IE 11 is not supported. For an optimal experience visit our site on another browser.

Truth About iPhone Tracking: Neither New Nor Secret

The news that the iPhone secretly tracks and records the location data of its users came as a shock to many, but it turns out security researchers have known about it for some time.
/ Source: SecurityNewsDaily

The news that the iPhone secretly tracks and records the location data of its users came as a shock to many, but it turns out security researchers have known about it for some time.

The public was surprised when security researchers Alasdair Allan and Pete Warden revealed April 20 that the iPhone and iPad 3G track users' location data and store it in a hidden file called "consolidated.db" on the device as well as the computer it's synced with.

The news drew fervent responses throughout the tech community; some were appalled at the invasion of privacy by the devices' manufacturer, Apple, while others were less surprised and saw it as simply another way online companies like Facebook take advantage of users' personal information – including location – to push targeted advertisements on them.

IPhone tracking is nothing new.

"This hidden file is neither new nor secret," Alex Levinson, security researcher and senior engineer for Apple iOS-based research company Katana Forensics, wrote on his blog.

Levinson, an author and graduate student at Rochester Institute of Technology, said that prior to the "consolidated.db" file used in the iPhone 4, locations of users of older iPhone models were stored in a similar file, called "h-cells.plist."

The data in these files could be "easily acquired through simple forensic techniques," he said. Location logs from these pre-iPhone 4 files have been used by "various law enforcement agencies," Levinson added.

App developers are in on it, too.

Levinson first spread the word about Apple's location data in November 2010 at the Paraben Forensics Innovation Conference in Utah, where he announced Lantern 2.0, software he had developed that would integrate all the geolocational data stored on the iPhone in the hidden files.

Then, at a security conference two months later, Levinson presented a paper called "Third Party Application Forensics on Apple Mobile Devices."

Written in 2010, before the June release of the iPhone 4, the paper explained that Apple explicitly offers location-tracking ability to third-party app developers; it's called "Core Location Framework Reference."

It's all there in the fine print.

Researchers at the security firm RedSn0w said you shouldn't be surprised your iPhone is tracking your every move – Apple tells you that's exactly what it's going to do.

In the terms and conditions of the iTunes agreement, Apple writes, "Apple and our partners and licensees may collect, use, and share precise location data, including the real-time geographic location of your Apple computer or device."

The fine print continues: "This location data is collected anonymously in a form that does not personally identify you and is used by Apple and our partners and licensees to provide and improve location-based products and services."

The 18 pages of terms and conditions can be read at Apple's website.

But how fine is the print?

Mikko Hypponen, chief research officer for the anti-virus company F-Secure, wrote that iTunes' installation process includes a "highly misleading" prompt that reads, "You can help Apple improve its products by sending us anonymous diagnostic and usage information about your iPhone."

The prompt makes no mention of tracking your location, but clicking "Agree" gives Apple that power.

Hypponen also believes the iPhone sends its location log to Apple twice a day.

While Apple is under the gun, Digital Ninja points out that every smartphone company includes a similar statement of intent in its respective terms and conditions.

Here come the politicians.

No matter when the iPhone started tracking its users, the problem has left the security world and is now a full-blown political issue.

Congress and the Federal Communications Commission are now "looking into the matter," according to the political news site Politico.

Sen. Al Franken (D-Minn.) wrote a letter to Apple chief executive Steve Jobs April 20 expressing his concerns over iPhone users' privacy.

"The existence of this information – stored in an unencrypted format – raises serious privacy concerns," Franken wrote. He went on to say that anyone who finds a lost or stolen iPhone "could easily download and map out a customer's precise movements for months at a time."

Franken expressed concern especially for children: "The millions of children and teenagers who use iPhone or iPad devices also risk having their location collected and compromised."

Rep. Jay Inslee (D-Wash.) also spoke out against iPhone tracking, according to Politico, saying he plans to ask Apple "some very direct questions to understand the frequency and extend of this data collection and the use, protection and sharing of this sensitive information."