back to article No, iPhone location tracking isn't harmless and here's why

It didn't take long for the blogosphere to pooh pooh research presented on Wednesday that detailed a file in Apple iPhones and iPads unknown to the vast majority of its users that stored a long list of their time-stamped locations, sometimes with alarming detail. On Thursday, a forensics expert who sells software to law …

COMMENTS

This topic is closed for new posts.
  1. Anonymous Coward
    Anonymous Coward

    Mmmmm.....

    So, the reason that it is not harmless is that 'cops' are already tapping this data?

    The real answer for this is....

    .... you shouldn't be worried unless you have something to hide. The Police are not going to routinely get every single person's data and decided if they are where they claimed to be.

    On the opposite hand this can also be a saviour for someone that is blamed for something and their only alibi happens to be that they were in such a place a such time but didn't have anyone to corroborate the story. Then the data from their iphone is the perfect witness because it cannot tell a lie, it was where it reported it was according to GPS data.

    Why the blazes are people getting so paranoid these days about data collection. So what, it is now done covertly.

    This same information can also be used by the Telco's to decide where extra towers need to be set up to improve service.

    There are far more positives that there are negatives that can arise from this collection of data and I will not get trapped in this paranoia.

    1. Phil 54
      FAIL

      Las Vegas

      Ladies and gentlemen of the jury, as you can clearly see from the Iphone log, the accused WAS indeed present in Las Vegas the night of the murder, despite his farcical protestations that he has never been to Las Vegas.

      1. Eponymous Howard
        Stop

        Or...

        "Ladies and gentleman of the jury, you can clearly see I was 1,000 miles away from Vegas, despite the police's attempts to stitch me up"

      2. Andrew Moore
        Coat

        Also...

        the data only tracks where the iPhone was- not the owner. So if you are off to commit a crime, leave your iPhone at home. Voila! Instant alibi.

    2. Anonymous Coward
      Anonymous Coward

      So if you want an alibi..

      leave your phone somewhere or with another person

      1. sT0rNG b4R3 duRiD

        Re: Alibi

        Or... given that it's now open knowledge, it might no more be admissible as evidence.

        Consider the phone might have not been with the accused...

        Or... the file might have been tampered with. Not having an iphone, I'm not exactly sure how this may be done, but I expect you would be able to do it with a rooted one easy. An unrooted one, I don't know.

        Now, I don't go anywhere exciting at all, to be honest, and as stated before I do believe the telco triangulating you could be useful on some occasions (consider this, storage is cheap, if they wanted to watch a certain mobile, I expect they really could!) but other people knowing besides the telco knowing as well, and such a complete log.... Some options should be available.

        If you don't mind not being contacted but still want to carry your phone with you, and for some period, *just* would not like to be tracked, remove its battery... Oh you can't. Well, then, turn it off... No? Still don't trust it?

        Faraday cage then.

        Wrap it up in aluminium foil. At least twice to be sure of no breaches.

        I've tried it with Android phones and a commercial GPS device just today in fact, it *appears* to work. I can't say the same about iPhones empirically yet but I shall try that the first opportunity, I can.

        Not because I am advocating anything illegal by the way. I just believe we should have the option of privacy.

        With all that I've said now, can a phone be used seriously as incriminating evidence?

        Crap, there's no tin foil hat icon...

        1. dssf

          Remove the battery? Might do no good.

          If the phone location is boosted by hidden signal amplifiers...

          There's also rumor/speculation that the mic and camera can be remotely commanded on without the phone LEDs, vibrator, or screen revealing the act.

          I heard there is a second battery. Hidden. Just in case a wanted phone has its battery removed. Or, to preserve the data while the main battery is removed.

          For fun, try watching "Overheard". It was made several YEARS ago, and if the tech parts of the film can be found to be true in 2009-ish, then... these arguments of the iPhone are years late outside of Asia...

          ((The film was released theatrically in Hong Kong on 30 July 2009.))

          Some of these links may contain plot spoilers:

          Non-spoiling:

          http://asianmediawiki.com/Overheard

          -----

          Fairly spoiling:

          http://www1.hollywoodreporter.com/hr/film-reviews/overheard-film-review-1004004264.story

          "Their behavior is part and parcel of the film's overview of a society where those with money or power are above the law, even its enforcers. The story ends not once, but twice, with triple twists, evoking an ambivalent sense of devastation and catharsis.

          Wong amuses with his hammy turn as the nefarious tycoon whose hypocritical speeches parody fatuous business lingo."

          ------------

          https://secure.wikimedia.org/wikipedia/en/wiki/Overheard_%28film%29

          "Due to the film's great success, the sequel "Overheard 2" will begin production and tentatively release in 2011"

          I bet this will resonate well with the rumbling over iPhone and Android phone data breaches. I bet someone could make a film about Google willy-nill allowing virtually any old software producer to hack people's phones, but then to protect Google, an evil exec pays contract killers to knock off whistleblowers as a favor to police and government authorities. Might not a new theme, but given the irritation it could possibly be retuned to police abuse. (I may pen a script myself...)

          -----------

          Several Parts of the film can be eye-watering to shockingly, violently stunning.

          1. sT0rNG b4R3 duRiD

            "Remove the battery? Might do no good"

            Like I said earlier.

            Faraday cage.

            My android phone definitely disconnects. Naturally as you would expect so does my GPS device.

            I am not sure about iPhones though because from memory I believe the metal sidey bit of the phone is the antenna. Most people usually have some sort of bumper or case though so maybe the aluminium foil will still work. Or else one could still insulate the metal bit, and then wrap aluminium round the phone.

            I will have to wait till I find one of my mates with an iPhone (who is willing) to test this out though.

            Or just don't carry the phone around.

            1. sT0rNG b4R3 duRiD

              Faraday Cage

              Ok, just tested this with a mate's iPhone with bumpers. From full signal bars, wrapped in foil, it appears to drop off the telco network - it becomes unreachable to calls.

              Now, I could not test definitively to see if it dropped off a wifi network from a router's point of view at the time, and there is no way I can tell if it definitely drops off a telco's from their point of view...

              But I have to say the theory behind it is reasonably sound.

              Open to the floor...

          2. Ian Michael Gumby
            Boffin

            @dssf Re: Remove the battery? Might do no good.

            You remove the battery, you've removed the power source to your phone so that it is inert. Any capacitor in your phone would have lasted less than a second so no battery, your phone is a brick.

            So without a power source there is no way to access the phone remotely or even dump the data via a wireless manner. (If your phone does use USB to recharge the phone, it may be possible to power the phone sans battery.

            Of course you may not be able to remove the battery. Newer phones don't let you the consumer remove the batteries...

            So please stick to facts and not fiction.

            1. Zippy the Pinhead
              Stop

              @ Ian

              "Of course you may not be able to remove the battery. Newer phones don't let you the consumer remove the batteries..."

              No IPHONES don't let you remove the battery. All the others do.

      2. Keith T

        Or buy a different brand phone

        But the point is, Apple is still keeping this secret claiming it doesn't happen.

    3. SuccessCase

      Oh dear,

      You need an education. Ordinarily i would never say something that might be perceived as so arrogant or rude as that but there, I've said it. You really, really should change your opinion. I humbly suggest you type the words "you've got nothing to fear if you've got nothing to hide" in google and read a few of the results that show up. You will find article after article by intelligent thinking people from every walk of life and every polotic pointing out why the view you hold is shallow and thoughtless. It's only really possible to hold the opinion you do if you have no appreciation of how, historically, advanced civilized and democratic countries have been transformed into totalitarian regimes, and how this could only be done precisely because the nascent regimes in question were able to rely on people holding the opinion you hold. Really, do what I suggest, it's importent for all our sakes that people like you swot up on history and gain some understanding of how democracy is always a delicate flower we should never take for granted. Lastly it's ironic that you have said what you have said and yet feel (in my book quite legitimately) that you would prefer to make your post anonymously. Think about it, different context i know, but as minor as the fear of revealing your identity you have may be, your action directly contradicts your argument.

      1. Christopher Rogers
        Stop

        Pedantic

        Important not importent.

      2. mark 63 Silver badge
        Thumb Up

        re "you've got nothing to fear if you've got nothing to hide"

        finally an articulate answer as to why thats a bad thing.

        now i'm off to see if those google results are really there....

      3. Ere the grist

        ... feel free to educate me

        I was hoping to find at least a nugget of a reason why I should be significantly concerned about this issue but the invitation to swot up on the facts doesn't really do it for me. Is there nothing that could be said in one or two sentences that would persuade me otherwise? I'm as paranoid as the next guy, so it shouldn't be too hard to get me worried. That said, the Register article itself fails to deliver on the promise of its title.

        For those who are perturbed by this story, I hope the manufacturers of competing smartphones take the opportunity to tell us how their phones DON'T record locational data in this way. That would help.

    4. DF118
      FAIL

      Oh look...

      It's the nothing-to-hide "argument".

      I've got plenty to hide thank you very much, and so do you.

      1. Anonymous Coward
        Anonymous Coward

        RE:Oh Look

        We all knew it was coming, this must be a new record.

      2. Keith T

        If not to hide from the lawful, to hide from the lawless

        If not to hide from the lawful, to hide from the lawless

    5. Allan George Dyer
      FAIL

      Transparency and trust

      So a handheld device that logs it's location be unknown means and dubious accuracy is going to become the "perfect witness"?

      What if:

      i) the suspect leaves their phone at the alibi location before travelling to the crime scene

      ii) the article states the phone sometimes reports a wrong location: why? when? can it be manipulated? what if there's a crime at that location?

      iii) the log file be manipulated?

      If we don't know how it works and how it can go wrong, how can we challenge it? Look at the cases of phantom ATM withdrawals.

      1. This post has been deleted by its author

        1. Vic

          Conviction isn't the only thing to worry about...

          > There is no way you'd get a conviction based on this.

          You might be right - but that doesn't mean you wouldn't get dragged through the courts anyway.

          A few weeks ago, a neighbour of mine was called up for jury service, and ended up trying a burglary case.

          The evidence presented by the CPS boiled down to geolocation info obtained from his phone. There was nothing to show he'd ever been in the same room as the people who actually committed the burglary, but he was being charged with conspiracy.

          I don't know the outcome of the trial - my neighbour couldn't say much for obvious reasons, and I'm not sufficiently interested to follow it up anyway. But his frustration was that he had to try a case where the only evidence appeared to be that some guy's phone had been within a few hundred yards of some Bad Guys(tm).

          The CPS are a bunch of cocks. It would be idiotic to imagine that they won't abuse this info. Unless you're BT, of course, in which case everything is permitted[1].

          Vic.

          [1] (c) Jim Steinman :-)

      2. Stupidscript
        Thumb Down

        Silliness Until Incarceration

        Yeah ... cute comment.

        What if ... the cops confiscate your phone during a traffic stop (because "reasonable suspicion" is something you have to prove in court, not on the street), read its contents, and throw you in jail? Keep in mind that they don't need to tell you anything about why you are being thrown in jail ... at least, not anything that makes sense.

        Oh, that's right ... since the data is inaccurate, that would never happen. Laughs all around.

        All cops know this, and when they impound your phone, then your body, I guess it's okay, because the data's inaccurate.

        And, anyway, what's a night or three in jail? Pfft. Nobody would be inconvenienced by that, would they?

        I mean, the data's inaccurate, so any police experience involving said data would be, at most, a minor inconvenience.

        Certainly you would understand that, because the data is inaccurate, they couldn't KEEP you in jail, right? I mean, they can only keep you there for, at most, 72 hours, right? Who cares about that? Hardly an inconvenience, at all!

        "But, officer ... the data's inaccurate!"

        Clearly not a problem for the poor sod being hauled off the jail and having to spend several thousand dollars on attorneys and wasted time trying to get the hell out of jail and get their phone back.

        There is no such thing as a (your words) "perfect witness" ... but there are plenty of reasons to haul your butt into jail and let you sort it out at your own expense.

        This database includes a proven tool for doing just that.

        Laughs all around.

    6. Anonymous Coward
      FAIL

      daily mail reader?

      I suspect you have never been arrested.

      If they arrest you they think you have done it. If your mobile data shows you didn't they will try not to disclose it.

      That's how UK law enforcement works, once they arrest they only want the material to convict you.

      1. Adam 52 Silver badge

        Disclosure

        That's not really fair on the police/CPS. Yes, there is a tendency to looks for evidence to convict the accused, but any evidence that is found during the investigation is disclosed. Usually.

    7. Anonymous Coward
      Anonymous Coward

      @Troll McTrollson

      "This same information can also be used by the Telco's to decide where extra towers need to be set up to improve service."

      Dear customer,

      Could you tell us how much our towers have been used please? We understand you may have information about that which we don't.

      Thanks.

    8. Anonymous Coward
      Anonymous Coward

      "you shouldn't be worried unless you have something to hide. "

      I would say you would be correct if everyone connected with your information and it's use has access to all relevant facts, is 100% honest, fully competent, aware of all the possible ramifications and is completely impartial.

      This includes anyone approached with regard to your information.

      Unless you can guarantee all of the above then you could have a lot to be worried about.

    9. Anonymous Coward
      Anonymous Coward

      Photographers will tell you

      If you think you have nothing to hide - you haven't seen how the plod use the anti-terrorist laws

    10. Black Betty
      FAIL

      Then why hide your name, if ....

      ...you have nothing to hide?

      There are any number of people, as mentioned in the article, who have a perfectly legitimate reason for others not to know where they are (even at the level of granularity the data is said to have).

      Despite your obvious belief that an iPhone is a permanently grafted appendage, they may in fact on occasion travel entirely independently of their owner. It has inherrently far, far less believability as an alibi machine than it would as a silent accuser.

      People are legitimately paranoid about unauthourised and secret data collection, because of the many ways it can be and is used against them. From using targeted advertising to get folk to overspend by 25% or so, to complete identity theft.

      1. Annihilator
        Go

        @Black Betty

        "Then why hide your name, if ...you have nothing to hide?"

        Yes my irony-o-meter exploded when I realised the troll in the first post had posted a/c :-)

    11. Sam Therapy
      WTF?

      Really?

      So why are there so many innocent people still on the UK police forces' databases? Your post is unbelievably stupid.

    12. Asgard
      WTF?

      On no, the "Nothing to hide" argument ... again.

      AC, "Why the blazes are people getting so paranoid these days about data collection." ... "you shouldn't be worried unless you have something to hide"

      Its getting very tiresome trying to explain to people like you, why you are wrong, when the fact is, the only way you can still remain so completely ignorant of history, is that you must be refusing to read up on why you are wrong. Which means any attempt to tell you why you are wrong will also be ignored by you. It means by definition your core error is that you are closed minded and it is your closed mindedness that is blinding you from learning about history.

      So until you stop being so closed minded, you will continue to fail to learn why you are wrong about the dangers of the state having too much information on the people. Location based information like iPhones are collecting are ideally suited to being abused by the state. (As are contact lists which can be got from phone & email contact lists, also found on phones). (For example look at how some states are trying to silence political protesters. Their location from their phone will give them away and their contact list will allow the corrupt states to abuse their friends and families in the same why they are abusing the protesters. Governments all around the world would love to abuse this kind of information to block and make life harder for political protesters).

      Here's a hint, history shows time and time again how people in authority have and continue to this day to abuse their positions of power, for their own gain. The more information they have, the more power they have. To be ignorant of that, is to be profoundly ignorant of so much history. Plus history shows it is the ignorant but otherwise good people just like you who are part of the problem, because your kind allow the people in authority to get away with so much more, simply because your kind are ignorant of how much lying and manipulation the people in authority use to blind people just like you from the truth of what they are really doing.

      This same pattern is being played out around the world right now, as it has been throughout history. People in some countries are dying right now as they attempt to fight against the abuses of power of their people in power. Please note however that the danger with the people in power isn't simply that people die because of them. There are many more ways the people in power make everyone else suffer endlessly because of the corrupt manipulative undermining ways of the people in authority.

      History shows this, but you have to be willing to learn to learn!

      So please finally wake up from your closed dream world and finally learn!

    13. A J Stiles
      FAIL

      All very well, but .....

      You might be a law-abiding model citizen now. But what if something harmless that you already do gets banned by a future government?

      Don't tell me you're going to lie down like a good little martyr.

    14. Anonymous Coward
      Thumb Down

      How Naive

      If you have nothing to hide you have nothing to fear chesnut is as pathetic as won't someone think of the children....

      Perhaps we should abandon the secret ballot at elections? After all what are you hiding when you vote? And no the government won't hold it against you when you vote for the opposition (promise) why what do you have to hide???

      Privacy and the right to privacy is the bed rock of democracy otherwise we should ask the storm troopers in and have the police state you are so welcoming of.

      The real debate is why are governements and the legislature are still allowing private companies to create new and wonderful ways to profile, track and capture private data all in search of the advertising dollar completely unchecked?

      There are no controls and no agreed approved frameworks. It is a wild west country where what you can get away with works.

      1. Zippy the Pinhead

        @ How Niave

        "The real debate is why are governements and the legislature are still allowing private companies to create new and wonderful ways to profile, track and capture private data all in search of the advertising dollar completely unchecked?"

        Is that something that needs to be legislated though? I would say no keep govt out of business as much as possible.. because as soon as they can legislate it then they will want to control it!

        I would rather vote with my wallet then get the government involved.

    15. Keith T
      WTF?

      You must live a pretty bland life

      You must live a pretty bland life if you never have anything to hide from anyone.

      Consider all the people who might one day wish to harm you: competitors, your spouse, your employer, kidnappers, clients, rivals.

      Consider that knowing your innocent movements could allow rivals and competitors to gain an advantage over you.

      Consider if you work with battered women or battered children, or semi-covert government departments, or if you work in a high tech or highly competitive industry.

      1. Zippy the Pinhead

        @ Keith T

        "You must live a pretty bland life if you never have anything to hide from anyone."

        Everyone has something to hide.. Social Security Numbers, Credit Info.. you don't have to be breaking any laws to not want your personal info in someone else's hands. You don't have to keep secrets because you are breaking the law.

        And I highly object to the police accessing any electronic devices without search warrants in place before the search begins.

    16. Anonymous Coward
      FAIL

      Do you have curtains?

      Surely if you've got nothing to hide then you won't mind taking all your curtains down so anybody can look in any time they want?

      (Really old point, but one worth repeating)

      You might also wish to consider the fact that anyone who steals your phone now also knows where you live and where you work. They also know that you've got a fair bit of money and like gadgets (you had an iDevice, after all). Therefore your home and your workplace are locations worthy of criminal attention.

      Quote: "Then the data from their iphone is the perfect witness because it cannot tell a lie, it was where it reported it was according to GPS data." - Now that's just silly.

      Ever heard of bugs? Computers can and do make mistakes, especially where 'fuzzy' data sources are concerned.

      Even if this data really was 100% accurate, it's utterly useless as a 'witness' because it's a portable object! You can easily leave it somewhere, or someone can take it from you.

      So it's trivial for the phone to claim that it actually was at the scene of a crime when you weren't, and vice-versa.

    17. John Smith 19 Gold badge
      Happy

      AC@04:06

      ".... you shouldn't be worried unless you have something to hide. "

      The real answer to this is “If you give me six lines written by the hand of the most honest of men, I will find something in them which will hang him” Cardinal Richelieu

      Or more simply

      No need to ask. No need to know.

      If you don't feel anyone's location is no ones business but their own perhaps you'd like to give us yours? Or just you name would be a start.

    18. sisk
      FAIL

      Nothing to fear?

      And that would be why any competant lawyer (or even an honest cop) will tell you not to say a word to the cops without an attorney present no matter what, right?

      Here's a clue: The right to not incriminate yourself is there to protect the innocent, not the guilty. There's a reason it's neccessary.

    19. heyrick Silver badge

      I have nothing to fear, and nothing to hide...

      But you can kindly piss off out of my life. I share what I'm willing to share, and don't share the rest.

      Your pathetic little "nothing to worry about" argument only holds water if you're willing to leave your front door open. After all, if you really have nothing to hide, you'll not mind complete strangers taking a look...

    20. John Sturdy

      Please demonstrate that you have nothing to hide

      Could you give us some real assurance that you have nothing to hide, and are not just bluffing? Please tell us your name and salary, post your past three months' bank statements, the confirmation emails from any online purchases you have made in the past year, your expenses claims to your employer, your medical records, and the location file from your iPhone, in reply to this post.

      What, that's private information? But if you have nothing to hide...

      1. Wize

        Even if you did no wrong...

        ...what if you were just in the wrong place at the wrong time.

        Take an example three identical murders in three towns. They pull all the records and find you, who was there perfectly innocently on buisness. You'd be locked up in no time.

        If it was a set of bomb factories instead, you might never see the light of day.

        But you have nothing to hide...

    21. Naughtyhorse
      Thumb Down

      not so sure...

      All the data really says is that that is roughly where the phone was (using tower locations not gps - rtfa), if you are in the frame for any other good reasons (hence the need for an alibi) then i'd say you were still up shit creek

    22. Anonymous Coward
      Troll

      @AC Friday 22nd April 2011 04:06 GMT

      If you have nothing to hide, why did you post as an Anonymous Coward. I'm an anonymous coward because I understand I do have something to hide.

      If you have nothing to hide, please post on this forum or somewhere else nice and public all your credit card numbers, bank account details, etc.

      Please set up a web-cam in your own home to publish your own activities at home. Don't worry, you have nothing to hide, so you have nothing to fear.

    23. Anonymous Coward
      Troll

      "you shouldn't be worried unless you have something to hide..."

      Obvious troll is obvious.

    24. DF118
      Badgers

      Re: Mmmmm.....

      That has to be a record for most downvoted post ever, especially if you count the four who must have accidentally missed the downvote button.

    25. Maurice Shakeshaft
      Big Brother

      Sad, very sad! and dangerous as well.

      Nothing more to be said, really.

      Big Brother Icon because they can, more easily now with this attitude.

  2. Suburban Inmate
    Big Brother

    I wonder

    Is the reported location of the cell towers inaccurate *but* compensatable if you you (Apple, operators, porkers) are aware of the inaccuracy?

    1. Ian Michael Gumby
      Boffin

      Yo! Suburban Inmate...

      The position of the cell towers are pretty exact.

      First they are at a fixed location and do not move.

      Second when setting up a base station you can get the GPS fix via much more accurate kit than you normally buy. Surveyor kit can be made to be as accurate as 3cm if you take up the time to set up a ground station for 48-72 hours and or tie in to a radio signal from a known location. (accuracy would then depend on how accurate of a clock you have in your instrument.)

      (Use GPS to get a rough position, the use the clock signal from a known location to get a more accurate position based on relative clock timing signals. Over time you can get the mean average position....)

      1. DF118
        Boffin

        Re: Yo!

        As I recall RTK-DGPS can be considerably more accurate than 3cm

  3. FOXXX333

    foxxx333

    If the police can use evidence contained in an iPhone, an innocent person can use evidence stored in an iPhone to counter an untrue allegation.

    1. g e

      but

      if the data is wrong then you have to refute the allegation with evidence of how the data was collected.

      Good luck prising THAT information out of Steve Jobs' Cold, Preferably Dead Hands.

      As if I needed any more reasons not to buy a iThing/SpyThing

    2. Mephistro
      Big Brother

      @ FOXXX333

      Using your phone as an alibi: Why it won't work.

      Let's put this in context by examining the most probable scenarios:

      - Scenario A: You are some innocent citizen going about his or her business, and somehow a cop considers you suspicious. It could be you are of the wrong ethnic group, it could be the cop thinks you looked at him sideways, or he just had a bad day and as a revenge against the universe he wants to make someone else's life miserable. The cop stops you with some silly excuse -if needed- and gets hold of your phone and/or other similar devices. Without a warrant or any judiciary oversight he just reads your phone's data and sends a copy of it's contents to his base. Once there the contents of the device are examined and cross-referenced against a database of crimes. If some part of your data overlaps in time and space with one or several of the crimes stored in the police db. From this point on, the cops have an excuse for 'questioning' or even detaining you, and for examining your life with a big magnifying glass. In case they find ANYTHING else that could remotely link you to a crime, chances are that they'll press charges, so they can make their numbers look better. In this case the prosecutor will present the data in your phone as 'evidence', and most judges and/or juries won't understand why this 'evidence' shouldn't be trusted, as most judges and jury members just lack the ability to understand the logical and technical implications. Your life depends basically on a glorified and extremely expensive flip of a coin.

      - Scenario B: A criminal decides to use his phone as an alibi. Gives it to some chap to take the phone for a walk, and then commits a crime. He is arrested, with the arrest based on other kind of evidence -cameras, witnesses, fingerprints, whatever. When the criminal's lawyer tries to use the evidence in the phone as an alibi, the prosecutor explains to the jury why this is not a valid alibi, and the jurors and most of the judges ;-) will understand it immediately. "He could have given the phone to someone else"

      My point is that this could lead to even worse situations. Let's consider...

      - Scenario C: There is a serious crime. The cops, pressed by their bosses, public opinion or whatever, decide to mount the biggest fishing expedition of all time. " Find an excuse to scan everybody's phone and find people near coordinates X,Y in that date. Oh, and don't erase the files obtained this way, they may be useful some day". From this dataset they choose the most likely -or PR attractive- culprits and arrest them. They might or might not understand why this way of gathering evidence is a farce*, but they'll use it anyway.

      *Note: It reminds me of those old adds in which the scammers offered to make predictions about the Stock Market, and offered the first predictions for free. Both the scam and this way of gathering evidence work the same way.

      "Western Democracies: Boiling frogs since 2001"

    3. Keith T

      Not if you have to be working for police to be told how it works

      Not if you have to be working for police to be told how it works.

      Not if you don't have the unlimited budgets of prosecutors to prove your innocence.

    4. Zippy the Pinhead

      @ foxxx333

      "If the police can use evidence contained in an iPhone, an innocent person can use evidence stored in an iPhone to counter an untrue allegation."

      But who is the Jury going to believe.. the honest Police Officer in the pressed suit and a prosecuting attorney with the financial backing of an entire city or state or You.. the guy who can only afford a public defender just out of Law School? Really? Do you want to take that catch?

  4. Michael Hoffmann Silver badge
    Unhappy

    I think you meant to say...

    "The company, in keeping with its Jobsian obsession with *APPLE'S* privacy *AS OPPOSED TO YOURS*, has yet to utter a peep despite widespread media coverage."

    I'm no Apple-hater, I own an iPhone and a Macbook combined with Wintel systems galore, so I don't play the fanboi games, but this is just really offputting.

    What I'd like to know is whether there are clean-up tools that I can run regularly for my wife's iPhone and mine to remove this data.

    1. Anonymous Coward
      Go

      Cleaning up isn't enough

      If Apple won't tell us where the data goes, then it's time to start actively poisoning that data to see where the mistakes pop out.

      Even just randomizing the timestamps so that you appear to jump thousands of miles per minute would be a good start.

      The really artsy hackers will use it to write their names across the oceans in location plots.

      "Go" because this is the only invitation we'll be getting from infinite loop

      1. Stoneshop
        Go

        "write their names across the oceans in location plots."

        Wowbagger gazed for a moment at the fantastic jewellery of the night, the billions of tiny diamond worlds that dusted the infinite darkness with light. Every one, every single one, was on his itinerary. Most of them he would be going to millions of times over.

        He imagined for a moment his itinerary connecting up all the dots in the sky like a child's numbered dots puzzle. He hoped that from some vantage point in the Universe it might be seen to spell a very, very rude word.

    2. Ilgaz

      cleanup tool can't exist

      apple doesn't allow such deep level running applications on iphone. soon, if this kind of ignorance persists, they will do similar stuff on real apple computers.

      1. sT0rNG b4R3 duRiD

        cleanup tool can't exist

        "approved' cleanup tools can't exist.

        But maybe if one goes 'grey'.

        It's after all a 'nix of sorts underneath. If it's completely rootable, one would imagine one could arbitrarily modify the file, theoretically. Probably even set up a background process that would kill the file every 15 or 30 minutes maybe.

        As a matter of interest, has anyone yet managed to trace the code that actually writes the data? ie what triggers it?

  5. This post has been deleted by its author

  6. Bill Cumming
    Coat

    Before anyone jumps up...

    Yes android phones have a couple of files like the Iphones .db file.

    But in the android's case the data is overwritten after a few days or hours, depending in the number of locations it picks up..

    In my case it goes back 3 days, and I'm in a rural area, in a large city it may only hold the past 24h or less of locations.

    Anyway the android files only hold between 50 wifi locations and up to 200 mobile tower locations at any one time. Root access is required to view them.

    Mines the one with the tin foil lining....

    1. Ilgaz

      symbian must have cache file too

      Of course, symbian must have it too but it must be either temp like your android or heavily encyripted or really secured. There hasn't been any kind of talk about such data, even on hacked (don't ask) symbian phones.

      I suspect it keeps it in ram drive, encyripted and stored to nand when device turned off.

    2. Anonymous Coward
      Anonymous Coward

      Fresher data

      Let's get our thinking hats on for a moment, If cell tower data is overwritten every few days on Android devices it just means they will have fresher timestamps on your whereabouts.

      Why does Google need to timestamp your data if it will get overwritten so often?

      1. sT0rNG b4R3 duRiD

        And then...

        Consider how much storage space your typical gmail account is allowed to have....

        In any case consider how cheap storage actually is these days...

        ...

        They wouldn't do that now surely, would they?

    3. AndyMM
      Thumb Up

      Thanks

      You answered what I was about to ask.

  7. Term

    But why?

    Why would the phone keep such a log for in the first place? What is it being used for?

    1. Fazal Majid

      Assisted GPS

      The reason why the iPhone (and other smartphones) locates you in seconds, when a non-networked GPS takes tens of seconds for its initial fix, is that it has access to almanachs of cell towers.

      The consolidated.db table has the cell data as primary key, not the date:

      CREATE TABLE CellLocation (MCC INTEGER, MNC INTEGER, LAC INTEGER, CI INTEGER, Timestamp FLOAT, Latitude FLOAT, Longitude FLOAT, HorizontalAccuracy FLOAT, Altitude FLOAT, VerticalAccuracy FLOAT, Speed FLOAT, Course FLOAT, Confidence INTEGER, PRIMARY KEY (MCC, MNC, LAC, CI));

      MCC = Mobile Country Code

      MNC = Mobile Network Code (i.e. your carrier)

      LAC = Location Area Code (the controller than handles multiple antennas)

      CI = Cell Identitiy (the actual cell tower)

      This design is inherently unsuited for tracking your position, since it can only store one timestamp per cell. My consolidated.db file only has 2429 rows in it, hardly enough for a proper GPS datalogger.

      1. pcsupport
        Thumb Up

        At last

        A common sense statement amongst the tide of paranoia.

        1. Ted Treen
          Megaphone

          Quite right, pcsupport.

          or can I call you "pcs" for short?

          I'm sure that when number plates (License Plates to the 'merkins) were first introduced there was an outcry, indignant letters to The Times claiming that the Okhrana was coming to England.

          Pretty well ALL governments are skint through squandering our money on idealogical social engineering fiascos, and when you add their natural inherent incompetence, the idea of hordes of spooks tracking every iPhone user in detail through the day(s) is downright ludicrous.

          No more likely than the DVLC keeping a precise location diary of every vehicle in the country.

          Just another "It's Apple - let's knock it & FUD it" story.

          1. PT

            @ Ted Treen

            There is no reason for the DVLC to keep a precise location diary of every vehicle, though they have acquired the ability thanks to ANPR. But that's an argument for another day. I'm touched by your naivette about the "hordes of spooks". Perhaps it's because I'm a 'merkin and live where such things are more obvious, but much spookery is now outsourced to politically-connected private enterprise, the main business of which seems to be a relentless search for more things to track. Government organizations may well be incompetent at delivering public service, but when it comes to looking out for their own interests they take second place to nobody.

      2. Keith T
        Big Brother

        Makes sense, if your analysis is true

        Makes sense as to the purpose of the log, if your analysis is true, which we'll only know if Apple reveals its secrets.

        Surprising that the FBI and other law enforcement agencies in the USA would not have spotted this.

        But keep in mind, even if it only keeps the last entry per tower, that does mean a good record of where you've been recently, and a good record of when you last were at a place.

        To police, to crown prosecutors and DAs, all they need is to catch you in a lie about something anything to make you look guilty.

        A classic case is you give an alibi where you all evening the night of an 11PM killing. Police find someone who says they "thought they saw you" some place at 10 PM. To a jury that discrepancy be as good as a witness placing you at the scene at 11 PM.

    2. Keith T
      Big Brother

      Other articles say the log is transmitted to Apple if

      Other articles say the log is transmitted to Apple if you have the option set for debugging assistance.

  8. morphoyle
    FAIL

    Ironic

    It's ironic that Apple is obsessed with their own privacy, but readily exploits the privacy of it's consumers. I'm also not surprised that a lot of Apple fanbois are already claiming that the issue is overblown. It's pretty much standard operating procedure from both.

    1. g e

      Because...

      to admit their SpyPhone/SpyPad was doing something Bad(tm) would be heresy.

      And of course it would mean accepting that all the told-you-so people they had been defending Apple against for the last forever would be right.

      There's nothing a fanboi abhors more than Being Wrong, except, of course Being Shown To Be Wrong.

    2. chr0m4t1c

      @Ironic

      You do know that this information is collected for *all* phones by the telcos through the network, don't you?

      And you do also know that Android collects this information, but just erases it from the device more frequently and (more importantly) also sends it to Google?

      So far I've not seen anything about Symbian or WP7, but that may follow in a few days.

      On the face of it, this looks like something that's blown out of proportion or at the very least a lot of pot complaining about the colour of the kettle.

  9. Anonymous Coward
    Stop

    That tears it!

    I've shelved my plans for getting a new iPhone, at least until some more consumer protection materializes. I don't care if it arrives by way of

    I had already decided to skip android, seems like things are even less secure there. With AT&T recently agreeing to buy out my carrier, it's time to jump carriers anyway.... I think I'll be going back to a basic feature phone.

    1. Anonymous Coward
      Anonymous Coward

      Edit... was missing a line.

      I don't care if it arrives by way of... government regulation, opt-out or other refined user-based controls. As it sits, about the only thing you can do is to incorporate, pay for the phone through your company and treat it as a "pool" device in all your record keeping.

    2. Ilgaz

      Join my plan

      a very fast 3.5 G S40 phone with J2ME only attached to a netbook (when needed) via bluetooth for using as a modem.

      if you can handle being abandoned , a symbian with kaspersky mobile security with wholly encyripted storage. The extra important files are double encyripted with kaspersky virtual folders. The issue here is, untrustable Nokia who became mistress of a very unsuccessful husband (MS).

    3. soaklord
      Paris Hilton

      Re: That Tears It!

      Get an iphone, jailbreak said iphone, download untrackerd and firewall ip.... sorted. Whether the data is innocuous or not, you now have control over it. As for T-Mob going away, that leaves you Verizon or Sprint... And Windows Phone 7 or Palm if you've decided to pass on iOS and Android... Is it possible that the most secure option is a Microsoft product?

      1. Ilgaz

        It could be

        If host OS and itself is configured right, IE is one of most secure browsers. Don't miss the "If" :)

        Jailbroken iPhone is a serious security risk as no serious security software company will dare to break their ties with Apple shipping products to it. Apple may even sue them. Opensource guys doesn't feel comfortable supporting such a jailed device anyway. They rightfully spend their free time on android and some meego.

        I must be using most advanced security product, a russian made one (no need to adv.) and seeing its options on trial, I said to myself "this can never ship for iphone or winmo".

        Android? Well blame Google, I don't feel comfortable with their products unless that freak takes his words back and they do a very serious privacy/user sanity overhaul. As they will never do it, we better off S40 3G dumb phone. Btw they aren't _that_ dumb.

  10. Anonymous Coward
    Anonymous Coward

    Up to the second tracking "facts" broken to pieces

    but still the same scaremongering... stop with the nonsense already! Can we have Lewis Page reporting this instead? He deals well with FUD.

    Anyway I'm sure the commentards will be happy to know a very similar cache file with the same location and timestamp data of wifi and cells has also been found on Android. Just use the nice tool at

    https://github.com/packetlss/android-locdump

    to get the juicy info.

    If you don't have Android you can read about it at:

    http://www.guardian.co.uk/technology/2011/apr/21/android-phones-record-user-locations

    1. Keith T

      The android cache is a reasonable 1 day max, not Apple's 1 year

      The android cache is a reasonable 1 day max, not Apple's 1 year.

      Apparently they are used to instantly determine the phone's location on request, rather than after the 2-3 minutes GPS takes.

      That said, caching 1/2 hour would be enough, so the 24 hour cache could be made even smaller.

      1. Anonymous Coward
        Anonymous Coward

        Reasonable?

        What makes one more reasonable than the other? Google's one will just have fresher timestamps (and btw why do Google even need timestamps if it's a length limited list?)

        Is knowing the general area you were 6 months ago really such a big problem?

        You're wrong on the 2-3 minutes, that would be in very very good locations. Get a GPS without the assisted bit and stand in a street lined by tall buildings. Or try to get a lock while moving. See how long it takes to get a position fix.

        1/2 hour would do nothing for the purpose of this cache file, which is to make location services as lightweight on the battery (and mapping servers) as possible, that's why both Google and Apple use it (and maybe others, let's wait and see) .

        For 1/2 hour might as well get rid of it altogether.

  11. Bruce Hoult
    Stop

    cops can't casually get this data!

    No program on the iPhone can access this database unless it has root privileges.

    Programs you write yourself, or programs you download, can't do it unless your phone is jailbroken.

    The usual jailbreaking techniques result in a wiped phone, and you have to reload your data from the latest backup on your computer.

    This is not something that a cop can do in a few seconds at a traffic stop.

    The data that people are analyzing is coming form the backup copy on their computer, not directly from their phone.

    I've looked at my own data (http://a.yfrog.com/img640/2665/qso.png) and it shows scattered sites that I haven't ben within 50 or 100 km of. The three across on the South Island, for example, along with the ones near New Plymouth and also the vast number on the east coast near Napier.

    I can explain these by having been flying at altitude in a glider 50 - 100 km away, and/or being high on a skifield on Mt Ruapehu in the central North Island, and my phone being able to pick up cell sites unusually far away.

    A glider flight I made in February, along the far side of mountains 60 - 70 km from Napier:

    http://runkeeper.com/user/brucehoult/activity/24919273

    1. g e

      Ohhhhh right

      So the police can't get at my PC's contents, then if I don't give them my password / power cable / keyboard / etc ?

      And I thought they had scary tools like spare power cables...

    2. Anonymous Coward
      Boffin

      Hmm tell that to the Mich State Police

      You do sync your iPhone right?

      And the copy of your sync is encrypted where only you know the password?

      Option 2.

      Police dump the entire contents of your phone and then go back and look at it in the lab.

    3. Keith T

      Yes exactly what the article says

      Yes exactly what the article says.

    4. ravenviz Silver badge
      Coat

      Thanks!

      Looks like I don't need your iPhone to find out where you've been!

    5. Vic

      Oh yeah?

      > No program on the iPhone can access this database unless it has root privileges.

      Take a look at http://viaforensics.com/education/white-papers/iphone-forensics/cellebrite-ufed/ .

      Look for the bit that says "New Apple iPhone Support (2G, 3G/ 3GS, and iPhone 4 versions jailbroken and non-jailbroken)"

      > This is not something that a cop can do in a few seconds at a traffic stop.

      Cellebrite claim the very opposite. And they are selling kit to police forces. I'd love for you to be right, but I'm pretty sure you're wrong.

      Vic.

    6. Zippy the Pinhead

      @ Bruce

      "This is not something that a cop can do in a few seconds at a traffic stop."

      Really because the impression I've seen on this since the story broke is that the police can read that data before you've even left the traffic stop.

  12. R Cox

    secret?

    "the geographic locations of cell towers is usually kept secret by the carriers who own them"

    I would like some substantiation of this assertion, at least for the US. As far as I know such things are public record as towers have to be authorized and built. It seems to me that a cell tower would be a pretty tricky thing to keep secret. In any case I have had reason to look up towers to work out certain issues. One tool is

    http://www.antennasearch.com/

    According to an NPR story I heard this evening, this file has been an open secret and has been used by law enforcement among other agents. It is a file that, if there is not a good reason for it's existence, should not exist. OTOH, I am not sure how legitimate it would be in court if it has a lot of extraneous data. It certainly is almost the equal to the Google debacle, except that google was stealing who knows how much personal data for no other reason than it was easy.

    1. Basic

      A title

      I can't comment on the US but I know that in the UK, although it's possible to find out about specific towers through planning permission records, etc. the overall network coverage "map" quite closely guarded. The best that has been revealed so far is available here: http://licensing.ofcom.org.uk/binaries/spectrum/mobile-wireless-broadband/cellular/coverage_maps.pdf and you'll note the exceedingly low resolution.

      There have been a number of legal and Freedom of Information Act requests to get more detail but they're all been rebuffed/delayed indefinitely/etc.

    2. Anonymous Coward
      Anonymous Coward

      Cell locations are secret in UK..

      The tower locations are not published in the UK, or elsewhere in Europe as far as I can tell. I spent some time recording cellphone tower locations using Navizon software and I can assure you the cells do not transmit their location, you can work out where they are pretty accurately though. The positioning accuracy you get in a city like London just from cell towers is good, probably good enough to tell you which building you ae in.

      1. Danwold
        WTF?

        Uk cellsite locations

        Are not secret - there's even a handy widget on ofcom's website called 'sitefinder'. Give it a postcode and it'll show you all the basestations in the area, their frequency, power, and the operator/owner. Would post link but cannae be bothered....

  13. Anonymous Coward
    FAIL

    And it seems Android has a similar issue...

    http://www.guardian.co.uk/technology/2011/apr/21/android-phones-record-user-locations

    1. P Zero
      FAIL

      Remember me on this computer?

      Last 50 locations or everything ever? EXACTLY the same.

      1. Keith T
        Jobs Horns

        Exactly 100% different

        Last 50 locations or 24 hours, so the phone can instantly say where it is if asked.

        There is a purpose for that (although it could be shrunk even smaller).

        There is no purpose to a 365 day log. And why is it sent to Apple if you have the support assistance feature turned on?

      2. Anonymous Coward
        Anonymous Coward

        @P Zero No, it may actually be worse

        Storing only the 50 last locations (with timestamps) just gives badly intentioned people fresher data.

        Imagine I've been going daily to the gym every morning for the past 3 months. In Apple's file this would show up as entries for the cell towers near the gym with a timestamp weeks or months ago. There is only one entry per cell tower location and it's very rarely refreshes.

        In Google's case it would appear as entry with the most recent date (today).

        Which is worse?

        I also ask the question if Google is just using the last 50 entries it obviously doesn't need to expire them. So why keep the timestamp at all?

        1. Vic

          Not so sure about that...

          > In Apple's file this would show up ... with a timestamp weeks or months ago

          That assumes that old entries are not over-written.

          I've not yet seen anything that suggests that is the case.

          Vic.

          1. Anonymous Coward
            Anonymous Coward

            @Vic

            Are you doing your own research?

            I guess not otherwise you'd see it.

            1. Vic

              @Hangup

              > I guess not otherwise you'd see it.

              So are you telling us categorically that each cell record only holds the data from the very first time it sees the tower?

              Vic.

  14. Ty
    Jobs Halo

    omg

    You scaremongering fools.

    This is OLD news.

    NO DATA IS SHARED WITH ANYONE IT IS ONLY KEPT ON YOUR LOCAL DEVICES

    I despair at this level of so-called journalism.

    GET YOUR FACTS STRAIGHT BEFORE HIT-WHORING

    https://alexlevinson.wordpress.com/2011/04/21/3-major-issues-with-the-latest-iphone-tracking-discovery/

    1. David Dawson
      Troll

      hit whoring?

      He says, posting a link.

      Funny.

      1. Ilgaz

        and CAPS

        he shouts to real people, individuals to defend Apple, a gigantic company who didn't spare a single mail to defend itself.

        Here is the real issue with Apple security if you understand what I mean.

    2. Hud Dunlap
      Jobs Halo

      OMG yes!

      As pointed out police can already access it. The police are already doing that.

      http://www.thenewspaper.com/news/34/3458.asp

      I have contacted Apple on their product support page and asked them about it.

      I suggest all of the Apple fan boys do the same.

    3. Burch
      Jobs Horns

      So

      It's only shared with anyone who might have access to your phone or computer.

      1. Zippy the Pinhead
        Grenade

        @ Burch - there fixed it

        Your sentence is incomplete... "It's only shared with anyone who might have access to your phone or computer." you forgot: even if you don't want them to have access.

        There fixed it!

    4. handle

      If it's that innocent...

      ...then why on earth doesn't Apple just tell us what you're insisting is the case?

    5. Eponymous Howard
      Go

      You're...

      ...new around here, aren't you?

    6. Random Handle
      Thumb Down

      @Ty

      >NO DATA IS SHARED WITH ANYONE IT IS ONLY KEPT ON YOUR LOCAL DEVICES

      Your location data is shared in realtime by many iOS Apps - and not just for ads and local service provision - any App which uses Flurry (20% of iOS Apps) or similar analytics packages reports your UUID against position every few minutes.

      In October 2010 Flurry boasted that they already had 30TB of analytics data on iOS users.

      The db in question is a sideshow really....

  15. Anonymous Coward
    Anonymous Coward

    And again....

    Just another reason in the long list of reasons to jailbreak your iPhone.

    Once done, get untrackerd from Cydia which regularly wipes your history.

    1. Toby 10
      Thumb Down

      Then the apps have access to the file

      If you jailbreak your phone then there is a fair chance that rogue apps can then get access to the data and transmit it back to their servers. That's assuming that jailbreaking roots the phone.

      Not the best solution.

      1. Anonymous Coward
        Anonymous Coward

        Rogue

        Rogue apps can also hide and transmit your precise GPS location at any time, which is by far worse than what's in this data.

        They can also transmit your contacts, email, browser history, contacts, etc..

        You seriously have bigger problems in your hands if you install rogue apps in jailbroken devices.

  16. mothman
    Grenade

    The Innocent Have Nothing to Fear - Yeah Right!

    Most of the (if you're innocent, you've nothing to fear) brigade are completely missing the point about how their Iphones are tracking & storing location data. If the data is inaccurate then you're potentially in an even more dangerous situation.

    The most worrying thing is one researcher claims his Iphone produced data that showed he had travelled 130 miles to another location. When in fact he had stayed in same location & hadn't travelled on the day in question. WTF!

    Let's say you're arrested, your phone is examined & the tracking data says you were close to the vincinity of a crime... you then have prove that you weren't there! But, but the phone doesn't lie & it's your alibi!

    But if Iphone owners are happy with this, fine... it's all about informed choices. I'm not! So I'd never buy an Iphone, or any device for that matter, that could potentially land me in jail because of buggy code.

    BTW I'm not arguing for storing more accurate tracking data, I'm saying it shouldn't be storing location data in the first place... and the fact that the data is inaccurate just compounds the problem!

    But maybe I'm just being paranoid... we all know innocent people never get sent to prison?

    1. Scarborough Dave
      Stop

      Happy Easter Everyone! and I agree!

      I am more concerned with the data being inaccurate but "plod" thinking it is accurate, I have met a few very educationally challenged "plods" in my time.

      Secondly, we need greater transparency with regard to the data stored on these types of device which often connect to a PC and on third party systems. This needs to have some form of legislation regarding it, from democratically elected officials.

      Finally, from an employment perspective and the use of devices owned by a company that track the movements of employees during work time is one thing, but when the employee uses these devices outside work (as many do), then I expect some lawyers will have fun with defining, who owns the data who has access to it.

    2. messele
      Megaphone

      yeah but...

      If it can be proven (and this would be a systematic situation) that the software will record erroneous values then this could only ever be permissible as evidence, not proof, and therefore not of a great deal of use for legal purposes.

      I think the goalposts as to why this data logging is a bad thing are moving and this far nothing has really stuck for any particularly compelling reason.

      Let's not forget that the background logging of which antennae is seeing your IMEI number at any particular time is far more damning as this would be surely more provable since it's an impartial 3rd party (the telco) that logs the info and law enforcement already has access to this data.

    3. Anonymous Coward
      Jobs Horns

      Missing a very vital fact.

      The database on a single device may not position very accurately by itself, however, when you combine it with a million other reading you get a much more accurate picture. A combination of readings from certain cell towers (does it measure power as well?) would therefore have a very high probability of position. Yahoo were doing this a few years ago, and bought Navizon's database for several million dollars.

    4. Anonymous Coward
      Anonymous Coward

      Probably becuase the phone picked up a signal from a very distant tower.

      It does happen, however, when you are mapping you can ignore the obvious noise and screen it out. People tend to travel in a straight line, at a predictable speed so you can trace your movement with the right software.

    5. This post has been deleted by its author

      1. Vic

        Oh, if only...

        > Since the iPhone is then sole evidence, your case gets thrown out of court

        Go and look up the basis for ear prints being unique.

        Now go and look up how the courts have viewed that "evidence".

        Would you like to do time because a jury, not knowing any better, have taken the word of the CPS' expert[1] witness as being true?

        > Seriously, get over it and use your head.

        Seriously, understand that the odds are against you in a criminal trial. It shouldn't be like that - but we're all conditioned to believe that the police are truthful and lawful. Far, far too often, this is not the case[2].

        Vic.

        [1] Ha!

        [2] I kept a dodgy old motor on the road for *years*. It would have failed the MOT a long time before I scrapped it, if I didn't live next door to a CID officer who told me how to go about getting the certificate I needed...

      2. Zippy the Pinhead

        @ HolyFreakinGhost

        And then the State objects to your evidence and the judge sustains his argument over yours. Why because this type of evidence has been used before in a court of law and yours is unproven.

    6. ravenviz Silver badge
      Boffin

      @mothman

      Looks like it's already established that logged locations are not reliable. Mind you, nor are fingerprints any more.

    7. Anonymous Coward
      Anonymous Coward

      If the data is inaccurate?

      Then what have you got to fear?

      There is now enough evidence from researchers (and casual geeks) to show that the data can be inaccurate. That in itself is enough to make it inadmissible in court.

      And if you've got nothing to fear - how come you're getting yourself arrested in the first place?

      (Also read Alex Levinson's piece - it has important info that is conveniently ommited from the article above)

      https://alexlevinson.wordpress.com/2011/04/21/3-major-issues-with-the-latest-iphone-tracking-discovery/

      1. Vic

        *Really* stinky bait

        > how come you're getting yourself arrested in the first place?

        People get arrested. Many of them are completely innocent.

        I was once arrested in Germany on terrorism charges. They went through all my possessions and called every single number on my contact list before realising that I was indeed the service engineer I'd told them I was, and the kit I was carrying was what was necessary to do my job, rather than the bomb they had assumed it might be.

        I got a very contrite apology and a little letter to show anyone else who tried to stop me (although no-one did).

        But having men point guns at your head when you're as hung-over as I was is really quite disconcerting...

        Vic.

  17. Mr_Souter

    it tracks more than just your location

    there is another table in the same database - wifi locations, that shows the MAC address, timestamp and location of seemingly all wi-fi hotspots encountered (if you have wi-fi enabled obviously)

    not seen anyone mention it - so thought i might as well :D

    1. Anonymous Coward
      Anonymous Coward

      MAC addresses

      OH MY GOD, call the police. Your phone is storing MAC addresses. :-)

      1st thing: the MAC addresses are not the ones your phone sees, they're fetched from Apple's servers. Researchers like Christopher Vance have seen that even a brand new device that never left his building had MAC addresses from all over his city.

      2nd thing: It's stored even more rarely than the other table. Probably only one actually uses location based apps.

  18. Anonymous Coward
    WTF?

    Much ado about ... nothing? .. or is it?

    If you want a *smart* phone, this is one of the ways in which it is smart.

    Now granted, if this file is *never* accessed for use by a phone application and is purely there to be 'sent back to home', that is a problem.

    But if it *is* used by applications which provide you with location based information then that is the price you pay for 'smartness' ...

    *HOWEVER* - can anyone recall a dialogue box during phone setup prompting the user to agree to location storage?

    I've certainly seen it in applications, but never in the core OS during setup.

    Google and Apple need to provide us with valid reasons as to why this information is stored and tell us if the user *has* been made aware that this storage of location is taking place - via their mobile provider, or EULA.

    Above all else, the user should *easily* be able to opt-out - even if that means some core functionality of the device is lost.

    There's a serious issue of trust bubbling away - and one way or another, the device manufacturers need to give us answers NOW.

    Of course, we'd all be rather embarrassed if this information *was* disclosed in an easily accessible EULA - but then again, one would hope the researchers who gave us this information would surely have researched that first?

  19. amanfromearth
    Alien

    I know what this is

    "One region that seems to regularly pop up in files stored on multiple phones is an area just outside of Las Vegas"

    Area51

    All your GPS data are belong to us

  20. Zobbo
    Jobs Horns

    Yes, there's FUD

    Coming from the usual Apple apologists. Imagine the difference in reaction from certain people if it had been a Windows phone.

    1. Anonymous Coward
      Anonymous Coward

      The difference

      Is if it was a Windows phone it would be including your exact location plus all the software packages you have and if they are properly licensed.

  21. David 45

    Where am I?

    The phone's location does not necessarily give the owner's location. Can imagine a bit of deviousness being applied here.

  22. Mickey Finn

    Your little "aside"...

    Dan Goodin wrote...

    "The company, in keeping with its Jobsian obsession with privacy, has yet to utter a peep despite widespread media coverage."

    Surely what is good for the goose, is good for the gander?

  23. Purlieu

    "you shouldn't be worried unless you have something to hide"

    Better ask Ann Frank about that

    1. Anonymous Coward
      Anonymous Coward

      Better ask Ann Frank about that

      If that happens again we've all got someting to fear, not just iPhone users.

  24. Steve the Cynic

    Here's some letters. Do I need digits, too?

    Dudes, get a grip. OK, someone said the data is to help the GPS subsystem lock on quickly. Cool. One record per cell. Cool. (Maybe there's something non-cell in there, like a WiFi locations or something, who knows... And not quite so cool, because it has to query something out there in the big Internet for that because WiFi MAC headers do not include location information.)

    And clearly cells do not always provide the right location. I remember one time sitting in St Pancras waiting to get on Eurostar, powering up Google Maps on my (as I had then) Samsung Omnia, and being surprised to learn that it thought I was in southern France, vaguely near Geneva. So that's why the phone sometimes logs bogus location information, and why it provides tighter resolution in densely built-up cities (more cells, smaller "this cell is closest" circles).

    As I said elsewhere this morning, if you have something to hide, **hide it**. Leave the phone at home, encrypt the data on the PC (Itunes lets you do this), or just don't sync it with Itunes...

  25. Anonymous Coward
    Anonymous Coward

    Lantern

    What's the betting it harvests the wifi geolocation database and GPS/time data from the EXIF metadata in the library of JPEGs on each phone too?

  26. B_K
    WTF?

    Location Data totally wrong in my case

    Well I checked this out on my iPad (WI-FI and 3G model so it has cell tower info) and it's *totally* wrong on the locations shown.

    It shows it's travelled West to Exeter, North East to Andover, East to Portsmouth and some totally random places in between. None of which are true. Even better, there is not one single entry for the two locations it spends 99% of the time at. Unless it's secretly teleporting itself, then coming home in time for tea, the location data in my case is totally meaningless...

  27. Conner_36
    Unhappy

    Pay attention...

    Like hell we were not told. Maybe you were too busy looking at the distortion field. It was in the keynote when they talked about iOS 4. Two API's, one gets old info, the second gets current info.

    Does anyone actually understand how location API's gather the info? To save battery life, when it's convenient, the phone records location data so that apps requesting location don't have to use the GPS all of the time.

    My only 'suspicion' is why there is no preference like a history panel with controls for how long it keeps the data.

  28. Xpositor

    Take a look yourself

    Instructions on how to dump your log in to Google Earth (if you're on Windows) can be found here: http://bit.ly/hZKaMu

  29. Chuckygobyebye
    Boffin

    Sounds like GSM localization

    From the description it sounds like the file is logging data derived via GSM localization. My iPhone 2G doesn't have GPS but it can tell where it is by triangulating on cellphone towers, which broadcast their coordinates.

  30. Mike 102
    WTF?

    mine had me over 100 miles away

    I checked mine out and it has me in Northern Island and the Isle of Man. I've not been to either since I got my iPhone. However, when I was recently walking in north wales my phone did lose signal and then show it had gained the signal of an Isle of man network. I was impressed as the IOM is 70 miles from where I was. Seeing Northern Island in my iphone location list which was more than 100 miles away was impressive.

    I'm not worried as I have no reason to hide my location from anyone. Though I could see some people would be. I'm sure in places of higher density of cells it would be more accurate.

    1. Andy Livingstone

      Geography 101

      Is that Northern Island as in New Zealand or is it meant to be "Northern Ireland". If your phone can reach masts in New Zealand and the Isle of Man at the same time, please can I have one? If not, please be careful where you end up when next booking travel tickets.

  31. D Moss Esq

    White papers, please

    A. How good is location-detection based on mobile phone technology? I took a look, way back in May 2003 [1] and came to no conclusions. Time for an updated El Reg special report on the question written by someone who knows what they're talking about?

    B. We have all learnt the mantra about personal identity, "something you are, something you know, something you have" [2]. Could we add to that "somewhere you've been" or, at least, "somewhere your phone's been"? Another white paper, on "does location identity have legs" [3]?

    C. Re the location of radio masts, it's not hard to find this information. Here in the UK, Ofcom will tell you how many phone masts there are in the vicinity of any post code [4]. There are 55 in the immediate vicinity of the Savoy Hotel in London, for example, and 753 not so far away.

    ----------

    1. Please see http://dematerialisedid.com/BCSL/29%20May%202003.pdf Section 4.6 starting on p.26.

    2. Or "something you were, something you've forgotten, something you've lost", as Dave Birch puts it.

    3. Please see http://dematerialisedid.com/BCSL/29%20May%202003.pdf Section 4.9 starting on p.31.

    4. Please see http://www.sitefinder.ofcom.org.uk/

  32. Awordy
    Black Helicopters

    Forget the Police

    Sure they already have access and use it in lots of totalitarian places to determine who needs beating.

    However this gives amazing help to anyone in the private sector to mean to pay for a surveillance team. Sure it isn't perfect but its a lot better than nothing. All I now need is access to an individuals phone and I can start to build valuable data. Give me access twice and I can clean the file once and start to build a detailed picture of what happens between accesses.

    Are you concerned ,your employee is interviewing for a job elsewhere, that your wife or husband is not telling you the truth, or that your aunt Mabel is wasting your inheritance at the dog track?

    Those people who trivialise this are plainly stupid, it is a bad thing which will be used for bad purposes.

  33. JeffyPooh
    WTF?

    Cell tower locations "secret"?

    That's obviously not correct.

    In fact, aren't the locations broadcast by the towers to aid non-GPS locating?

    On a different scale, the locations are filed publically with the government regulating agency. Multiple organizations siphon off the data for various purposes.

    Finally, not even 1% (?) of cell towers are stealthy. Most are clearly obvious and their locations are not secret by any possible description.

    1. Vic

      Stealth...

      > not even 1% (?) of cell towers are stealthy.

      I saw one on the news a while back. They'd "disguised" it as a tree.

      It would have been fractionally stealthier to have painted it bright red and hung a pennant from the top declaring "This is a phone mast".

      Vic.

  34. Anonymous Coward
    Coat

    uselsess....

    the fact remains that the info is there and with no official word from apple why its there of if it sends that info off anywhere it should be treated as a risk.

    As far as the police and other enforcement agencies are concerned, because we know the data is there, then we can manipulate that data to hide so called facts, it makes the data useless. as stated in posts above, hackers will soon be writing their names across oceans and tools will soon be available for everyone To play, you too can place a time and location stamp to place you at 32.778880, -96.808718 on the 22nd November 1963... the data is now useless to the police. even more so now that we know the data is inaccurate.

    Also, the data only proved where your phone was, they need to then prove the phone was in your possession at the time. like a record of your phone calls or text messages or new entry on facebook/twitter that matches up with your phone location....

    the data is most likely there to help advertisers target adverts better, what's the point an placing an advert for restaurant that's over 50 miles away from where you are? it will be able to target adverts better relating to where you are or where you have been and where you will probably go again...

    mines the one with the built in Faraday cage in the pocket to stop my phone from publishing its location....

  35. IglooDude

    Hmmm

    It seems like if they want to nail down whether the locations are of users or of towers, all they'd have to do would be to take a boatride (a fair bit away from shore) and then examine the resulting data points?

  36. Alien8n
    Black Helicopters

    Reminds me...

    I used to work for a firm that did GPS tracking of trees, but there was an application being tested on similar kit to ours by a professor in Sunderland. Police tried to do him for speeding, but as he was testing his GPS kit at the time he was able to use that as evidence and prove he was within the speed limit at the time the police were trying him do him for.

  37. Anonymous Coward
    Boffin

    @Ty

    Ah, to be a technically illiterate fanboi like yourself. The world must look like one pretty garden.

    As the Wall Street Journal reported yesterday, "Apple Inc.'s iPhones and Google Inc.'s Android smartphones regularly transmit their locations back to Apple and Google, respectively, according to data and documents analyzed by The Wall Street Journal—intensifying concerns over privacy and the widening trade in personal data.".

    http://online.wsj.com/article/SB10001424052748703983704576277101723453610.html?mod=WSJ_hp_MIDDLETopStories

  38. alain williams Silver badge

    Data Subject Access Request

    It would be really interesting to hit Apple with a Data Subject Access Request - it would cost you £10 and Apple would have to give you a copy of all the data that it has on you within 40 days. That would show up if any of this data ends up on Apple's servers.

    I don't think that Jobs would be too pleased with this, but it is a right that we have in the UK.

    I don't own an iphone so I can't do it.

    Any of you tried it ?

  39. Anonymous Coward
    Linux

    CHMOD?

    So, if I jailbreak my phone, login as root and chmod this file to 000 will that stop it writing to the log file whilst not throwing nasty errors all over?

  40. Anonymous Coward
    Black Helicopters

    Interesting...

    "“We both have the exact same data point in Vegas, and neither of us have been,” he said."

    Same data point, same time?

    Hmmm. Do I need to spell that one out for you?

  41. Anonymous Coward
    Grenade

    Trust me, it's harmless

    Yes, folks, Apple tracking your location is harmless.

    We'd never tap into that info and it can't ever harm you. Even if your imprecise location might indicate "which side you are on" or where to aim our artillery. After all, doing so would be illegal.

    regards,

    Muammar Muhammad al-Gaddafi

  42. Graham 25
    FAIL

    Too many halfwits here

    If the data is unreliable, as seems to be the case, forget the use of the data for legal purposes. Any half decent lawyer would be able to show from any other log that there was no guarantee 'beyond a reasonable doubt' that the data was accurate, and so none of it could be relied upon.

    You simply cannot say someone was in Las Vegas using such a log, unless you can show that the person was in every other location in the log and there were no errors.

    So put the 'oooo I might go to jail' argument aside - its puerile.

  43. Herbert Meyer
    Flame

    an app

    Since Apple users are sheep, they would be happier when they are surrounded by other sheep. So my app idea is a Location Coolness score, by the local density of Sheep (other Apple users). This data makes the job pretty easy.

    So a Lady GaGa concert would be a really Cool place, and shopping for tires at WalMart Not Cool at all.

    1. Anonymous Coward
      Anonymous Coward

      hey

      if it would keep me away from WalMart's tire section and from clueless haters like you I'd sign up for it.

      Maybe we can do an app that uses both Android's locations file and the iPhone's and would then instruct each camp on where to go to make sure a safe distance is maintained.

  44. NozeDive

    dont forget the telcos

    I am an officer on a private police force. Recently, the local "public" police force called us to give us a tip on a missing person. A run away child was shown to be in our facility , as determined by examining the data pulled from her phone's GPS (although it's not a smartphone) and call tower data, all stored AT THE TELCO and not on the cellphone itself.

    So, I think this is rather moot when it comes to the cops looking at this file because they have easier, more accurate methods, assuming they have a warrant or court order. Apple, on the other hand does not need a court order to see this data.

  45. ortunk
    Stop

    Will Clarke should read more closely

    Will Clarke should have RTFM, the application's web site clearly states that they skew the data intentionally, to keep this software being used by script-kiddies. The points are supposed to be way off.

    QUOTE : http://petewarden.github.com/iPhoneTracker/

    ...

    To make it less useful for snoops, the spatial and temporal accuracy of the data has been artificially reduced.

    ...

    END QUOTE

    1. willclarke

      Or.........

      ...you could have read my blog post, where I describe how I used the raw data from consolidated.db to make my conclusions.

  46. Version 1.0 Silver badge
    Happy

    Where there's paranoia - there's money

    App idea - an app that runs when the password is entered - it prompts for a second password - you can enter either the right password whereupon the app exits, or the wipe password which deletes everything.

  47. Anonymous Coward
    Stop

    Eye opener

    You think having nothing to hide means you've nothing to be afraid of? See why a cop and a law professor agree that you should not talk to the police.

    http://www.poetv.com/video.php?vid=40708

  48. The elephant in the room

    If you use mobile phone, any mobile phone, you can be tracked.

    All phones can be tracked to within a few meters by triangulating their emissions. If this was not done it would not be possible to move between cell towers while on a call. This data is logged by the networks and those logs can be accessed by the authorities if they obtain authorization, or if they just do it anyway.

    Also the web pages you browse are logged by ISPs, so if you look at location-specific content on your phone there is another record of where you are, along with the web history file in the phone itself.

    So this new tracking file is simply another way for a third party to establish where you've been, seemingly less accurately than methods that were already available. Admittedly access to the logs of service providers is restricted, but anyone who has access to the phone can look at its browsing history.

    Its not that there is nothing to worry about, but I don't see there is much new to worry about.

  49. Daggersedge

    Learn to hide!

    If you have something to hide, then learn to hide it. If you think you might have something to hide, then learn to hide it. If you just want to protect your privacy even if you don't have anything to hide at the moment, then learn to how to hide.

    Don't expect the technology you buy to do your work for you. Don't go around like wide-eyed fluffly little bunnies expecting that Apple, Google, any business, the police, governments, etc, were going to do you any favours. Acting all shocked that someone can track you by your mobile phone is the same thing as acting shocked that the local curtain-twitcher can keep track of when you leave and return home.

    Get smart: not only should you learn to hide, but you should learn to turn the technology against them. Plant your phone on someone else. Swap phones with friends. There are many things you can do, depending on what your plans are and how proactive you want to be. Expecting someone else to look out for you, though, means you'll always lose.

  50. Wang N Staines

    so

    1. the location logging inaccurate, so let's say it is 3 miles out

    2. a crime was committed at some location

    3. the cop asked you where you were when the crime was committed

    4. you said that you were nowhere near there, in fact you were 3 miles from away from said location

    5. the cop examined your phone, and it said you were there

    6. you go to gaol

    I rest my case.

  51. Anonymous Coward
    Anonymous Coward

    Amazing

    Again, some people immediately go to the 'not a big deal' response again without knowing why this data is being stored in the first place and with no way to turn it off. Just amazing

    1. Anonymous Coward
      Jobs Horns

      Not a big deal.

      Change your alibi. Not that big of a deal.

      Steve

      Sent from my iPhone

  52. Anonymous Coward
    Anonymous Coward

    Take tracking off iPhone

    Any device which got Apps store will automatic get track of your location including the latest Android phone, so what happen with iPhone is nothing new!

    Lots of users can't be bother to sit down and learn all the phone's settings. Under setting click off location service ... no Apps can track you!

    If anyone who is absolutely paranoid then switch off the cellular network, your phone will disconnect all together from the internet.

    It's all under setting, I don't know what the fuzz all about. Apple already done the ground work when iOS came out .... it is the end users need to learn how to use the phone.

    Also under setting in iTunes users can delete & write over any backup data store in iTunes.

    Happy days

  53. Dave 120
    Thumb Down

    No one needs this info

    The police don't need your phone. If they need to they can access the cell site info from your carrier which is probably less prone to thinking you're in Vegas periodically.

    And if you're of that much interest to them they'd take your phone for forensic examination chances are they already have.

  54. Anonymous Coward
    Big Brother

    Horse, stable, bolted, long ago

    Why would the notional 'big brother' go to the trouble of having to physically get access to your phone and hack it when they could get the same data much more easily from the telcos, along with the same information for all your non-iPhone carrying associates? (Yes, iPhone-less people do still exist). Your iPhone might know where you are, but your telco knows even better.

  55. Will Godfrey Silver badge
    Unhappy

    Never mind the cops

    If 'they' can get the information you can bet a lot of even less pleasant people can get it too.

  56. DrXym

    I imagine logging works this way

    Phone connects to a base station, base station sends it's id, longitude & latitude info back in the call, that info gets logged. If there is more than one base station in the area, the others can be used to do a rough triangulation. If a station were sending the wrong values it might wildly affect the triangulation. If the phone is 3G connected or GPS is enabled the location might be refined further.

    And yes it's has incredibly serious repercussions. I can well imagine husbands & wives surreptitiously feeding the info into the app to see where they've been; phone thieves using it to see when someone is away from home; infected PCs stealing that data now; government investigators using it to plot movements of suspects.

    Basically it tracks users. It should be simple enough to fix the issue, e.g. by not storing the info or only holding it in a transient table which is not backed up and does not survive a reboot. But it's a worry that phone devs don't think of these things at the very beginning. Maybe if someone asked the engineer who wrote this they might say they did it to optimize location information, or handover efficiency but the fact it's such an infringement of privacy means it needs to be fixed.

  57. Andrew Moore

    Food for thought...

    Last time I stored a large amount of coordinates, I applied an algorithm to them to change each set by a random (but re calculable) amount- This was in order to stop people nicking the data but at the same time make those that did want to pinch it believe that it was stored unencrypted. I never thought of injecting false data (Las Vegas)- I must add that to the next version.

  58. Dapprman
    FAIL

    Pointless Information for Law Enforcement

    If the police want to know where you were by your mobile phone, they just need your number and provider then the go directly to the telcos, where they can get exactly the same information and more from their logs regardless of what make/model your phone is.

    I'm not an Apple fan, but this is just paranoia for paranoia's sake.

  59. Joe Montana

    Cops...

    As if the cops are going to go to all the trouble of seizing your iphone (which you will notice) when they can just get the mobile operator to track you (which you won't notice and might continue incriminating yourself while being tracked).

  60. Sean O'Connor 1
    Black Helicopters

    you sure?

    @SuccessCase

    While I agree that I don't think that devices should keep a record of your movements unless you've told them that it's OK to do so, I think you undermine your argument when you say:

    > if you have no appreciation of how, historically, advanced civilized and democratic countries have been transformed into totalitarian regimes

    I don't think you need to bring in loony conspiracy theories to win this debate!

  61. Anonymous Coward
    Anonymous Coward

    Hmmm

    I leave my mobile at home. Track that. If it's even on.

  62. TheOtherHobbbes
    FAIL

    Well then

    Radiation spraying all over a First World country that happens to supply many IT components -> Reg says happy clappy, No Problem.

    An iBlob comes with a free buggy, unreliable low-precision database that says you might have been somewhere, more or less, at some time, but which is so unreliable it would be completely useless as court evidence - Reg says OMGWTFBBQ!

    Fail.

    Not that I'm defending Apple here. I don't want my iPhone to collect and store data about anything I think, say, or do, unless it really, really needs to. For a very good reason.

    Even so - let's have some perspective and common sense in the reporting, please.

  63. Anonymous Coward
    Big Brother

    Other Governments?

    So you're overseas. Having a quiet dinner. Having nothing at all to do with that protest occurring a dozen blocks away from the restaurant. You probably didn't ever hear about it.

    Until you try to return home ... and your phone log puts you 'in the vicinity'.

    Nope. Nothing to worry about at all.

    Hey, on the plus side ... I hear political dissident cells are lovely this time of year!

  64. Matt Bryant Silver badge
    Boffin

    Apple = commercial.

    I was going to read all the comments before posting, but after the first page of paranoid delusions I just skipped straight to posting. So apologies if someone else has already pointed this out and I missed it in the deluge of hysteria.

    Apple is a commercial company, not a secret arm of the Gubbermint. Everything Apple does is to make money, period! Giving up your location to the cops/FBI/NSA does not make Apple a profit, if anything it could mean they get sued, so I don't think socila responsibility was high on the Apple business case. You're also forgetting that the authorities can simply ask the carriers for records of all the cells your mobile has talked to in a period.

    I'm betting the this is linked to locational-based advertising in searchs, either for current Safari searchs or for a future product Apple is bringing to market. I'm betting the reason there are gaps in the databases are because the owner simply wasn't near anything that Apple thought worth advertising (in reverse, this explains why there would be thousands of hits in a city due to all the stores, shops and resteraunts). And by "worth advertising", I'm thinking in the Google terms of "pay-me-to-get-your-place-as-the-top-search-result". Given the widespread adoption of Apple mobile devices by the fanbois, it would seem that Apple are sitting on a potential goldmine if they can monetise the location information.

    1. J 3

      Exactly

      Exactly what cynic me was thinking too: "I smell ads linked to this". Will we ever know, tough?

  65. sisk
    Joke

    Not suprising

    "...Apple isn't taking privacy seriously."

    In other news, the sky is blue.

    All joking aside though, this is a pretty serious issue. Not as serious as some are making it sound (after all, you have to have access to either the phone or a backup file from it to make use of the data), but still quite serious. As for the law enforcement angle, under no circumstances should that kind of data be made available to cops.

    Now don't misunderstand me. I have a lot of respect for cops. They do an extremely tough, thankless, and vital job in our society. However they have the unfortunate tendancy to use everything that points at the person they think did the crime to prove it, even if that person is innocent. The inaccuracy of this information makes this even more of a concern. You could be two blocks away from a crime and your phone can show that you were at the scene. If for some reason a cop suspects you, that could well be enough to sink you.

    And that doesn't even begin to touch on the political enemies of abusive authorities. In those situations it would be easy for entire groups of political enemies (plus dozens who just happened to in someone's contact list) to be wiped out. All they have to do is catch one of the group, identify a likely location for a meeting based on his tracking data, then go through his contact list checking other people's phones to see if they were at the same meeting. No doubt in this process a lot of innocents would be nabbed as well, but that type of dictator won't be concerned with that.

    1. Anonymous Coward
      Anonymous Coward

      Actually it is surprising

      "...Apple isn't taking privacy seriously."In other news, the sky is blue. "

      Can you produce actual examples of this issue or are you just talking out of your ass?

      1. sisk

        Note the joke alert icon

        That is all.

  66. Yves Kurisaki
    Troll

    Lala land

    They've been able to track people's whereabouts from the first day a mobile connected to a mobile mast. You really don't need databases on iphones all of a sudden to do that. You must be living in lala land to think no one can track you.

    And for the Android people who think they can claim the moral high ground..

    http://m.guardian.co.uk/technology/2011/apr/21/android-phones-record-user-locations?cat=technology&type=article

  67. Narg

    Opinion...

    This article is 100% opinion. 0% fact. Keep that in mind.

  68. J 3
    Badgers

    The fanboys are not being logical...

    I don't much care, since I don't have a smart phone anyway. But it's an interesting situation, and the fanboys are contradicting themselves, it would appear. They say, repeatedly (you'd think they are being paid by the post, or that they are unemployed and have all day...), one of two things:

    a) the logging is needed for the proper functioning of the phone, or some subset of its functionality at least;

    b) the logging is so wildly inaccurate this is not an issue.

    Now, has anyone seen the problem there? Or are you saying the bloody thing does not work to begin with? That would be the only logic conclusion, if both a) and b) are correct.

    And by the way, and as noted above by a fellow commentard, the tool released by the researchers purposefully makes your data inaccurate so script kiddies can't easily use it (RTFA, the original one from yesterday). So, unless you tell us how you examined your phone's data, your statement that the data is inaccurate is as reliable as a politician's campaign promise. Although some of the inaccuracies reported here seem much larger than what the tool makers said they introduced, sot who knows.

    Anyway, back to your regular program...

  69. Bizlaw

    How about adding Google to this mix?

    I don't think it's much of a surprise that your phone keeps a record of your location, especially when you have location services built into the OS and apps.

    But how about railing on Google for its Android software talking to the mother ship several times an hour with your location data, unique phone ID, etc.?

    http://online.wsj.com/article/SB10001424052748703983704576277101723453610.html

  70. ManUtdUSA

    Vegas?

    The reason for this erroneous location info is probably caused by hitting the WiFi on a plane which then registers as a Vegas address.

    I checked my locations about six months ago and had a single log of a visit to Fort Lauderdale Airport, which I've never been to.

  71. Anonymous Coward
    Anonymous Coward

    I love the commetards

    Everyone has an opinion, but no one even bothers to check or even learn about anything.

    No wonder the world is so fucked up as it is.

    The media can feed you people just about anything they want.

    That's the truly scary part of it all, not ridiculously harmless cell tower cache tables.

    1. Ilgaz

      Alex Jones, the real paranoid guy says no big deal (serious)

      Alex Jones says "they were doing it for years with any cell phone shipping since 2001, this isn't only Apple". Any Americans to talk about telecommunications act of 1997?

      Lets not forget, Apple could post a statement to their website and hire an independent, serious investigator about consequences of such data.

      If they mute like that, the noise will grow of course. Don't forget the general, non tech public barely understands how they are able to make such a device let alone some xml files.

      iPhone and Android, Symbian are general public targeting devices. It seems everyone (including vendors) sometimes forget this.

      1. Anonymous Coward
        Anonymous Coward

        No point in trying to reason against a firehose of histeria

        Anyone who's been the target of any kind of mass media attack knows it's just not enough to post facts. People would just say "the research was paid for by the company" or what have you. It could even make things far worse.

        It's far better to wait for a little while and see how it plays out, in the meantime keep a few journalists and particularly editors on speed dial. That's why the media loves these sort of news: suddenly they can get the attention of big companies and may break a few ad deals out it.

        They just wouldn't listen to reason.

        Yes I've worked at a big financial newspaper (in IT) I know the kind of crap that goes on. We even had journalists routinely doing coke at work, it was all completely fucked up.

  72. Walt French
    Happy

    Did the Headline Writer read the story?

    Headline says “it's not harmless and here's why;” the story says if Apple would only speak up there'd be no problem.

    The only logical conclusion is that Apple's silence is what outrages the Register. What sense does that make?

    And if indeed you don't like the idea of this data getting out— I don't — the Register has grossly neglected the trivial steps to prevent it:

    1. Take Apple's advice on password-protecting your phone.

    2. Take Apple's advice on how to encrypt your iPhone backup files on your PC.

    3. Realize that there are probably a dozen OTHER files — recent phone calls, address books, web cookies, more — that are MORE sensitive than your location history. Keep your phone out of the hands of people you don't trust and encrypt or erase.

    Of course, the Register has never been much for proactive how-to stuff; mostly it's a place to take cheap shots at others' work. “Whoring Link-bait,” as it's sometimes known. So the logical inconsistency in fact makes sense: the Register doesn't need you to know anything, as long as they can get you worked up.

    1. Ilgaz

      what about this?

      What about keeping the backup in encyripted form by default, like everyone's popular hate object Nokia/Symbian does with a freaking 300 mhz ARM processor?

  73. Buzzby
    Big Brother

    secret ballot at elections

    There is no secret ballot, every ticket is marked with your ID before it is handed to you. A quick check by the appropriate authorities afterward will show how you or anybody else voted. QED.

  74. Martin Usher
    FAIL

    Inaccurate? That's funny...

    My daughter posted a link for me way back when she was traveling between Arizona and California so we could estimate her time of arrival. There was some inaccuracy between her and her husband's phone due to clock differences but this just told us how fast they were driving.

    What this link was subsequently able to do was track the phones to the in-law's house in Alberqueque -- not just to the general location but I could see exactly what part of the house the phones were in.

    These were Blackberries on Verizon's network rather than Jesusphones but I think the basic idea is the same. A phone knows exactly where you are.

    Cellphone location data is used by the radio stations in Los Angeles to estimate urban traffic flows in real time. They were using this yesterday to track rolling street closures due to a visit by the President.

    So don't worry about misuse of phone information -- panic.

  75. kmitchell3
    Jobs Halo

    That's the purpose

    My Canon DSLR has geo-location on every photo I take. My iPhoto software uses that information in its 'Places' library. I'm screwed.

  76. Martin Maloney
    FAIL

    You folks don't get it, do you?

    If a government announced to its citizens that it was implementing a program to track everyone in real time, and that everyone would be required to pay for the tracking device and to pay a monthly fee for this "service," then people would be outraged.

    However, if the tracking device can be "upgraded" to mimic the functions of a telephone, and if the device can be marketed as the latest "must-have" toy, then people will voluntarily adopt the tracking technology. Further "upgrade" the tracking device to a "smart phone," which mimics many of the functions of a computer, and people will fall all over themselves to spend hundreds of dollars for the device and for the "service."

    Gee, it used to be that only rich people could afford mobile phones? Isn't life better now? Yeah, right.

    As soon as you get a cell phone, you surrender to the matrix. So what is the big deal about the latest iPhone gambit? Cell phone providers already track the locations of cell phones. (After all, that's what makes it possible for them to route calls.) They also log the from and the to locations of the calls.

    Apple is merely taking it to the next level. Apple is the Borg, and resistance is futile. Yes, it makes you feel good to vent, like any form of masturbation. So go ahead and express your outrage, if you're having fun doing so. Just don't expect it to accomplish anything.

    You bamboozled yourselves into trading away your privacy. You bargained with the devil, and you lost.

  77. John Smith 19 Gold badge
    Thumb Down

    It's not about location, it's about *control*

    Did *you* ask to have this (growing) file stored on your machine?

    Were you told its there and what it's used for?

    Can you disable it if *you* don't like what it's being used for?

    Apple seems to like a *lot* of control. They don't like openness and transparency. Something which (had they acted *promptly*) would defuse their growing PR problem.

    But to be fair that could be said of *lots* of large corporations. Funny how "Nothing to hide, nothing to fear" doesn't cut much ice with them isn't it?

    1. Tom 38
      Stop

      You have control

      Turn off location services on your phone.

      On the other hand, even if you do this, the Bill can track your cellphone location simply by requesting the information your telco. Much easier than hiring a forensics guy to extract the information from a particular phone model.

  78. LPF
    Paris Hilton

    Wowo all the bitters for the "Nothing to hide" Poster

    You do know he posted it to wind up the tin foil hat brigaded dont you ?

    As for this file,Unless the data is somehow transmitted back to apple, then they have to nick your phone to get where you have been anyway. I posit that anyone that intreated in you would have been following your ass anyway!!!

    Paris becuase she can spot when The Reg is posting bollocks articles to get click responses FFS

  79. Anonymous Coward
    WTF?

    Harmless

    How come the heading says it isn't harmless, but there is nothing in the article that actually backs that statement up?

  80. Gio Ciampa
    Coat

    My favourite line of the article

    "suggesting the iOS code that logs locations may be buggy."

    Obviously written by the alarm clock team...

  81. Adrian Barnett
    Thumb Down

    Position triangulation data

    The positions logged clearly aren't GPS accurate, and they're also not mobile phone base station (towers) positions. It looks more like a log of positions triangulated from the base stations the phone is within range of, like when you ask the phone to show your position without using GPS. It can be tens of miles off, depending on the quality of signal it's getting at the time. The log on my phone showed points up mountains and in the sea, as well as within cities that I've only ever driven past. It's more like throwing darts at a map than actually "tracking" you in any useful way.

  82. Anonymous Coward
    Anonymous Coward

    Data is always used against you.

    Data, and tracking in general, is never used for your benefit. All data is used against you. Any circumstantial evidence that can be used against you will be. Circumstantial evidence that supports your exoneration is ignored, or claimed to be falsified in some way. Governments are in the business of prosecuting, not exonerating -- unless, of course, the accused is an agent of the Government: then anything goes.

  83. Henry Wertz 1 Gold badge
    Joke

    Is it Area 51?

    This area in Nevada? Is it Area 51 by any chance?

    Regarding cell site location -- carriers may keep this data private, but 1) The location of *some* sites is public. In the US, the FCC, along with filings of "towers" that are tall enough (so airplanes and stuff don't hit them.) In addition, Google, cellumap, Roots, and i'm sure others, have used phones with GPS *on* (along with signal strength and cell site ID, which both GSM and CDMA sites use) to triangulate cell site locations for those that are not public. For IPhone spying on you, probably it has more exact locations if GPS is on. And if it's off, it probably uses the estimate based on cell site location.

  84. Anonymous Coward
    Megaphone

    This is stupid

    Your phone calls are monitored by the govt.

    Your location is being monitored by the govt.

    The internet is being monitored by the govt.

    Your passwords can be cracked by the govt, they even hold a public key.

    Your printouts are uniquely identifiable,if you bought the printer in your name they know where you live.

    This is done by the Telcos who have the necessary splitters in place at the exchange AND IS LEGAL.

    Big whoop then that Apple is monitoring your phone.

    WAKE UP

    1. Vic

      Well, something round here is...

      > Your passwords can be cracked by the govt, they even hold a public key.

      Rubbish.

      Public keys are - public. That's the point of them.

      Traffic for a given server is encrypted using that public key.

      You need the *private* key from the key-pair to decrypt that traffic.

      So it doesn't matter if the government have got my public key - them and a gazillion other people. *I* have the private key, and no-one else does.

      > This is done by the Telcos who have the necessary splitters in place

      > at the exchange AND IS LEGAL.

      The legality of such an action depends on many things - jurisdiction being one of them.

      But even if they grab every byte of traffic between me and my server, they're still not going to be able to decrypt it. That's how strong cryptography works...

      > WAKE UP

      Errr - read up?

      Vic.

  85. Andy Watt
    Big Brother

    Umm... HLR registers? Network logs?

    Can't the police just use lawful intercept nodes etc to query the logs for cell tower use for a particular IMSI / TMSI?

    If that's still the case, this seems like a bit of a non-story to me. Any viewpoints?

    1. sT0rNG b4R3 duRiD
      Big Brother

      Other people other than the telco...

      Triangulating a mobile is probably very easy assuming good coverage, but we don't know if they do at all or how often - this of course would depend on how curious the telco is and what it's willing to spend. Maybe someone in the know could say something? *wink* *wink* *nudge*

      Ok the so let's assume the telco's know... Maybe even down to a precision of metres.

      But... why should other people? Even to the resolution of cell towers?

      Why should such a large file exist? So it's for AGPS maybe. What other apps can read it? What can these apps do with the data? I assume iOS apps are allowed to talk on the internet, and if they can query this file, maybe not read it directly but even thru' some API...

      We already know the evil that google do...

      The telcos knowing is one thing, but who else could know? That's the issue...

    2. Vic

      There's definitely a story here...

      > this seems like a bit of a non-story to me. Any viewpoints?

      The difference is that, to get the data from the telco, there will necessarily be a procedure to be followed. Audit trails will be left. Due process must be followed.

      By snatching the data from the phone - probably in a roadside manner, as the Cellebrite materials suggest - there is a significantly increased chance of a fishing trip. Plod - or customs/immigration - can just snaffle the data. There is vastly less oversight.

      I'd be less worried if such searches were always performed only once a warrant had been issued - but even then, the situation is just asking to be abused.

      Vic.

  86. Christian Berger

    Understandable from the perspective of Apple

    Of course tracking individuals is something bad, and Apple could, in theory face prosecution in some countries.

    However it's understandable from the perspective of Apple. After all they rent out millions of devices. It is only understandable they want to know where they are.

    Most people forget that when they 'buy' an iPhone, they actually just rent it. It's like buying a house, but the previous owner still has unlimited access to it.

    If you don't like that, don't buy Apple. There's plenty of alternatives.

  87. Anonymous Coward
    Jobs Horns

    Jeez, people

    Here is a list of things UK cell providers are obliged to do by UK law (according to wikipedia) :

    * to trace and identify the source of a communication;

    * to trace and identify the destination of a communication;

    * to identify the date, time and duration of a communication;

    * to identify the type of communication;

    * to identify the communication device;

    * to identify the location of mobile communication equipment.

    These details are stored for two years.

    Why is everyone freaking out about details stored on a phone when all these details are stored by our cell provider anyway and can be requested by any appropriate authority? It's certainly not good that someone could steal your phone then potentially figure out where your live or work, but the information is already out there, you know.

  88. jackthelad
    Thumb Down

    Apple has already responded to questions

    Back in July last year, Apple responded to questions about use of location data. This explains both why and how data is being stored and passed on.

    http://markey.house.gov/docs/applemarkeybarton7-12-10.pdf

    Also, Steve Jobs himself apparently responded to a question:

    Q: Steve,

    Could you please explain the necessity of the passive location-tracking tool embedded in my iPhone? It's kind of unnerving knowing that my exact location is being recorded at all times. Maybe you could shed some light on this for me before I switch to a Droid. They don't track me.

    A: Oh yes they do. We don't track anyone. The info circulating around is false.

    Sent from my iPhone

  89. Anonymous Coward
    Megaphone

    @Vic

    You really don't get it do you.... the comment you gave would have been pretty similar to the one I would have given five years ago.... so I won't be too harsh on you.

    We could argue to kingdom come on the legality (just read the acts and work it out for yourself), but I'll throw you a bone on what is going on anyway...

    http://www.youtube.com/watch?v=STZFkNuUSmw

    I bet you think the all the money that went missing in the US bailout was legitimate as well (guess what - they made it so):

    http://www.youtube.com/watch?v=6xMTdczlTgM

    People who bank with Bank of America on the internet now have to sign their rights away.

    http://www.networkworld.com/community/blog/boa-holding-my-online-bank-accounts-hostage

    Here's another bone:

    http://www.youtube.com/watch?v=bWs12ccbOiE

    Oh now it's Apple who has gone quiet.... still you clicked the button as you love to see your rights go down the drain.....

    Don't see you the pattern?

    This is just the tip of the iceburg.

    Now go figure or have a good laugh dismissing this sort of thing as crack pot or ill researched whilst the globalists walk all over you.

    (ps You were technically right about public keys, still the govt can and will break into your PC as and when it likes, at least in the US).

    1. Vic

      @AC...

      > You really don't get it do you

      Well, one of us doesn't.

      Now I know the difference between a public key and a private one; why do you think I should just completely change my understanding of cryptography just because you post a sensationalist item from the telly that has nothing to do with it whatsoever?

      Your link just makes some claims - which are probably true, even if they are unsubstantiated - about the ability of the NSA to intercept unencrypted internet traffic. That's a very long way indeed from saying that they can break passwords.

      > You were technically right about public keys

      Yes, I am. And being technically right trumps posting unrelated YouTube links.

      > still the govt can and will break into your PC as and when it likes

      How's it going to do that?

      Getting into my PC requires a 2048-bit key. I made that key, and I control both copies of it. No government has that key, and cannot acquire it without my knowledge.

      > at least in the US

      And here's something for you to consider: not all the planet's population lives in the US.

      But you're wrong even within that territory; the government's ability to tap your internet traffic does *not* give them the ability to walk into your PC.

      Your argument is flawed because you are trying to make wild inferences from allegations that simply do not support your case.

      Vic.

  90. Anonymous Coward
    Anonymous Coward

    Someone's not telling the whole truth

    >What's more, the geographic locations of cell towers is usually kept secret by the carriers who own them, and there's no clear way an iPhone would be able to detect its longitude and latitude anyway.

    If there is no way to determine the location of the cell towers then there is no reference for determining the location of the device.

    Just a small point but one I think worth mentioning.

This topic is closed for new posts.

Other stories you might like