back to article iPhones secretly track 'scary amount' of your movements

Apple's iPhone and iPad constantly track users' physical location and store the data in unencrypted files that can be read by anyone with physical access to the device, computer researchers said. The file, which is stored on both the iOS device and any computers that store backups of its data, can be used to reconstruct a …

COMMENTS

This topic is closed for new posts.
  1. NoneSuch
    Coat

    and...

    ...exactly WHO is surprised about this...

    1. PerfectBlue

      Surprise?

      To be honest, I'd taken it for granted that most smart phones did this.

      In the US the Feds mandate that all US cell phone have lojack capabilities so that the cops can track you. It's actually written into the rules. So the fact that Apple records them comes as no surprise to me.

      1. Steve Evans

        @PerfectBlue

        There is a bit of a difference in being able to ask a phone to remotely tell you of its location when it has been lost/stolen (as is done with MobileMe on the iphone and countless applications on Android including "Where's My droid" and "Lookout") and having a device "pre-emptively" recording your every move and recording it for month after month without any permission requested or granted!

        Would you say "OK" to an a new application that said it would record all your movements and store them in an unencrypted file when you backup? I certainly wouldn't.

        Whilst there are reasons to need to know the current location, there are no reasons I can see that would require this to be stored in a historical log. I'm sure the security services could find lots of reasons this is a good idea, but then they aren't interested in your privacy.

        It does sound like a bit of debugging code which has been left in, but whatever the reason, it's not a nice discovery.

        1. Jon 52

          you gave permission

          Didn't you read evreyword in the 16000 word EULA it clearly gives them permission to track you and share this info with whoever they like. You clicked the agree button or opened the shrink wrap or whatever so you did agree to this.

      2. Anonymous Coward
        Pirate

        Tracking laws

        The tracking laws in the US mandate that the carriers be able to track users, not that the information be stored in the device or in the backup software

    2. Anonymous Coward
      Grenade

      Yet another reason.....

      ...for not buying anything with an 'i' in front of it

  2. Anonymous Hero
    Black Helicopters

    That's why...

    ....I never go anywhere "interesting" with a mobile phone.

    1. umacf24

      I never go anywhere interesting

      at all :(

  3. pcsupport

    Insert text here

    I downloaded and tried the software. While it found all of my tracking data for the UK it failed to find any of the trips my phone had made to France, Germany or Russia.

    France and Germany where on roaming (Orange in the UK) and Russia is a separate SIM card.

    Personally I have no problem with this data being collected as Orange are able to track me everywhere I go anyway.

    1. Anonymous Coward
      Anonymous Coward

      Orange are able to track me...

      ...and now Apple too apparently. And anyone with user access to any PC or Mac you sync it with, and the authors of any executable which might be run on said machine and call home. It doesn't even need to be you running them. Any user can see it and see what your routine is.

      Why don't you have a problem with that?

      1. Anonymous Coward
        Anonymous Coward

        You say user level access...

        Uh you say: anyone with user access to any PC or Mac you sync it with

        Actually they would need your user account and password to read your files right. I mean one user on the OS cannot read the files of another user's account. And if someone hacked my user account there's much more valuable data they can get to.

        1. Anonymous Coward
          Anonymous Coward

          Re: You say user level access...

          How secure that is would depend on how the PC/Mac was configured. I've used plenty of both that automatically start up logged in to the desktop. Linux would be far safer (if it ran iTune), as every distro I've used insists on a log in.

          And if your user files aren't encrypted, or stored with with a file system which enforces access control, then simply removing the hard drive and plugging it into an external USB housing on another machine will let you read all the files.

          Not that this is likely to be required in the spouse spying context mentioned in the article.

          Coming next week:

          "Here dear, I've bought you an iphone for Easter"

          *SLAP*

          1. Tom 35 Silver badge

            Easy access

            "simply removing the hard drive and plugging it into an external USB housing"

            That's the hard way... Just boot up a live CD and you can see everything.

      2. Anonymous Coward
        Anonymous Coward

        No one can see your routine

        Since information is only stored once (a year or more) for each cell tower. They just get a blob of places you might have been around.

        But if you're still worried just tick the checkbox that says "Encrypt my backup." Problem solved.

        1. Mike Richards

          Encrypt my backup

          The data on the phone is plaintext.

    2. Gotno iShit Wantno iShit

      @pcsupport

      "Personally I have no problem with this data being collected as Orange are able to track me everywhere I go anyway."

      This isn't about Orange tracking you. You have a contract with Orange and part of the price you pay for the service you recieve is that Orange can track you. Quid pro quo.

      This is about other people being able to track you and find out historically where you have been. The article gives the example of someone getting hold of the database from a backup which seems irrelevant to me. Might matter more if I were the sort to play away, if Mrs iShit wants to know where I've been she's welcome to.

      What I'd find more concerning is that this is available to any app on the phone. Pleanty of apps have been found doing questionable background activity, how long before a freebie ad sponsored game starts feeding this back to the mothership?

      Surprised the file isn't called newlabour.mbdb.

      1. Anonymous Coward
        Anonymous Coward

        Err...No.

        The 'price I pay' is NOT they can track me. The price I pay is on my invoice. Since I am not offered a 'no tracking' option (which MAY be differently priced), I have no choice in the matter,. Hence, the contract is extortionate.

        1. Chris Miller
          Thumb Down

          Cell phones

          It's obvious that your phone service provider has to know where you are (at least, in the sense of which cell you are communicating through) in order to route calls to you. The ETSI standards define mechanisms for this information to be recorded and made available to law enforcement subject to appropriate legal provisions. If you're concerned about this tracking, it can be circumvented (at least in normal circumstances) by simply turning off your cell connection.

          But this is very different from the phone manufacturer using built-in GPS to record your phone's movements throughout its lifetime (and sharing that information with 'appropriate' third parties). Apparently the right to do so is buried on page 94 of the 20,000 word legal document that you agreed to by breaking the seal on your new phone.

          Lawyers: start your engines!

          1. Shakje
            Stop

            @Chris Miller

            "But this is very different from the phone manufacturer using built-in GPS to record your phone's movements throughout its lifetime (and sharing that information with 'appropriate' third parties)"

            This is very different from what it actually does. It tracks your location based upon triangulation of cell towers (think what would happen to the battery if GPS was constantly on), and also keeps a log of Wifi networks your phone has spotted. You could probably also circumvent this by turning off your cell connection and your Wifi.

            I have an iPhone and this concerns me, but at least get it right.

            1. Anonymous Coward
              Happy

              Quite

              You beat me to it, It's one thing to have the cell provider track when you're camped-on to the network , but this would normally be just the tower ID.

              This creepy thing triangulates between "n" towers and records WiFi MAC's - a shitload more detailed information than you (are compelled to) agree to by using a mobile phone.

              There are legal agreements in place to cover disclosure of mast ID's - I would presume "reasonable suspicion" is required, or at least the pretence of it. There is no regulation whatsoever of this new datagrab.

              Still, i don't have a iThing and don't frequent public toilets much, so I've nothing to worry about. Right? ,

    3. Ilgaz

      Orange is your gsm operator

      Orange or any GSM operator in a modern country is bound to some insanely serious laws about such location data. In fact, in some countries, people have died because the network operator declined to give location data without proper paperwork.

      Ask anyone at a GSM operator, even they can't access such data without proper paperwork. Yes the people sitting at their data centers. Every access is logged and there must be something to show for each access.

      Apple is not bound to such laws, especially with their evil genius lawyer written EULA.

      Just watch when they sue them, you will be surprised.

  4. zen1
    IT Angle

    seriously?

    Does this really surprise anybody?

  5. Anonymous Coward
    Anonymous Coward

    A simple cache file...

    Many programmers will be familiar with cache files. This just stores the results of the Cell ID to latitute/longitude that all smartphones with GPS have to use.

    I've confirmed that eg the area around my own home only shows up once since I got my iPhone (6 months ago)! Hardly tracking to the second... Also the resolution (in the raw data) is only down to about cell tower level.

    All this does is saving my phone making constant queries to Apple for this Cell ID mapping, which is how Android does it. At least this way Apple has no way of knowing what I do every day.

    Oh it saves battery to.

    Any privacy loving person will already encrypt their backups, and apps approved by Apple will not have ways of accessing this file in the phone.

    Complete non-issue in my point of view.

    1. Chris 3
      Thumb Up

      Sounds plausible

      This does sound like a rather plausible explanation of what the data is doing on the phone, I'm not sure why you are getting voted down, unless its your assertion that it's a complete non-issue. Presumably someone determined *could* get the info off the phone.

      1. Si 1
        Jobs Horns

        Voted down

        He's probably been voted down because he didn't immediately call for Steve Jobs' head and recommend everyone blend their iPhone and then put a tinfoil hat on.

        1. Anonymous Coward
          Anonymous Coward

          Downvoting

          "He's probably been voted down because he didn't immediately call for Steve Jobs' head and recommend everyone blend their iPhone and then put a tinfoil hat on."

          Yes, yes, very droll. I'd wager though, that he's been downvoted because he's posted a smarty-pants rebuttal of the findings in the article, and he's wrong. Just throwin' it out there. Could also be the 'to' vs. 'too' thing.

      2. . 3

        And also wrong

        If you had read the cited article, it's not the tower location, it's triangulating your actual location down to a few metres and recording it with timestamps with 1 second precision. And it's not a cache file, it's an SQL database which is not getting deleted.

        1. Anonymous Coward
          Grenade

          Blind hatred or just blind?

          @ .3

          If you had read his comment, it sounds like he's actually taken the time to investigate the contents of this file from his iPhone and has not found per second data, has noted accuracy "only down to about cell tower level" (i'm guessing he's not in the position to go and work out exactly how accurate), and has not seen his home location more than once in the data (and I'd guess he's being going there most days in the past 6 months). Kind of at odds with the article, I know, but why shout at /downvote him instead of questioning the article?

          Also, it may be that it *is* a cache file, it all depends on how many duplicate entries one can find - if you find lots then it's more akin to a log file (which should be purged regularly), if you find one then it's most likely a cache file (which really should be limited in size and have least used records removed on a regular basis).

          @ PerfectBlue

          Your assumptions seem to indicate that encrypting backups is not that much of an issue.

          1) Most people won't think about encrypting a back-up (a checkbox on the device's "home" page - not exactly hard - but let's run with the assumption)

          2) Only Tech savvy people will encrypt.

          3) Hardly anyone backs up their devices anyway.

          Based on the above, it seems like the issue of encrypting backups won't affect most people and the chances are pretty good that those who *do* back up are the tech savvy ones (we like backups, after all) who will encrypt said backups.

        2. Anonymous Coward
          Anonymous Coward

          @.3 (again)

          If you actually see the file and not go by some speculative articles you'll see it is the cell tower locations and timestamps are precise but towers only get recorded once.

          Here's the SQL for the CellLocation table:

          CREATE TABLE CellLocation (MCC INTEGER, MNC INTEGER, LAC INTEGER, CI INTEGER, Timestamp FLOAT, Latitude FLOAT, Longitude FLOAT, HorizontalAccuracy FLOAT, Altitude FLOAT, VerticalAccuracy FLOAT, Speed FLOAT, Course FLOAT, Confidence INTEGER, PRIMARY KEY (MCC, MNC, LAC, CI))

          as you can see MCC, MNC, LAC, CI are primary keys, therefore will only appear once! So this does not track all your movements.

          1. web_bod
            WTF?

            It's all relative

            Sorry to state the bleeding obvious - but you've identified a bunch of keys defined one table - wouldn't that suggest that the data might be linked to information held in other tables?

            Perhaps phone keeps a unique record of the location of each hotspot/tower and also has a table (with one entry per second) referencing them - you know, some kind of a log - so when you use the two together you can generate a detailed mapping of the phones location over time.

            I think we used to call those kinds of things relational databases.

            1. Anonymous Coward
              Anonymous Coward

              @web_bod

              You seem to know about relational dabatabases so why are you ignoring that primary keys also have that other function you, indexes for quick lookup of data.

              Which would be very convenient in a table that need quick access.

              1. Anonymous Coward
                FAIL

                iPhone Hacking at Infosec

                @ +++ath0

                The phone was pwnd at Infosec. Pentesting companies view its security as so weak they wont issue it to their employees. I am sure you know more than any of the other people who have published their findings, which is why you confine your rebuttals to a discussion forum on the Register.

                Bravo.

                1. This post has been deleted by its author

                  1. Tim Parker

                    @Gk.pm

                    Interesting update.. nice summary paragraph in there of one of the main issues

                    "Now for law enforcement and other purposes the device can come in handy. Will it give you a 100% accurate GPS point with Date/Time? No. Will it give you real-time tracking data to track someone? No. Can it help you narrow down timeframes and locations of potential suspects or victims? Absolutely, if used properly."

                    1. Anonymous Coward
                      Anonymous Coward

                      The update

                      @Tim and @AC

                      Yes he does say that if used properly law enforcement can narrow down timeframes and areas. But he also says " after looking at a freshly wiped iPhone 3G which was running iOS 4.2.1 which didn’t leave a single building, had points from all over the town."

                      So there seems (and I see this too, both in my data and in the original movies posted) a lot more data in there than actual location. It would be really difficult to pinpoint anyone based on this data.

                      From my own experience I can't even pinpoint my own house to where spend at least 8 hours a day.

                      This opens a lot of plausible deniability cases: if someone claimed you were somewhere based on this data you can easily say you were not and it's all down to the phone caching more than it needed. No one could truthly say otherwise.

                      I agree a lot more research has to be done on this, but hopefully not the sensationalistic kind. That's just destructive and doesn't help much.

                  2. Anonymous Coward
                    Anonymous Coward

                    The point is the sharp bit

                    @ +++ath01 or Gk.pm,

                    The point is not that pwning the device will allow you to install trackers it is what historical information is now available.

                    I dont think anyone thought you only posted here - I suspect like most you have a day job.

                    Christopher Vance's article is good (and it is an improvement to see links to supporting claims rather than simple assertions) but the simple fact remains that a lot of his conclusions are guesses and assumptions. He says so himself.

                    He makes the following statement:

                    "Can it help you narrow down timeframes and locations of potential suspects or victims? Absolutely, if used properly."

                    And this is pretty much the problem.

          2. Anonymous Coward
            WTF?

            Re +++ath0

            First off I am glad we can agree this is not a cache file.

            Secondly, you are spot on that MCC, MNC, LAC and CI will only occur once in the table. However this is not the protection you think it is.

            Lastly, I have had a look at mine now and despite what you are claiming here it *does* seem to be tracking a lot of my movements very accurately. How can that be?

        3. Grant Mitchell
          Alert

          It's not that accurate

          Wow, talk about exaggeration, I was expecting a _really_ accurate trail of where I'd been with my phone. It is _not_ that. It was various dot sizes, very roughly where I'd been in the UK, sort of.

          Apparently I'd visited Cardiff (or my phone has, without me). I think I have visited Wales as a young child, certainly pre iPhone days, nearest I've been since then is Bristol (ironically doing some consultancy for cellco there). It had no indication of my various trips to Aberdeen (nothing North of the Border).

          There is a very small dot (accurate fix I'm assuming?) on my house for one day, when I hit play. I'm pretty sure I've spent more time here than that! There is no dot covering my office, and I seem to be spending a lot more time south of the river than I remember.

          The data is very inaccurate, which greatly lessens the security impact (though does not remove it of course). I did see that I'd visited Exeter and Bournemouth with the in-laws last year, but there are probably easier ways to find that out (like my flickr feed?).

        4. Chris 3

          Except, it seems it *is* the towers that are being recorded

          It seems from other articles I've read that yes - it *is* the location of cell towers and WiFI hotspots that is recorded, *not* the location of the device.

          And whether the data is held in an SQL database or not is immaterial to the question of whether it is a cache.

    2. PerfectBlue

      Encrypted Backup?

      "Any privacy loving person will already encrypt their backups,"

      I hate to disagree, but where I come from privacy means a 14 year old girl hiding their cell phone while they;re in the shower so that their mom can't browse through their text messages.

      The idea of encrypting a backup simple wouldn't occur to 90% of smart phone users. Most smart phone owners aren't technical people. Most probably don't back up at all. Syncing their iTunes with their laptop is probably the closest thing that they get to doing a backup.

      You buy an iPhone because "it just works". Not because you want James Bond style privacy.

      1. Anonymous Coward
        Anonymous Coward

        RE: all

        Encrypting a backup is just one checkbox tick away on the device's page in iTunes.. hardly a very complex operation.

        There's very little in this cache file. It also has many errors, for example it shows up with places I've never ever been to.

        The downvotes are typical whenever anyone says Apple might not be entirely to blame anywhere in El Reg.

        Apparently to even technical people at El Reg it's fine to send location data to Google, but it somehow becomes an invasion of privacy when even sparser information is stored in your own devices.

    3. JarekG
      FAIL

      RE: "A simple cache file... "

      Ahhh..that would explain why iTunes always ask me to upload crash* files to Apple when I try to synch the iCrap device.

      * Crash, cash...who in the walled gardens know the difference....YOU ARE ALL SAVE!!!!

      Next....targeted advertisement

  6. Aaron Em

    Here, let me save you some effort on the follow-up story's headline:

    "iDevice location tracking vulnerability: Apple says innocent have nothing to hide"

    1. SuccessCase

      Actually

      That's already been Googles answer courtesy of Eric Schmidt:

      "If you have something that you don't want anyone to know, maybe you shouldn't be doing it in the first place."

      Oh what like using Google to look up if I have an embarrassing disease, or my gps route tracked by an Android phone? Why on earth might I not want anyone to know that? How stupid and unreasonable of me.

      Apple are less concerned to intrude on your privacy just so they can sell you advertising. Their response would more likely be "You're holding it wrong"

      1. Stuart Gepp
        Joke

        The other side of the coin

        You cannot be tracked if you're holding it *right*

  7. Destroy All Monsters Silver badge
    Coat

    "Your location down to the second"

    But what if you can do the Kessel Run in under fifteen seconds?

    1. Anonymous Coward
      WTF?

      apple have thought of everything, they're so wonderful

      see the field "Speed FLOAT" ;)

      incidentally, why IS there a speed field if apple are innocently "just" single records of each cell tower you've been near once like the fanboys would like us to believe?

  8. tirk
    Unhappy

    Cache file?

    Cache files don't normally store date for 12 months.

    1. Anonymous Coward
      Anonymous Coward

      They do

      if the information they store doesn't change much. Like for example cell tower locations.

      Think about it, isn't it better that the phone already has this Cell mast id to location mapping and doesn't contact Apple with a new request?

      This way Apple gets to known even less where you are at a some given time.

      Why are some people demanding that their phones don't store this and in turn have to request information from Apple more often?

      1. Anonymous Coward
        Thumb Down

        Symbian

        Symbian on phones with a GPS receiver appears to only request this data when you're using some software that wants your location (e.g. maps) AND you enabled Network-based location and/or A-GPS. Even if it was a cache (which it isn't - why the timestamp and repeated data?), it should be possible to easily disable it.

      2. JarekG
        Thumb Down

        @ +++ath0

        "Why are some people demanding that their phones don't store this and in turn have to request information from Apple more often?" - cause no other device ask you if you want to upload "crash" data every time you try to synch your device....

        1. Anonymous Coward
          Anonymous Coward

          @JarekG This is standard behaviour

          Windows offers to do the same when an application or the OS crashes.

          It's the way developers can track and fix bugs... If they waited for people to submit reports voluntarily nothing would be done.

  9. jake Silver badge

    Why?

    Seriously, why? What's the point? What else is going on in the background unnecessarily?

    No wonder these iFadThingies suck battery power ...

    1. Anonymous Coward
      Anonymous Coward

      Not really

      Cell phones are going to connect to cell towers anyway.

      Triangulating and recording location would require an infinitesimally small amount of power.

      1. Anonymous Coward
        Anonymous Coward

        Basics of cell triangulation

        For cell triangulation you need to know where the cells are eg: latitute and longitude of the mast.

        However the network only gives you the Cell ID. So there has to be some mapping for this to happen.

        This mapping is exactly what's cached in this file (it's the cell tower approximate location, not your true location like some people claim) Nothing more to this file really.

        You can either cache this information like Apple, or contact the mapping server every time like Android does (not sure about Nokia but it'll have to be similar)

        1. . 3

          Did you bother to read it?

          It does actually triangulate your position. With 3G, the cell base stations already know their own location and broadcast it precisely so devices can do this.

          Android's online location database is for stations which don't report their location, i.e. GSM (and WiFi thanks to streetview).

          1. Anonymous Coward
            Anonymous Coward

            @. 3

            If that's so you might want to contact Ofcom, apparently they've been trying for ages to compile a reliable database of 3G masts but it's still far from complete as not all operators have given this info...

            If the masts just transmit their location it should be a doodle.

            Then again maybe they don't actually do that...

            1. Anonymous Coward
              Anonymous Coward

              UTMA location service

              I believe this is the relevant spec:

              http://www.3gpp.org/ftp/Specs/html-info/44031.htm

              Fail to see what this has to do with Ofcom though.

              1. Anonymous Coward
                Anonymous Coward

                @AC 23:33

                Why are you making me do your homework? That is only a location spec describing how the network can locate phones.

                It doesn't include actually telling the location back to the handset, or even the cell tower locations. That's an optional subscription service from the mobile operator, or given to authorities for emergency or lawful interception.

                It doesn't come standard with your service.

                Because of this Apple, Google OpenCellID.org and others have come up with databases that locates cell towers from their ID and do the triangulation on their own.

              2. John Smith 19 Gold badge
                Thumb Up

                AC@23:33

                Thanks for this.

                Lots of interesting stuff available for free for the interested party.

        2. jake Silver badge

          @+++ath0

          You are completely missing the point, and probably intentionally.

          Why the hell does APPL see a need to store the locations that I was visiting on the device that I was carrying in those locations? Especially without my expressed permission.

          Can you even comprehend why this might be an issue, shill?

          1. Anonymous Coward
            Anonymous Coward

            @jake

            Have you read any of my posts? If so you'd this has been covered already.

            Apple and all other smartphone companies need to map Cell IDs to latitute/longitude of towers so that they can make GPS location fix in useful time (ie under 10 minutes). People use that for locations apps, to geolocate photos, etc and would be extremely bored if they had to wait for the GPS chip alone.

            Don't give me the shill crap, I'm a researcher just as the two guys who published the original article on this. I actually look into what am I'm saying, unlike you.

            1. Owen Carter
              Happy

              @ the lot of you...

              Fascinating threads..

              @+++ath0, you have some of this right;

              - The data collected is not terribly precise, and fairly incomplete, leaving it of limited interest to bad/good guys who obtain it (but it might be enough to tie, say, a serial killer to specific locations or movement patterns, or an injunction buster to his MP, or a consumer to certain supermarkets etc..)

              - Apples motivations for this appear to be a mix of the commercial and the practical; improving the user experience, reducing costs to users and apple.

              - This is not a fully fledged location tracker; far from it! If it had really been developed to track you for sinister motives it would be much more sophisticated, Apples engineers are not dumb.

              However, you look like a fanboi/shill because you don't seem to acknowledge that:

              The very act of recording of this data and storing it in plain sight on your handset and it's backup devices is an obvious security/privacy mistake. Apple could have made much more effort to protect it from casual browsing, they could have worked out that this was going to come and bite them later..

              Oh; and they they could have informed their customers what was happening.. but that goes with the rest of Apple's customer handling ethos: "consume! but never question because we always know what is best for you!"

              1. Anonymous Coward
                Anonymous Coward

                @Owen Carter

                Thanks, I think :-)

                I agree with you that Apple may have put more effort into protecting this file, but if I put my security researcher hat on all these mechanisms could have been broken since people have access to the device.

                Would it really be any safer if just the serious black hats had access to this info?

                As for informing the customers they actually did already, both in the T&Cs and when the US Congress launched a privacy investigation last year. It was even covered here in the Register: http://www.theregister.co.uk/2010/07/20/apple_location_policies/

  10. Mr Young
    Badgers

    I want an iFad as well now!

    I'll never have to ask "Where am I?" ever again! I could simply poke my iFad instead - just like the snooze button on an alarm clock. Is their an App for that already?

  11. Anonymous Coward
    Jobs Horns

    Backlash

    And will we see an overblown Google-like privacy cockup response?

    Probably not, for some reason.

    1. Ilgaz

      and Symbian fading too

      So people who gives a heck about privacy should not buy any kind of "smart phone".

      Funny that J2ME developers kept whining about the torture users get into when they used location data without unsigned (not code reviewed) applications. In fact, user has to do 5 step process not to be nagged "allow access to location" window even if you have got app signed.

      After this story, I won't swear to my Nokia when that popup appears.

  12. PerfectBlue

    Yeah, right.

    "Apple have made it possible for anyone from a jealous spouse to a private investigator to get a detailed picture of your movements.”

    Personally, I don't have jealous spouse, and I don't think that a private investigator is going to tail me. My life just isn't that exciting.

    What I am concerned about is that a cop or a fed with a generic search warrant could snare your cell phone and use the data on it to go on a fishing expedition. If they know where you are, and at what time, they could potentially try to tie you to who knows what.

    Even if you didn't happen to be near an actual crime they could imply that you were and use that to try to entrap you.

    "Say, young African American male, I see you were on 2nd and Broadway at 6:30 yesterday evening ..."

    1. Invidious Aardvark

      Sigh

      FFS! You seriously think the cops are going to go on a fishing expedition based on your phone data? You seriously think they're going to grab your phone, review your past movements, then try and get you to admit to being party to a crime you didn't commit? That this would somehow work and you'd just go "All right guv'nor, it's a fair cop"? That this would somehow stand up in a court of law? "Well you see, your honour, the subject was clearly in the approximate location at just about the right time. We don't have a motive, witnesses, or any other evidence, but hey - he's black (sorry, "African American")."

      Nice use of emotive, racist undertones on the example too. Care to bring the Nazis into this as well, for completeness' sake?

      Sounds like you need to adjust that foil hat.

      1. Anonymous Coward
        Stop

        @ Aardvark

        "FFS! You seriously think the cops are going to go on a fishing expedition based on your phone data?"

        You think they wouldnt? Do you think that, when put under pressure to solve a random high profile crime the police dont try fishing to see what they find?

        Your faith in the integrity of the police force doesnt match up with reality.

  13. Anonymous Coward
    Thumb Down

    anyone interested in buying an iphone?

    I'm certainly trying to get rid of mine after reading this article. What the hell were they thinking? I'm never buying Apple again!

    1. Anonymous John

      Yes.

      There's a newsagent in Egham.

      http://www.theregister.co.uk/2011/04/20/iphone_scam/

  14. Anonymous Coward
    Pint

    Popcorn...

    Seriously, we need that icon, this is gonna be a good one...

  15. Anonymous Coward
    Alert

    Fear!

    I'm worried that one day they announce that personal information such as an ENTIRE list of contacts and their phone numbers is stored on a phone. Heaven forbid!!

    1. Anonymous Coward
      Anonymous Coward

      Don't say that..

      Next on the news: smartphones cache e-mail messages.

      Oh btw, you know Google Maps? It caches stuff too.

  16. M Gale

    GOOGLE ARE TEH EVIL

    Yep, they track your location and everything!

    Except they don't unless you let them. And, uhh, the phone/tablet tells you when it's trying to locate you with a flashing sat-dish icon. Oh, and it tells you if any applications you're about to install want that kind of access, as well. Oh, and continues to let you review installed applications' permissions any time you please.

    Android better than iOS at protecting privacy. Who'da thought it eh? Well, I believe I've said this any number of times, that Apple and Microsoft all want your details for the same reasons that Google do. Have I been believed so far? Well, no.

    Perhaps that will change.

  17. Anonymous Coward
    Anonymous Coward

    oh

    oh nooeeeeeeeeeeeeeeeeeeeeeeessssssssssssssssssss!

  18. Anonymous Coward
    Anonymous Coward

    Any time soon ...

    Apple will be given a DARPA contract for chipping humans and the Jobsian faithful will be stampeding to queue round the block to have it done. Because it'll have an Apple logo and will be shiny-shiny.

  19. Andrew Jones 2
    Alert

    the thing that is annoying me the most.....

    If this had been an Android phone - this would now be hitting the national news - "Google secretly stores tracking data on mobile phone users" but as it is - it is Apple - and people are coming up with all sorts of stupid excuses as to why this is a "non-issue".

    A cache file? several people have reported that they have location data turned off and have never used location aware apps - yet the phone has still logged thousands of data points.

    MobileMe? the Apple find my phone service does not have any need to know where you were last week - therefore the phone does not need to keep this information for this service.

    There is NO legitimate use in recording your entire location history - no app needs more than a few hours worth of history (except Google Latitude, but that is stored on Google Servers).

    I have even heard such stupid excuses as "all GPS devices record where they have been" no, they don't.

    "It's for assisted GPS" - no it is not - if I stand outside my house using GPS at 3pm, the satellites my phone can "see" are NOT the same satellites it can "see" at 7pm. From howstuffworks: "Each of these 3,000- to 4,000-pound solar-powered satellites circles the globe at about 12,000 miles (19,300 km), making two complete rotations every day." Besides which - aGPS does not need to know where I was last week.

    But obviously as can be seen on any news site across the web reporting on this story - the "cult" of Apple is strong with people claiming it is a good thing.

    To the person above who believes it doesn't matter as your mobile operator already knows this information - yes - and in order for anyone else to get access to that information - they need to provide the mobile operator with a court order - I don't suppose you have stopped to think that there must be a reason the court has to approve the handing over this data? Something like - it's very sensitive, personally identifiable data?

    1. Anonymous Coward
      Anonymous Coward

      Well yes it is.

      It is for assisted GPS.

      Like you say the satellites will be different but have you heard about this concept called geometry?

      Once you know your location (from the Cell ID) It's actually possible to calculate which satellites will be in view at any given time of day. There's even apps that use that to show you the stars (and satellites)

      1. Anonymous Coward
        Anonymous Coward

        Re: Well yes it is.

        3G masts broadcast their location in their data, there is no need to cache it.

        Knowing which satellites are in view is no use too. The satellites tell you who they are! If you can hear them, you know which ones are broadcasting to you!

        The whole A-GPS argument seems a bit thin to me. Modern chipsets get a location lock within a few seconds. Dedicated Sat-Navs have no access to the cellular network, and they work out where they are pretty quickly.

        1. Danny 14 Silver badge

          yes

          but thats because of different GPS chipsets. phones generally use weaker crapper AGPS necessary solutions. Proper satnavs (and bluetooth GPS boxes) have proper GPS chipsets in them - they can pick up weak signals and work out locations faster, AGPS needs to know where the good strong ones are before it goes filtering the time messages.

        2. Anonymous Coward
          Anonymous Coward

          @AC 05:19

          No they don't 3G masts don't send location in their data, unless you subscribe to an bloody expensive location service.

          I suggest you read up on how GPS works for your second point.

          Have you tried using a dedicated satnav besides a tall building? It will takes ages to get a lock. They work because the cars are on the road with open skies all around. I know this well since I have a Sirf III device (one of the most sensite) on by bike.

          AGPS works in these the more difficult, but pretty common for mobile devices, situations.

        3. John Smith 19 Gold badge

          AC@05:19

          "Knowing which satellites are in view is no use too. The satellites tell you who they are! If you can hear them, you know which ones are broadcasting to you!"

          GPS sat transmit their *own* orbital parameters, along with that of the whole constellation at 50 bits per second. The datastream takes about 12.5 minutes to repeat. Initial lock could take less than 6 seconds using certain methods.

          "The whole A-GPS argument seems a bit thin to me. "

          Agreed. If 3G masts *only* put out a mast ID # (or whatever it's called) *rather* than actual lat/long co-ordinates you might want a database to map them into a location. It would *slow* growing and not need any time data at all.

          1. Anonymous Coward
            Anonymous Coward

            @John Smith

            I agree with you, on the database being slow growing. Unfortunately even slow means data has to be expired at some point, hence the time data.

            Even something more detached from time like a FIFO queue would still denote some time sequence information.

            The developers at Apple would really need to do a complex randomisation of the cache to avoid these sort of issues. By then maybe it would be more efficient just to contact Apple's servers and not cache anything. Oddly enough if they had done that no one would be complaining now...

        4. Owen Carter

          It is agps...

          "The whole A-GPS argument seems a bit thin to me"

          Well get off your ass and do an experiment. Find someone with a modern AGPS enabled phone where the 'location server' can be configured. Nokia Symbian phones have a whole menu where you can turn on/off individual parts of their location service.

          Disable AGPS, reboot phone, see how long it takes to get a lock. Re-enable, reboot, repeat. Do that a few times, especially in complex environments and you will see just how much faster AGPS makes things.

          My N97 mini (approx 1.5 year old phone) would generally take a minute or so to get a GPS lock when I had this off (to save datacharges). Once I got a better dataplan it started getting a lock in seconds. The difference was dramatic.

  20. soaklord

    The title is silly, and must contain useless information.

    Haven't tried this yet, but couldn't you just SSH into the phone, delete the offending files on a (somewhat) regular basis and be done with it? In fact, I'll bet some aspiring cydia developer will have an app for deleting the data soonish. To the poster suggesting google cares more about privacy, you sir have one fantastic sense of humor. Thank you for the laugh.

    1. M Gale

      Didn't suggest it.

      Just reporting the facts. Android phones at least tell you when they are snooping, report what apps do snooping, and let you turn it off.

      iSomethings? Not so much. An iSomething-owning friend of mine is surprised that I'm not loading my tablet and phone both up with every free thing on the Market, especially all those "cool" free things you can get on Apple's app store. So I point him at the big permissions list that some of these apps want, and his response is something like "so what?"

      So maybe the iPhone is perfect for him...

    2. hplasm Silver badge
      Jobs Horns

      And the chance of that getting into the iApp store?

      Less than 0...

  21. Anonymous Coward
    Grenade

    Mwahahaha

    Turn off your iSnoop app dudes!

  22. This post has been deleted by a moderator

  23. Craig 12
    FAIL

    Here's my datas geo-realised

    My data file has 7,500 rows in less than 2 years... hardly once a week?

    http://craigae.com/images/posted/uhoh.png

    The image is cropped, but it also picked me up in Iceland, Dubai and the Maldives.

    1. Steve Brooks

      suspicious activity

      "The image is cropped, but it also picked me up in Iceland, Dubai and the Maldives".....Hypothetical...somewhere in a secret CIA base....."So my friend, you have been to Dubai, met an Al-Qaeda representatives while you were there? Know anything about the recent terrorist attack in Iceland? You were there as well according to Apple records, its all there on your phone, no use denying, does this hurt?" Sound of nutcrackers crunching and a long drawn out scream!

      You see here, a terrorist attack in Iceland, the CIA trawl Apples database of location visits for anyone visiting any Arab state and Iceland in quick succession, your name appears, the next time you end up in a foreign state sympathetic to US interests your name pops up in their todo list and you vanish quietly to eventually end up in guantanamo bay V2 as a terrorist, lucky you, and all the fault of you iphone.

      1. Anonymous Coward
        Anonymous Coward

        @Steev Brooks

        They could just check where your passport was being used.

        1. Anonymous Coward
          Anonymous Coward

          terrorist uses own passport shocker

          seriously? would the lack of a passport admission stamp be enough to get you out of Gitmo?

  24. ravenviz
    Jobs Horns

    Icon

    Well that's my vote for the Steve Jobs devil icon to remain!

    Sent from my iPhone

  25. Jon Smit
    Grenade

    There will soon be an App to remove this data

    Which will be blacklisted by Apple...

  26. JohnG

    Doctoring the file

    It might be interesting to replace the location data in the file concerned with some made up locations and see if the flavour of any advertising changes.

    1. Anonymous Coward
      Anonymous Coward

      RE: file

      You do realise the file is on the phone and doesn't go anywhere?

      1. Tom 35 Silver badge

        Re: Re: File

        It's on the phone... and your iTunes PC,

        How do you know it doesn't go anywhere?

        Maybe it doesn't go anywhere... yet.

        Apple do have their own ad network, I'm sure there are advertisers how would pay extra for ads to people who pass there shop regularly.

      2. sT0rNG b4R3 duRiD

        You trust your phone...

        ... explicitly that it doesn't send the file *anywhere*?

        I don't even trust my own android phone.

        Not that it ever is an issue but if I ever do want to go anywhere I don't want anyone knowing, I'd not take my phone with me.

        Or if I did, the battery would be out. Even then... the possibility of an embedded RFID is always there in the SIM for example, but that's really probably bordering on tin foil hat territory. Hey, tin foil, that's a great idea.... :P

        I have always assumed that mobile telco's could triangulate reasonably accurately where any phone logged into their network alwats is anyways.

    2. John Smith 19 Gold badge
      Happy

      @JohnG

      "It might be interesting to replace the location data in the file concerned with some made up locations and see if the flavour of any advertising changes."

      Nice.

      But to avoid unfortunate mishaps due to accidentally re-locating yourself near some sort of criminal event make sure the rows are reporting your locations are physically *impossible* to move between in the time.

      1. JohnG

        @John Smith 19

        "... re-locating yourself near some sort of criminal event..."

        Yes - and if this file were modified by some malicious third party who had gained access to someone's phone, the ramifications could be really severe.

  27. 7mark7

    HaHa ...

    ... Jeremy Clarkson has been carrying his very own speeding detector.

    Does plod know about this?

  28. Phil the Geek

    Your favourite phone hackers

    The gutter press will LOVE this - allegedly... Imagine if you somehow obtained the location databases of a bunch of celebs, sports people and politicians. Then you do a bit of SQLing to find the location/time correlations. If they have a regular schedule, your photographers are there waiting the next time they meet. Conclusion: don't carry an iThingy if you're in the public eye!

    1. Anonymous Coward
      Anonymous Coward

      Doesn't work

      Because there's not way of figuring out regular schedules from this information. You get one entry per cell tower, that's it. No historical data.

    2. opaque

      Yes but...

      If you somehow obtained it you'd probably get arrested as you could have only got it from the phone or computer and that would have meant accessing it illegally.

      You're right but having that information would be proof of illegal activities.

  29. This post has been deleted by its author

  30. Anonymous Coward
    Anonymous Coward

    MAC addresses

    Hardly exciting, my phone of nearly a year only has 669 distinct timestamps for those. Hardly tracking every second of my life...

    Still it has something similar to Google's Street View cars Wifi grabbing potential.

    At least now I can access some of that data for my own devious purposes, and it's not locked away in some server for Google's elitists to play.

    1. amanfromearth

      Keep at it mate

      But your efforts are wasted once these commentards get an idea...

  31. Anonymous Coward
    Thumb Down

    How many laws does this break in the UK?

    Cyber Stalking for one.

    Also, since this intrusive functionality was part of an EULA and not presented prior to the contract for the purchase of the phone being signed, then it does not form part of the contract and that opens up a can of worms as well.

    1. Anonymous Coward
      Happy

      @ AC 06:04

      Apparently it's in the Ts & Cs punters sign when they scribble their monicker on the dotted. I know some folks get terribly excited about all this, like they were up to anything interesting that they'd want kept private, but most phones have some way of identifying a user's position, even if only loosely. If one has broadly agreed to this kind of data collection it's probably not breaking any laws at all.

      1. Anonymous Coward
        Anonymous Coward

        bs

        Just because its in ts & cs doesn't make it legal. What on earth makes people believe this crap?

        1. Anonymous Coward
          Anonymous Coward

          Libertarian Bullshit

          seems to be a common feature of contracts these days. The law doesn't matter, because it's in the contract. I've recently watched a company turning a blind eye to a breach of its own T&Cs for about a year, and only reacting when it became apparent that the perpetrator was very likely a computer criminal, who, on his release from prison, pretty quickly started a new fraud through them.

          You can't trust anyone these days. Nobody seems willing to enforce the law, and companies only seem to enforce their contracts when they might be the ones being hurt.

  32. bazza Silver badge

    A couple of different view points

    I have a couple of slightly different view points:

    1) Apple must surely know that people might not want their location at all times to be logged. Sure, there may be a benefit (better battery life, smaller mobile data bill or whatever) for users with the phone doing this. But from a PR point of view surely it would be better to tell the users what's going on under the hood, maybe having an option to stop it, etc.

    2) With Apple having servers that dish up the information on request in the first place there is an interesting consequence for the network operators. The networks are traditionally shy about the exact locations of all their cell stations. A network armed with the locations of a rival's cell stations can work out all sorts of things about their rival's network capacity, operating overhead, etc. etc. That counts as priceless commercial information allowing them to accurately undercut the rival..

    So what's to stop Vodafone (for example) buying O2 iPhones and using them to get a complete map of O2's cell network and thereby deriving performance information for O2's entire cell network? Or have the network operators accepted that their competitors know everything about their networks costs and performances?

    And we do need a popcorn icon.

  33. Anonymous Coward
    Anonymous Coward

    You guys don't get it...

    ... it's just an automated blog system! Except in better, as whoever (e.g. burglar or hitmen who wants to know your "away from home" habits) accesses it will find something interesting they actually want to know (so as opposed to most blogs).

    Also, I don't know what's all the fuss about, I have absolutely no problems whatsoever with any of Apple products: I don't have any of them.

  34. Danny 14 Silver badge
    Joke

    so?

    Just write an application to pollute the database as you go along.

    Oh wait, you cant as it wont be let into the marketplace.

    Never mind then.

  35. Anonymous Coward
    Badgers

    Truth

    Whilst this data may look like something, it really is nothing.. its just a way to bloat the phone in a gradual manner such that in a year or two the device is slower than it was they day you bought it.

    hence you buy another. Its just 'good business'.

    A very large number of devices do this kind of inane logging including PC's.

  36. Anonymous Coward
    Anonymous Coward

    Is there an app for that?

    Maybe someone could write something for the (expletive deleted)phone - or maybe a PC with the downloaded data files like this http://www.theregister.co.uk/2011/03/30/cell_tracking/

  37. Anonymous Coward
    FAIL

    Really?

    I definitely not a member of the Stevie-boy's-biatches club, but second-by-second tracking? Get real.

    Assuming 4 bytes for INTEGER and FLOAT data types, that would be 1.5GB per year (365*24*60*60*52/1024/1024/1024) - excluding the primary key index.

    Don't some of those devices only have like 4GB?

  38. Will Godfrey Silver badge
    Happy

    No Problem

    An old fashion tobacco tin is a complete solution.

  39. D. Suse
    Jobs Horns

    Wallet location tool

    This is no big deal to Apple...their users are just wallets/purses to be emptied by Apple (& friend$).

  40. Daniel Bower
    Jobs Horns

    Anyone read the user agreement?..

    According to Apple's EULA they have the right to track your location and to share this information with third parties.

    That IMHO puts a slightly different slant on why perhaps this data is being stored.

    I'm not a paranoid type, I know that if the cops or MI5 (I wish) or even a half decent PI wanted to track me they could but I do find it a little disturbing that EULA's have this kind of stuff written in them and the consumer has no recourse to remove or amend them - Accept or don't buy the product.

  41. Ashley Flynn
    Jobs Horns

    But...

    If you one of those evil people who jailbreaked there iDevice, there was a fix relesed in under 24 hours

    http://www.9to5mac.com/62952/jailbreak-utility-blocks-ios-from-recording-iphones-location-data/

  42. Anonymous Coward
    Jobs Horns

    +++ath0

    How much are Apple paying you or has the RDF done a really good job melting your brain?

    Or maybe you are MichaelC in disguise?

  43. Select * From Handle
    Thumb Up

    Makes me laugh

    "The researchers were quick to point out that there is no evidence Apple or anyone else has accessed the information"

    This just means apple have done a good job not getting caught....

    1. Anonymous Coward
      Anonymous Coward

      LOL

      I wish Apple would pay me something for putting up with all the nonsense in this thread. They don't however.

      I just enjoy doing my research - it's actually fun to understand why things are they way they are you know - and not just spouting the old rubbish of others.

    2. Anonymous Coward
      Anonymous Coward

      Really smart

      So you really think if Apple would want to hide this they would store a cache file in your own device, as opposed to just using those convenient wireless connections to send it back to their servers and not leave any trace?

    3. s. pam
      Grenade

      But SONY surely got caught

      and Apple's no different and deserves to be summarily fucked over this!

      1. Ilgaz

        Sony music had some real bad luck

        They got busted almost instantly (good for them!) because World's most advanced NT kernel hacker (now at ms) turned out to be fan of poor band that got cd rootkit.

        Now imagine, one guy at top 10 league, millions of albums and still a fan of buying audio cds.

    4. Anonymous Coward
      FAIL

      Why don't you use your name?

      To post an accusation like that you moron...

      Looking at the posts he has made he does indeed come across as fanboi number 1, but on this occasion I think you will find it is with good reason. He is correct, look at the data for yourself, it is not as accurate as the researches are making out. Or certainly not in my case.

      1. This post has been deleted by its author

        1. Anonymous Coward
          Anonymous Coward

          The moron bit wasn't aimed at you...

          but the AC...

  44. John 62
    Jobs Horns

    how accurate?

    often my phone thinks I'm several miles from where I actually am.

  45. opaque

    I don't have a problem with the information being gathered

    as we all know this is a legal requirement on the case of the networks, and I can see why many elements of the iphone app's and services need the information, not least for the ability to use the phone and wifi.

    I can see how legacy information might be useful so it is left on the phone (although more likely that it takes up so little space it doesn't matter).

    For me it's more the matter that it is available on the pc you sych to.

    And also the fact that the app to look at it is Mac only! I want to see where I've been!

    1. Anonymous Coward
      Thumb Down

      aaarghhh - you cannot be serious!!

      so many faults in your post.

      1) the network stores your tower ID and any calls. it does not triangulate nor does it log WiFi MAC addresses.

      2) running applications might want to use the data, maybe to suggest the nearest polo-neck experience. They do not need storage for the last x years.

      3) the phone does not need any of this stuff to "work"- it needs to talk to the mast but has no need to log the ID nor even store it temporarily, outside of the 3G stack itself.

      4) similarly the WiFi MAC address, yes it is needed to connect, yes it needs to be stored if there is a password to remember, but not if no connection is attempted.

      5) "so little space it does not matter" - that is SO not an argument. Murderers kill so few people...

  46. John Smith 19 Gold badge
    Jobs Horns

    "Legitimate"* reasons to record this information

    1) Apple want to know where you are so they (or their "partners") can supply targeted advertising.

    2) Bloat up the memory so you need to replace/upgrade faster than if this "feature" were disabled (can it *be* disabled?). A time honoured MS tactic.

    3)Enable the offering of a "people tracking" service to "authorised" customers that offers them useful information from day 1 rather than waiting for the suspect (because clearly you are doing *something* suspicious by someones yardstick) to do something interesting.

    I was originally going to ask "why?" but there are plenty of reasons why. It's just that, had I bought one of these things, *none* of them are reasons that help *me*.

    *As in legitimate ways to get more money out of our customers that is.

  47. Dave Bell

    And also this report from Michigan

    It seems that none of these phones are secure.

    See this URL, and note that the situation dates back to 2008.

    http://www.thenewspaper.com/news/34/3458.asp

    The device that is being used is claimed, by the manufacturer, to be able to access all the data on your phone, bypassing the password protection.

  48. Ilgaz

    Nobody can fix it

    The owner community of the device already started to apologize for Apple. The owners themselves.

    So, really don't even bother to comment about it. It is like trying to argue with some cult. Pointless...

  49. Richard Fletcher
    Alert

    Not quite true

    On my iphone 3g I extracted the raw data and found there were only data points collected once every 5 days or so. Which is rare enough for it to be caused by user interaction....

    More here for those interested.

    https://github.com/petewarden/iPhoneTracker/issues/16

  50. s. pam
    Flame

    iPhorm iApple iAm

    Your worst fucking nightmare, if you thought the gubmnt should have done something about Phorm and didn't do enough, who's gonna fucking fry Apple over this.

    Only way around it is to encrypt your backups kids, otherwise, your back passage i wide open

  51. Anonymous Coward
    Anonymous Coward

    Well...

    I've had a look at my phone using the tool that was published on the blog (link from the article) and all I can see is a nice grid showing me the cell towers in the vicinity that my phone was in. I don't see any specific locations, my house isn't even on there, just a bunch of pins showing masts in the area.

    Not too bothered about it having looked for myself at the data, I think this has been rather blown out of proportion. Take a look for yourselves and you will see. Maybe your data is more concerning but no problems with mine.

  52. Anonymous Coward
    FAIL

    This is not a new revelation

    Please spend a few minutes reading:

    https://alexlevinson.wordpress.com/2011/04/21/3-major-issues-with-the-latest-iphone-tracking-discovery/

    which shows this has been known about for a long time, already researched and published (even in a book on iOS security), and Apple is NOT collecting the data.

    1. Anonymous Coward
      Anonymous Coward

      Also looked...

      Using the SQL tools and still no issue.

    2. Anonymous Coward
      Anonymous Coward

      Finally

      Finally some sensible comments and truly useful information!

      Thanks a lot AC, I've been trying to point this out to people all along this thread but apparently most of their brains go numb as soon as they hear the word Apple.

      And people say Apple has an RDF field... it seems that field is in fact on the other side of the court...

      1. Ilgaz

        As Apple desktop user myself

        It became really hard to defend Apple because of their rude, sometimes swearing cult like fanatics. Apple is being driven to very bad decisions because they are listening to their noise. Some flaw like this, happened to any company except Apple could drive the CEO or very high level staff "retire" because they have healthy people who critize their bad actions.

        anyway, blame fanatics.

        1. Anonymous Coward
          Anonymous Coward

          Ohh let's see @llgaz

          Do you mean like when Google captured and stored actual network traffic using their spy cars?

          Or maybe when Microsoft admitted Windows Genuine Advantage phones home?

          to name just a couple of examples.

          What "high level staff" did retire then?

          Keep living in your dream world.

  53. Anonymous Coward
    Anonymous Coward

    It's funny

    Seeing all the really nasty crap that goes on which people don't complain much about eg:

    * Pandora radio transmitting real location of users

    * Online tracking such as the Facebook like button or that done by ad networks (remember the recent "do no track" option in some browsers?)

    etc..

    people choose to pick on a harmless little file that only caches the cell phone masts the phone has seen, used for the phone's own location services to work.

    The police can get a lot more than what's in that file just by calling up the mobile company.

    Don't want to risk other people finding out which cell towers you may have hanged around? Just check "encrypt backup" in iTunes. There's a lot more valuable information in your phone than this if it fell into the wrong hands.

    1. This post has been deleted by its author

  54. yossarianuk
    Linux

    To avoid the sync'ing with your computer bit..

    You can use Linux...

  55. Steve Davies

    Not the sharpest tool in the box

    "I've had a look at my phone using the tool that was published on the blog (link from the article) "and all I can see is a nice grid showing me the cell towers in the vicinity that my phone was in. I don't see any specific locations, my house isn't even on there, just a bunch of pins showing masts in the area."

    Err, that package has been neutered so there will be less detail..

    "The researchers have released open-source software that makes the entire process a snap. It also plots the information to a map that shows the movements of the user. While the locations are stored down to the second, the researchers said, their software intentionally reduces the time to weekly increments to make the data less useful to snoops."

    Has anyone here given it a full analysis that stands up.

    1. JonHendry

      But it's still just the masts

      Even if it's down to the second, it's still just the cell tower locations, which doesn't give much resolution. It's not going to be enough for someone to be able to tell you left the office, walked down the street a block or two, and popped into a hotel to meet your mistress or into a massage parlor for a happy ending or to meet your dealer to score some smack.

    2. Anonymous Coward
      FAIL

      And if you look at my follow up...

      I've also used the SQL Tools...

    3. Anonymous Coward
      Happy

      LOL

      Also, I wouldn't want my tool to be too sharp...

  56. Ben Rosenthal
    Big Brother

    like many others

    I already assumed this was the case with most or all of the current crop of similar devices.....it's just how easy to gain entry to it that would be the sticking point for me.

    Though I still refuse to pay the Apple premium, so hopefully nobody will ever be able to see how mundane, humdrum and repetitive my life is for the majority of the time :D

  57. Anonymous Coward
    Anonymous Coward

    Just don't go anywhere with your phone

    Just don't go anywhere with your phone. Not that big a deal.

    1. Anonymous Coward
      Anonymous Coward

      Just don't go anywhere with your phone....

      Mine is attached to my house by a piece of wire. The telco know exactly where it is at all times - let's not tell them I sometimes leave the house...

  58. Steve Pettifer
    Black Helicopters

    Not going to read all of these comments...

    ...but this is not news by any means and there is an en excellent analysis and explanation of how and when this was first 'found' here: http://bit.ly/e21NVr

    Me, I'm not really bothered that someone *might* be able to get hold of my phone and then see where I've been: Should it be used for location-based advertising I'll simply opt out (since I'm pretty sure there would have to be an opt out clause somewhere). I suspect people are getting their pants in a twist about nothing much really.

    1. LyingMan

      Steve..

      .. The point is that the data collection itself is not opted in.. The right way for the collection is to be opted in.. not default as 'opt in'..

  59. Pet Peeve
    Boffin

    Meh

    I ran the program. The database is not where you've been, but what cell tower and wifi networks you've been in range of. I was on a trip to San Jose last month, and there were points on the database that were 75 miles away from there. It's not a breadcrumb of your exact gps track, it's the resources that the phone used to connect, or to provide you with GPS info during the trip.

    It's definitely a good idea to encrypt this better, but not for the reason you think - it's an EXCELLENT resource for determining exactly where cell towers are - it makes a little circle for each one. That's not really information that you want so easily collected - I think it's quite possible I could drive around a city and collect the location of every piece of cell radio infrastructure in one day.

  60. JonHendry

    Eh. Low resolution

    I checked my recorded locations stored during a recent weekend in Philadelphia.

    The resolution is in terms of blocks. You can tell I was in Center City Philadelphia, and popped over the river to the University of Pennsylvania campus. But the towers recorded are farther south than I actually went, and one is farther west. (I stopped at 33rd street, but apparently my phone pinged a tower at 38th street.)

  61. Anonymous Coward
    Anonymous Coward

    Why?

    There's no adequate motive to explain what Apple has gone to this trouble to do unless they're making money. Perhaps they are collaborating with social network sites who would love to get their hands on this data and could easily use their iphone or computer app to retrieve it.

    1. Ilgaz

      Don't go that far

      Apple can't gamble that much and Facebook and Twitter are already being pressured by Govt. for more sane privacy settings.

      A California company doing such a nasty privacy crime would go out of business, especially California. Notice some sites have "your californian privacy rights"? It comes from the amazingly strict law of California.

  62. TheOtherHobbbes
    Boffin

    Oh the drama

    Having just downloaded the application and looked at the data, here's what I found:

    1. Location accuracy is wretchedly poor, and frequently wrong. Apparently I've been on day trips to Newport, Oxford and Weymouth recently - which is certainly news to me.

    2. The best accuracy is maybe half a mile.

    3. In all the years of tracking data I've collected, I've never been at home. Not once.

    So... the assertion that this is uber-spy Big Brother monitoring is clearly nonsense and wild exaggeration.

    The only conclusions anyone can draw from the collected data is that on [date] you made a journey to [region.]

    If [region] includes a city, there's a good chance you went to that city - probably.

    There's *no chance at all* of getting anything as accurate as a street address, or even a mode of transport. (Car, bus, or tube? No idea...)

    Now - this doesn't mean Apple should be collecting this data.

    But that's for two reasons.

    One is that it's not Apple's business.

    The other is that this data is so useless it's difficult to see that it has any value to anyone. It's useless to advertisers, useless to Apple, useless to law enforcement, and useless to the emergcency services.

    So the real issue is - why bother at all?

  63. Joe 48

    Who Cares

    Lets face it does it really matter. Most people who own iPhones would have 'checked in' on facebook anyway....

  64. Matt_V
    Jobs Horns

    this may explain it...

    http://www.f-secure.com/weblog/archives/00002145.html

    I still think, at the very least, it's a sneaky way of going about it though...

  65. Anonymous Coward
    Anonymous Coward

    Less drama, more facts

    Read this

    https://alexlevinson.wordpress.com/2011/04/21/3-major-issues-with-the-latest-iphone-tracking-discovery/

  66. Maty

    iPads?

    Were these just bundled in to make the thing more comprehensive? Let's say I have a wifi-only iPad (as in fact I do). When this has no connection, I really doubt anything is tracking it. A couple of apps have asked if they can use location and been told no.

    So perhaps it depends on which iPad you have. I'm more worried about my car's GPS. I'm SURE that thing is tracking my movements.

  67. John Burton
    FAIL

    Amazing stuff

    Amazing stuff. Not the article. We've come to expect this kind of stuff from apple.

    But the reaction from some people.

    I honestly think that if apple were to announce that they'd disabled everyones iphone and you should go buy a new one at full price immediately there would still be dozens of posters on here saying yes this is a perfectly reasonable thing to do

    1. Anonymous Coward
      Anonymous Coward

      Get real John

      It's the reaction from people like you that's amazing, almost like a firehose of nonsense.

      If you follow that same line of though you could claim that the Chrome cache files are all part of a conspiracy plan by Google.

      Everything should be judged coming from a presumption of innocence. This presence of this file is very easy to explain if you understand anything about software and how GPS location works on phones.

      If it wasn't believe me I'd be among the first up Apple's throat.

      1. jake Silver badge

        @+++ath0

        I gotta question for ya, shill ...

        An internet (browser) cache stores info on a computer under the assumption that the individual user, who owns the computer, will frequent specific internet sites, thus minimizing transfer of data and minimizing bandwidth use for that individual.

        Said stored ("cached") data is only stored when requested by that user, and only used when re-requested by that user.

        On the otherhand, when I am using my telephone, I expect it to find the nearest ("least costly") cell tower, and make the call accordingly. Why the hell should my telephone need to look thru' a database that includes my time/location information, detailing when I'm in Forresta, Graeagle, Fort Bragg, Covolo and Solvang, when I'm in Grass Valley (all in California)?

        The answer is that it doesn't need to look thru' that database. All it needs to do is get the signal, and act accordingly. In fact, that database has absolutely zero use in the day-to-day life of the consumer.

        Yes, the telcos are probably required to keep "who was where, and when" info ... but on the personal hardware of their customers? Not so much ...

        IMO, that database only exists to track the user, for reasons that are uncertain. And that is an extremely good reason to avoid AAPL products at the consumer level. It is a personal privacy invasion atrocity looking to happen.

  68. Anonymous Coward
    Troll

    can i hide this title?

    so a hidden iPhone file tracks users every move.....

    Like they don't tell you on Facebook every five minutes anyway.

  69. AlexS
    Jobs Horns

    More Apple

    As the register loves to publish at least 3 stories for every 1 real story here is an oppertunity. Why not talk to all your staff, download their data. and show us what you all do? :) You could compare the main bosses phone for instance to a typical 10K per year journo. In fact there's tons of milage and padding, maybe you could do a weekly feature.

This topic is closed for new posts.

Biting the hand that feeds IT © 1998–2019