In association with heise online

21 April 2011, 11:27

Mac app maps stored iPhone location data - Update

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Zoom Visualising the iPhone's geodata cache
Source: iPhoneTracker
The open source "iPhone Tracker" application for Mac OS X accesses a database to retrieve the locations that iPhone and iPad 3G devices record on a regular basis. Created by developer Pete Warden and scientist Alasdair Allan, the software takes the stored geodata and timestamps from the iTunes backup file and displays it on a map with a timeline.

Since iOS 4.0 (iOS 3.2 on the iPad), the geodata in this database has been collected and stored in a file called "consolidated.db" by the iOS locationd service in the background. The data is not encrypted but is stored in an SQLite database. iOS 3.2 saw Apple introduce its own dedicated service that allows iOS devices to determine their location more quickly – previously, the company used databases by Google and Skyhook Wireless.

The developers say that iPhone Tracker "artificially reduces" the spatial and temporal accuracy of the data to make the software "less useful for snoops." As a result, the timeline can only be moved in weekly increments, and the software uses a grid to hide exact locations when zooming in – however, precise data can be found in the consolidated.db file.

Warden and Allan point out that as the local database is stored on the iOS device without encryption it will also be transferred to a computer in this form if the user does a non-encrypted backup using iTunes – third parties who have access to the iOS device or the backup can, therefore, easily access the user's location information. Selecting the iTunes option to encrypt backups can prevent snooping on the computer's copy of the location information.

The technology blog Engadget pointed out that the spatial data-recording has been known about for some time in the art and link to an article from September 2010 by the French author Paul Courbis on the subject. The existence of the database had also been discussed in some expert forums on the web. The IT forensic Alex Levinson blogged that he had mentioned "consolidated.db" in a book he contributed to and the fact that the iPhone contains such information is nothing new in forensic security circles. The iPhone security expert James Zdziarski told Ars Technica that "It's not a covert, evil, Big Brother secret invisible file, but Apple has been administratively lazy in their programming, which is the root cause of most data leaks on the iPhone".

Apple says in their terms of service that the iOS devices periodically transmit the newly collected location data to Apple at the same time, including details about mobile masts and Wi-Fi base stations in their vicinity as well as the GPS device coordinates (if supported by the hardware). If a user disables the location services, which are enabled by default, in the iOS preferences, the iOS device will not collect or transmit any geodata. It is currently unclear whether the data stored in "consolidated.db" is the same data that is regularly transmitted to Apple by iOS devices when the location service is enabled. Apple has, so far, not directly commented on the issue.

Update - It now appears that turning off "Location Services" in the iPhone does not stop the collection of data in the "consolidated.db" database. The jailbreak community has responded to the issue with the release of Untrackerd, a utility with runs in the background and "cleans" the "consolidated.db" database.

US Senator, Al Franken, has written a letterPDF to Apple, asking questions about why the data was not encrypted, how precise the information is and why weren't consumers informed of the existence of the tracking.


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit