access to your desktop, a no-goodnik wouldn’t be able to access the logfile.

But still! What a nervous can of worms. This is an open, unlocked file in a known location in a standard database format that anybody can read. If someone has physical access to your Mac — or remote access to your user account — it’s a simple matter of copying a file and opening it. And while the logfile can’t tell someone that you were at a specific house, it can obviously tell your boss that you went to the Cape on the day you called in sick.

And it’s not as though Apple and these two developers are the only people who know that this file exists and that it’s so easy to access. By the time the Good Guys blow the whistle, the Bad Guys have had it for months. Lord only knows what they’ve been doing with this information.

It’s also, frankly, another reason why I value my iPhone’s “remote nuke” feature and wish it were possible to nuke all data directly from the handset. I can’t think of any circumstance under which my location data would possibly be damaging, incriminating, or even just embarrassing. That’s not the point: if I can’t control the data that my phone is collecting, I should at least have the power to destroy it utterly.

[Edited to clarify: what I want is a real "overwrite with zeros" feature, like the one you see in Disk Utility. Yup, you can go to Preferences and restore your iPhone to factory settings but I believe that this leaves your data vulnerable to recovery. I imagine a made-for-TV kind of scene in which the Angry Lawyer Bringing A Frivolous Lawsuit Against Me is fumbling for his phone, trying to get a court order to mine data off of my iPhone but before the paperwork comes through, I've already tapped nineteen buttons and there's nothing on that phone that can be recovered.]

Finally, there’s “The ‘Ick’ Factor.” I don’t believe that Apple is up to anything nefarious here (again, I think it’s tracking the performance of the phone and not the movements of the user) but it makes the iPhone look very, very bad. That’s not to say that other phones don’t do even ickier things with user data…but this one’s big and public and easy to demonstrate on a nightly newscast.

Apple should treat this like a serious problem. I’ll be very, very pleased if I or anybody else can get a statement from them explaining what this file is for, and how the next iOS update will secure it.

Share

Tweet

Filed under: apple, iphone.

124 Comments

124 Responses

Continuing the Discussion

1. [...] Ihnatko used the application to reveal his movements from the past few months and wrote about it on his personal blog. Ihnatko discovered that, while not precise, the info does reveal a rough trace of the [...]

   Report: iPhone Has Been Recording Location Over Time in Unprotected File Since iOS 4 — April 20, 2011 @ 3:28 pm

2. [...] Andy Ihnatko ?????????????????????????Reality check: [...]

   ???? — iPhone ???? GPS ?? | R.D. — April 20, 2011 @ 8:46 pm

3. The Apple JudasPhone…

   Good Lord – a few days ago we published a note about how Smartphones are watching you, but we had no idea it was this bad – the iPhone tracks your movement and timestamps it, whether you have GPS turned on or off, and saves it to a file that it then up…

   broadstuff — April 21, 2011 @ 4:07 am

4. [...] [via Andy Ihnatko] [...]

   Follow-up: iPhone location tracking | MacTrast — April 21, 2011 @ 5:04 am

5. [...] of discussion on this issue: Andy Ihnatko Guy that found it a while back What Apple does with your information Tweet This Post [...]

   iOS Location File « Daniel Nisbet — April 21, 2011 @ 7:58 am

6. [...] TweetApril 21, 2011 at 8:35 amCommenting on Andy Inhatko’s article on iOS storing user’s location data, Daring Fireball‘s John Gruber reveals that iOS [...]

   Gruber: iOS location storing is a bug, getting fixed in future iOS update | 9 to 5 Mac Gruber: iOS location storing is a bug, getting fixed in future iOS update | Apple Intelligence — April 21, 2011 @ 10:35 am

7. [...] fact that the data is stored on the user’s own machine and not accessed by Apple is one of Andy Ihnatko‘s key themes as well, suggesting that “the logfile’s purpose is to track the [...]

   iPhone tracking: Not new, but already used by law enforcement - SlashGear — April 21, 2011 @ 10:47 am

8. [...] on Andy Inhatko’s article on iOS storing user’s location data, Daring Fireball‘s John Gruber reveals that iOS [...]

   Gruber: iOS location storing is a bug, getting fixed in future iOS update | Apple Daily Magazine — April 21, 2011 @ 11:03 am

9. [...] fact that the data is stored on the user’s own machine and not accessed by Apple is one of Andy Ihnatko‘s key themes as well, suggesting that “the logfile’s purpose is to track the performance of [...]

   iPhone tracking: Not new, but already used by law enforcement — April 21, 2011 @ 11:14 am

10. [...] on Andy Inhatko’s article on iOS storing user’s location data, Daring Fireball‘s John Gruber reveals that iOS storing [...]

    Gruber: iOS location storing is a bug, getting fixed in future iOS update — April 21, 2011 @ 11:16 am

11. [...] pundit, Andy Ihnatko, notes three reasons why this might be the case. This database isn’t storing GPS data. It’s just making a rough [...]

    Gruber: No “Definitive Answer”, But iOS Location Tracking Likely An Oversight – [REPORT] | RazorianFly — April 21, 2011 @ 11:26 am

12. [...] Ihnatko has the simplest and most concise piece so far.  Arstechnica points out that this information is and has always been logged by the service [...]

    How long before we start calling it Cablegate? « Impraxical — April 21, 2011 @ 11:26 am

13. [...] fact that the data is stored on the user’s own machine and not accessed by Apple is one of Andy Ihnatko‘s key themes as well, suggesting that “the logfile’s purpose is to track the [...]

    World news » Blog Archive » iPhone tracking: Not new, but already used by law enforcement — April 21, 2011 @ 11:36 am

14. [...] Andy Ihnatko reinforces my Don’t Panic [...]

    Your iPhone is tracking you (and has been for a while) | Teck Talk — April 21, 2011 @ 11:57 am

15. [...] on the topic: Your iPhone, iPad recording your every move? – Larry DignanUpdate: Andy Ihnatko reinforces my Don’t Panic advice:This database isn’t storing GPS data. It’s just making a rough location [...]

    Your iPhone is tracking you (and has been for a while) – JailBake — April 21, 2011 @ 12:46 pm

16. [...] Andy Ihnatko via Daring Fireball Share and [...]

    Andy Ihnatko calms your fears about iPhone location collecting – Gadgetron - Tuscaloosa News - Tuscaloosa, AL - Archive — April 21, 2011 @ 12:55 pm

17. [...] Andy Ihnatko on iOS 4’s Location-Tracking Log[Via Daring Fireball] [...]

    It’s a bug not a feature « A Man With A Ph.D. — April 21, 2011 @ 1:30 pm

18. [...] http://ihnatko.com/2011/04/20/hey-wonderful-theres-a-location-tracking-file-on-my-iphone/ [...]

    Apple and the Latest Security Scare: Location Tracking Stored | Build Your Business on a Solid Infrastructure — April 21, 2011 @ 2:05 pm

19. [...] tech guru Andy Ihnatko downplayed the damage done by the tracking file, pointing out that it’s not storing GPS data, but [...]

    Sen. Franken Quizzes Steve Jobs On iPhone Tracking | mobile-phones.co.za — April 21, 2011 @ 2:47 pm

20. [...] to 5 Mac, will remove that location data and prevent more from being recorded.Meanwhile, tech guru Andy Ihnatko downplayed the damage done by the tracking file, pointing out that it’s not storing GPS data, [...]

    Sen. Franken Quizzes Steve Jobs on iPhone Tracking — April 21, 2011 @ 2:57 pm

21. [...] panic, but look a little nervous | Andy Ihnatko’s Celestial Waste of Bandwidth (BETA) post Hey, wonderful: there’s a location-tracking file on my iPhone | Alex Levinson’s 3 Major Issues with the Latest iPhone Tracking “Discovery” On the [...]

    Ugh! My iPhone is spying on me … « slappHappe — April 21, 2011 @ 3:08 pm

22. [...] Andy Ihnatko: It’s also, frankly, another reason why I value my iPhone’s “remote nuke” feature and wish it were possible to nuke all data directly from the handset. I can’t think of any circumstance under which my location data would possibly be damaging, incriminating, or even just embarrassing. That’s not the point: if I can’t control the data that my phone is collecting, I should at least have the power to destroy it utterly. [...]

    Michael Tsai - Blog - consolidated.db — April 21, 2011 @ 3:19 pm

23. [...] Fireball, uno dei blogger più autorevoli nel panorama Apple a stelle e strisce, ha commentato un articolo scritto da Andy Inhatko, altra voce importante del mondo Mac, sul problema della memorizzazione dei [...]

    Un bug all'origine della registrazione dei dati di localizzazione dell'utente, ma non sono dati GPS | Nonsolomac — April 21, 2011 @ 3:37 pm

24. [...] tech guru Andy Ihnatko downplayed the damage done by the tracking file, pointing out that it’s not storing GPS data, [...]

    Sen. Franken Quizzes Steve Jobs On iPhone Tracking | NexGen SEM — April 21, 2011 @ 3:48 pm

25. [...] Andy Ihnatko reinforces my Don’t Panic [...]

    Your iPhone is tracking you (and has been for a while) | Apple Online — April 21, 2011 @ 4:04 pm

26. [...] tech guru Andy Ihnatko downplayed the damage done by the tracking file, pointing out that it’s not storing GPS data, [...]

    Sen. Franken Quizzes Steve Jobs On iPhone Tracking | Stu Haugen — April 21, 2011 @ 5:23 pm

27. [...] Andy Ihnatko Bookmark on Delicious Digg this post Recommend on Facebook share via Reddit Share with Stumblers [...]

    "Locationgate:" Invasion of Privacy or Epic FAIL? | iPhone Tweaks — April 21, 2011 @ 6:00 pm

28. [...] Andy Ihnatko reinforces my Don’t Panic [...]

    Your iPhone is tracking you (and has been for a while)Garmin GPS Reviews – Garmin Nuvi 255W GPS | Garmin GPS Reviews - Garmin Nuvi 255W GPS — April 21, 2011 @ 6:03 pm

29. [...] get some perspective, tech writer Andy Ihnatko presents a wonderfully rational assessment of the whole [...]

    my iphone stalks me, and i like it : Lou Lesko — April 21, 2011 @ 6:49 pm

30. [...] Well, I thought that. I still think that, and I’m going to give him the benefit of the doubt and go with “he wasn’t really thinking” when he sent a letter to Steve Jobs about the current brouha-whollymoley over iPhones tracking your every move. [...]

    Hamm On Wry » Blog Archive » You asked who? — April 21, 2011 @ 7:21 pm

31. [...] Source: Andy Ihnatko [...]

    "Locationgate:" Invasion of Privacy or Epic FAIL? | iPhone Jail Break Instructions and Links — April 21, 2011 @ 7:40 pm

32. [...] it ‘a nervous can of worms’ … but even he says, somewhat contentiously, in Hey, wonderful: there’s a location-tracking file on my iPhone: It’s pretty much a non-issue if you’ve clicked the ‘Encrypt iPhone Backup’ option [...]

    Despite that, your honour, I wasn’t ACTUALLY there @ The Paepae — April 21, 2011 @ 7:44 pm

33. [...] far more sensible comment came from Andy Ihnatko who is not worried about the data but more concerned about perceptions regarding Apple’s [...]

    Cassandra – Friday Review: The Weekend Arrives — April 21, 2011 @ 8:57 pm

34. [...] software. That’s it. There’s no apparent malice here on Apple’s part, either; in fact, according to John Gruber, this is many expected a bug: The large doubt of course, is since Apple is storing [...]

    Is your smartphone really tracking you? | Vehicle Tracking Device Site — April 21, 2011 @ 9:45 pm

35. [...] Andy Ihnatko © 2011 The iPhone Index Privacy [...]

    "Locationgate:" Invasion of Privacy or Epic FAIL? | The iPhone Index — April 21, 2011 @ 11:16 pm

36. [...] software. That’s it. There’s no apparent malice here on Apple’s part, either; in fact, according to John Gruber, this is most likely a bug: The big question of course, is why Apple is storing [...]

    404 Not Found — April 21, 2011 @ 11:21 pm

37. [...] tech guru Andy Ihnatko downplayed the damage done by the tracking file, pointing out that it’s not storing GPS data, [...]

    Sen. Franken Quizzes Steve Jobs On iPhone Tracking | CashKlick — April 22, 2011 @ 12:29 am

38. [...] or not, just by asking your provider. And I really do mean "no different" as the info gathered appears to be locations as plotted by phone tower, not by GPS. You make a claim on your insurance, but they think you may have been going too [...]

    iPhone keeps record of everywhere you go - Page 3 — April 22, 2011 @ 5:33 am

39. [...] be accessed unless someone comes to physical possession of your device. As Andy Ihnatko explained, encryption can protect users from common risks of logging location on smart-phones. The fact that Apple didn’t disclose [...]

    iPhone Tracks Everything You Do — April 22, 2011 @ 6:02 am

40. [...] gathered from CWOB, The Loop, GigaOM, 9to5Mac, [...]

    Closer Look at iPhone’s Location-Tracking Database | Apple Daily Magazine — April 22, 2011 @ 8:14 am

41. [...] The other big and interesting tech news this week was the iPhone controversy. It seems that some folks discovered the file in your iPhone that stores locational information (not GPS data, it would seem, but locational data based on the nearest cellphone towers. So we’re not dealing with pinpoint accuracy here, but a only general location). They figured out how to hack into it and extract that data and create maps of their own recent activities. This raises privacy concerns, of course, and the more creepy issue of Apple’s plans for collecting this data. Here’s a nice consideration of it. [...]

    Friday Varia and Quick Hits « The New Archaeology of the Mediterranean World — April 22, 2011 @ 8:47 am

42. [...] Hey, wonderful: there's a location-tracking file on my iPhone … [...]

    Latest Declutter Your Home Auctions | New ways to organize a room — April 22, 2011 @ 9:59 am

43. [...] The good news is that the sky is not falling: [...]

    Congressman asks Jobs to respond about consolidated.db | ZDNet — April 22, 2011 @ 10:09 am

44. [...] best piece of writing on this issue, which we found after being referred by many reliable sources, states: A few reality checks, lest I inadvertently [...]

    Apple to Fix the tracking bug in iOS 4.3.3/4.4 , reports | Tech GadgetX — April 22, 2011 @ 10:58 am

45. [...] Hey, wonderful: there's a location-tracking file on my iPhone … [...]

    Latest Organizing Kitchen Auctions | New ways to organize a room — April 22, 2011 @ 1:17 pm

46. [...] Hey, wonderful: there's a location-tracking file on my iPhone … [...]

    Latest Organizing Closets Auctions | New ways to organize a room — April 22, 2011 @ 1:20 pm

47. [...] Meantime, some bloggers are making a case that the data collection that brought Apple so much attention yesterday isn’t tight enough to constitute personal tracking. Andy Inhatko writes: [...]

    The iPhone’s User Tracking May Boil Down to ‘Oops’ | Dice Blog Network — April 22, 2011 @ 2:07 pm

48. [...] in a famous plcae in a customary database format that anybody can read,” writes publisher Andy Ihnatko “If someone has earthy access to your Mac — or remote access to your user comment — [...]

    Google Is Tracking Android Users’ Location Data, Say Researchers | Datacentre Management . org — April 22, 2011 @ 4:04 pm

49. [...] Hey, wonderful: there's a location-tracking file on my iPhone … [...]

    Latest Organize Your Office Auctions | New ways to organize a room — April 22, 2011 @ 4:26 pm

50. [...] Hey, wonderful: there's a location-tracking file on my iPhone … [...]

    Latest Clutter Clearing Auctions | New ways to organize a room — April 22, 2011 @ 4:29 pm

51. [...] in a known location in a standard database format that anybody can read,” writes journalist Andy Ihnatko “If someone has physical access to your Mac — or remote access to your user account — [...]

    Android Is Tracking Your Location, Too at NEWS.GeekNerdNetwork.com — April 22, 2011 @ 11:00 pm

52. [...] The good news is that the sky is not falling: [...]

    Congressman asks Jobs to respond about consolidated.dbGarmin GPS Reviews – Garmin Nuvi 255W GPS | Garmin GPS Reviews - Garmin Nuvi 255W GPS — April 23, 2011 @ 6:34 am

53. [...] Apple may be trying to capture information about the device or, perhaps, carrier performance — the theory expressed by blogger Andy Ihnatko. Given the rap the iPhone got as a result of AT&T's network problems, I wouldn't discount the [...]

    Yes, your iPhone is tracking you -- the question's why — April 23, 2011 @ 12:41 pm

54. [...] gathered from CWOB, The [...]

    Closer Look at iPhone’s Location-Tracking Database « i4bloggen — April 23, 2011 @ 1:31 pm

55. [...] reading a post that suggested the CDMA iPhones do collection location data, I examined the SQLite database stored [...]

    Verizon iPhone Tracking Table « Urlgrey — April 23, 2011 @ 4:21 pm

56. [...] may be trying to capture information about the device or, perhaps, carrier performance — the theory expressed by blogger Andy Ihnatko. Given the rap the iPhone got as a result of AT&T’s network problems, I wouldn’t [...]

    Yes, your iPhone is tracking you — the question’s why. It could be a bug, a mistake or something to do with ‘geofencing’ | Voices for the Laotian Who do not have Voices — April 24, 2011 @ 4:09 pm

57. [...] ????Tech2IPO??bluesabrina???ihnatko??????????????Tech2IPO????????????RSS??????????????????? [...]

    iPhone?????????????? | Tech2IPO — April 25, 2011 @ 3:00 am

58. [...] Ihnatko föreslår på sin blogg att denna information troligen inte handlar om att spåra var du varit utan för att kontrollera [...]

    1984? Inte riktigt… | Macpro — April 25, 2011 @ 3:23 am

59. [...] iPhone u 4.0 verziji iOS mobilnog operativnog sustava zaista prati i bilježi lokaciju korisnika, ali situacija je malo druga?ija od one koja se širi svjetskim, ne samo lokalnim medijima. Zna?i [...]

    iPhone i Android vas prate, aplikacije vas prisluškuju, a vi to zapravo želite | Netokracija — April 25, 2011 @ 4:29 am

60. [...] il file esista, non sembra esservi dubbio. Che possa essere originato da un bug – come alcuni affermano – appare [...]

    Di tracciamenti, Web 2.0, social network e smartphone - The New Blog Times — April 25, 2011 @ 4:57 pm

61. [...] Andy Ihnatko on iOS 4’s Location-Tracking Log Best piece I’ve seen on the “consolidated.db” location-tracking log: [...]

    JulianSchrader.de | Interesting Links for April 26, 2011 — April 25, 2011 @ 11:01 pm

62. [...] Ihnatko föreslår på sin blogg att informationen som din iOS-enhet sparar troligen inte handlar om att spåra var du varit utan [...]

    1984? Inte riktigt… - Allt om Mac — April 26, 2011 @ 3:20 pm

63. [...] I don’t care about this, before I talk about why I do… I’m just going to steal Andy Ihnatko’s reasons because he already said it better than I [...]

    The Real (UX/UI) Problem with iPhone Location Tracking | wademeredith.com — April 26, 2011 @ 3:22 pm

64. [...] Andy Ihnatko – “Hey, wonderful: there’s a location-tracking file on my iPhone.“ [...]

    Was fehlt: die Unschuldsvermutung – iPhoneBlog.de — April 27, 2011 @ 3:57 am

65. [...] http://ihnatko.com/2011/04/20/hey-wonderful-theres-a-location-tracking-file-on-my-iphone/ [...]

    More on smartphones and the use of location information « Arcadia Legal Tech Blog — April 27, 2011 @ 12:59 pm

66. [...] the file simply keeps a record of cell towers it has connected with. A jealous boyfriend/girlfriend or a crazy stalker would have access only to [...]

    Conspiracy Theory: Is the iPhone Really Tracking You? | The VAR Guy — April 27, 2011 @ 3:33 pm

67. [...] on the side of Andy Inhatko and John Gruber than Daniel Eran Dilger on this… I love you Daniel, but what in the heck was [...]

    Rubénerd : Apple Android locationgate whatnot — April 28, 2011 @ 1:16 am

68. [...] seems to be the big news story in the tech world at the moment, as people speculate why this is being done. There’s theories [...]

    Tech Thursday – Why Is Your Smartphone Tracking You? (UPDATED) - Q 103 - GO ROCK YOURSELF — April 28, 2011 @ 6:11 am

69. [...] recap, if we didn’t review my posting from final week or any of a miles of other accessible commentary: your iPhone has been building a database of where [...]

    Your iPhone knows where you are but here’s why not to worry – Chicago Sun | Vehicle Tracking Device Site — April 30, 2011 @ 1:07 am

70. [...] recap, if you didn’t read my posting from last week or any of the miles of other available commentary: your iPhone has been building a database of [...]

    Your iPhone knows where you are but here’s why not to worry – Chicago Sun | cell-phones.co.za — April 30, 2011 @ 9:53 pm

71. [...] recap, if you didn’t read my posting from last week or any of the miles of other available commentary: your iPhone has been building a database of [...]

    Your iPhone knows where you are but here’s why not to worry – Chicago Sun | cellular-phones.co.za — May 1, 2011 @ 4:48 am

72. [...] recap, if you didn’t read my posting from last week or any of the miles of other available commentary: your iPhone has been building a database of [...]

    Your iPhone knows where you are but here’s why not to worry – Chicago Sun | Mobile phone — May 1, 2011 @ 7:02 pm

73. [...] Hey, wonderful: there’s a location-tracking file on my iPhone [...]

    NipTech 085 – La réussite malgré l’échec | NipTech Podcast — May 3, 2011 @ 6:11 am

74. [...] in a known location in a standard database format that anybody can read,” writes journalist Andy Ihnatko “If someone has physical access to your Mac — or remote access to your user account — [...]

    Android Is Tracking Your Location, Too | Solar Energy| | Blog and Videos sites. — May 5, 2011 @ 4:04 am

75. [...] gathered from CWOB, The [...]

    Closer Look at iPhone’s Location-Tracking Database — May 7, 2011 @ 2:38 am

Carrington Theme by Crowd Favorite

Proudly powered by WordPress and Carrington.