Researchers announced last week that they found what look like secret files on the iPhone that track user location and store it on the device, without the permission of the device owner. Apple has been collecting it in iOS products that carry a 3G antenna for nearly a year now to help create a crowd-sourced database that's able to help speed up location positioning.
Pete Warden, a writer, and Alasdair Allan, a senior research fellow in astronomy at the University of Exeter, discovered the log file and created a tool that lets users see a visualization of that data. Last week they said there was no evidence of that information being sent to Apple or anyone else, which Apple has now said it uses to build a large, anonymized database. That data was found to be unencrypted, giving anyone with access to your phone or computer where backups may be stored a way to grab the data.
A week later, Apple broke its silence to explicitly say that this data is not for the purposes of tracking where people are. Instead it's to help the company's devices zero in on their location using information from part of a larger database. Furthermore, Apple said a future software update would cut down the time this data was stored on the phone, and that it would be encrypted.
To help users understand more about the data that's being collected, what the risks are, and what they can do about it, CNET has put together this FAQ, which has been updated several times since it first published on April 20. You can also view Apple's response to the matter here, which was posted April 27.
Who are the researchers and how did they find this?
Warden, who used to work at Apple (though not on the iPhone), and Allan had been collaborating on some location data visualization projects, including a visualization of radiation levels over time in Japan after the earthquake, when Allan discovered the file on an iPhone. "After we dug further and visualized the extracted data, it became clear that there was a scary amount of detail on our movements," they wrote in a blog post.
When did this start and what devices are tracking this data?
According to Allan and Warden, the tracking didn't begin until iOS 4, which was released in late June 2010. The previous version of iOS did in fact track a similar set of information, including cell towers and GPS information, but the data was not stored in a simple directory format.
iOS 4 was the first version of iOS to drop support for devices like the original iPhone, with devices like the iPhone 3G and second-generation iPod Touch getting a more limited feature set. Along with iPhones, 3G-enabled iPads are also keeping track of the data, though it's unclear if this is true for people who have 3G devices without active cellular subscriptions.
The tracking data itself was actually discovered last year. Research from Alex Levinson and a book by Sean Morrissey from Katana Forensics detail information that can be gleaned from these files. There's also a tool by French programmer Paul Courbis that's similar to the one released by Allan and Warden and is able to plot up to 10,000 of these data points from the database file to a Google Map. The issue was known in forensics circles but not widely, Allan and Warden said in a news conference this afternoon at the Where 2.0 conference in Santa Clara, Calif. An application they released that allows people to see what data is on individual devices makes the abstract tracking concept more real.
Did they contact Apple on their findings?
The researchers said they had contacted Apple's Product Security team but hadn't heard back.
Where is this data being stored?
The database of location information is stored primarily on your phone, though due to the iOS device backup system in iTunes, these files can also end up on your computer. When iTunes saves these backups, which are set by default to be stored every time you sync an iOS device, the data file goes along with it.
What's curious is that this log can extend across multiple devices as long as those devices use the same restore point. Allan and Warden noted that the database used as part of the project spanned an iPhone 3GS and an iPhone 4, the latter of which had used a restore point. In its response about the issue, Apple said it would be cutting the size of this local database down to information from the last seven days.
The researchers have more technical details and the downloadable application to see a visualization of the section of the database stored on your phone over time here. The application does not work with iPhones on Verizon, the researchers said.
In the 13-page response to a letter about phone privacy sent by Rep. Ed Markey (D-Mass.) back in June, Apple more firmly laid out the storage location of various types of collected information, which you can read here (PDF). The long and the short of it is that Apple said it tracks this information and uses it as part of its own database of locations and cell towers. Some of that information, including Wi-Fi access points and cell towers, is sent back to the company every 12 hours when users are connected to a secured Wi-Fi network. That information is decoupled from the user to make sure it cannot be traced back to the specific device. The transmitted GPS information specifically remains private to the company, Apple said.
What's inside this data?
A database of cell tower coordinates and timestamps to indicate when your device was connecting with them. This includes what operator you're on and the country code. The research also found that Apple was tracking data about what Wi-Fi networks you were connecting to, which also included slightly less accurate location information, but continued to track that data by time. The researchers' visualization app shows large blue dots for frequent activity and smaller red or orange-colored dots for less frequent activity. However, it's unclear exactly what is triggering the logging, they said.
Is there an easier way to see that information than a giant database form?
Yes, Allan and Warden created an open-source software program that is able to go through the data from the database file and turn it into a visualization of what towers your device connected to based on the dates and times. The pair say the application intentionally cuts down on the accuracy of this data to keep the software from being used for bad things. You're also likely to see points in places you haven't been, since the tracking tools within the iPhone make use of nearby cell towers to triangulate location, and Apple has confirmed that the software grabs locations hundreds of miles away. "As a data geek I was excited to have this data set, but I don't want anyone else to have this data," Allan said.
What is the harm with this data being collected and stored on the device?
"By passively logging your location without your permission, Apple [has] made it possible for anyone from a jealous spouse to a private investigator to get a detailed picture of your movements," the researchers wrote in their FAQ.
Some forensics companies offer such software, which you can read more about in this post.
Apple has responded by saying that "the location data that researchers are seeing on the iPhone is not the past or present location of the iPhone, but rather the locations of Wi-Fi hotspots and cell towers surrounding the iPhone's location, which can be more than one hundred miles away from the iPhone." Furthermore, the company would be encrypting that information, and dramatically reducing the time it's stored.
While acknowledging that there is no need to panic, the researchers last week noted that if someone gets hold of the device, they can access the unencrypted data. "Your cell operator has this information," they said in the news conference. Anyone who wants it has "to get a court order to get that from a provider. But now, all you have to do is lose your phone in a bar."
Apps on the device cannot access the data, because it is "sandboxed," the researchers said. However, it could be accessed by software on the computer that holds the backup, they said. Such a practice will no longer be the case once Apple begins automatically encrypting that data in the next software update.
How do I protect this data from being seen by others?
Right now, the data file itself is completely unencrypted, meaning anyone who gets hold of it can access the data freely. On the iTunes side, there's an option to encrypt your backups, which will keep someone who gets access to a backup file while rummaging through your hard drive from being able to dig through it and pull out the database file. Apple says it will cease saving this file in iOS device backups in a future software update, as well as encrypting the section of the database that's stored on the phone.
In the interim, to enable the encryption feature in iTunes, click on the device icon when the iOS device is plugged into iTunes, then check the "Encrypt iPhone Backup" item in the "Options" area. As for your iPhone, or iPad with 3G, your best bet is to keep someone else from getting it in the first place, and then using Apple's free "Find My iPhone" app to do a remote wipe if it's lost or stolen.
How do I turn this tracking off?
Right now there's no way to turn the tracking off, since it's baked into the operating system and used by Apple for its location services. Turning off GPS will make the device less functional for location-based services such as mapping. And according to a test done by The Wall Street Journal, this user action does not keep the device from storing location data on the phone. In its response to queries about location tracking, Apple said the that phones would no longer store the data once the location features were disabled. Such behavior was "a bug" that would be fixed in an upcoming software update.
For those with jailbroken iPhones, there's a third-party utility called Untrackerd, which is able to remove the tracking logs as they're made. "This package installs a daemon (process that can run in the background) to clean the consolidated.db file," its description says. Alternately, there's a tool called Location Blocker, which performs a similar purge of the recorded data.
Can Apple do this?
According to the iTunes terms and conditions, yes. The company pretty clearly spells out its right to "collect, use, and share" location data any time it pleases. From the document:
Apple and our partners and licensees may collect, use, and share precise location data, including the real-time geographic location of your Apple computer or device. This location data is collected anonymously in a form that does not personally identify you and is used by Apple and our partners and licensees to provide and improve location-based products and services. For example, we may share geographic location with application providers when you opt in to their location services.
Some location-based services offered by Apple, such as the MobileMe "Find My iPhone" feature, require your personal information for the feature to work.
That said, the company made a big kerfuffle about making third-party application providers--as well as the built-in Google Maps application--alert users when location was being used by including an arrow in the status bar that is required to appear whenever the phone is sending or receiving location data. This feature came as part of iOS 4, which is when the company began the tracking process.
Apple CEO Steve Jobs also made it a point during an interview at the D8 conference last year that privacy was a topic of utmost importance to the company. "Before any app can get location data, they can't just put up a panel asking if it can use location, they call our panel and it asks you if it's OK," Jobs said. "That's one of the reasons we have the curated App Store. A lot of the people in the Valley think we're old-fashioned about this. But we take it seriously."
Why is Apple doing this?
Apple did not respond to requests for comment on the matter for a week. On April 27 the company broke its silence with a Q&A on its press site detailing responses to 10 common questions.
According to Apple, the data tracking feature is not logging user location, it's "maintaining a database of Wi-Fi hotspots and cell towers around your current location, some of which may be located more than one hundred miles away from your iPhone, to help your iPhone rapidly and accurately calculate its location when requested." This is done to speed up the amount of time it takes devices to lock on to a GPS signal, as well as figure out where you are using a mix of Wi-Fi hot spots and nearby cell towers.
Apple says the data that's stored on the phone is just a piece of this larger database, and that any location data which is sent back to Apple is both anonymous and encrypted.
Is Apple the only one doing this?
At least some phones running Google's Android OS also store location information, Swedish programer Magnus Eriksson told CNET. And research by another security analyst suggests that "virtually all Android devices" send some of those coordinates back to Google. The information sent to Google.com includes timestamps, current and recent GPS coordinates, nearby Wi-Fi network addresses, and two 16-letter strings representing a device ID that's unique to each phone. A Google spokeswoman said the company had no comment on the matter.
A Microsoft representative told CNET that the company's Windows Phone platform does not store location history, and that the "Find My Phone" service only keeps the phone's most recent location. Since this story originally published on April 20, it's been found that Windows Phones transmit to Microsoft a data dump including unique device ID, local Wi-Fi network information, and GPS latitude and longitude information. But once again, that data is not stored on the device in a local file like the iPhone does.
CNET asked Research In Motion and Nokia whether their devices track behind-the-scenes location data but has not yet heard back from them. These platforms let users track their own movements with GPS apps, though it's unclear whether there's tracking going on behind the scenes.
Coming back to the greater issue about location grabbing, Apple is not the first company to collect data without users knowing. Google got in hot water last year after admitting that it was collecting data from non-password-protected Wi-Fi networks for three years as part of its Street View project. As the Street View car with the camera on top would drive around collecting imagery, it was also sniffing out information about nearby open networks. Following the privacy probes that came as a result of the disclosure, Google stopped the practice back in October.
Any questions we didn't cover? Feel free to leave them in the comments, or shoot us an e-mail and we'll try to get them answered.
CNET's Declan McCullagh contributed to this report.
Updated at 11 a.m. PT on April 22 with additional information about location tracking on Android devices, location storage habits, and discovery of the feature.
Updated at 6:30 p.m. PT on April 25 with information about disabling the feature.
Updated at 11:15 a.m. PT on April 26 with information about tracking on Microsoft's Windows Phone platform.
Updated at 7:15 a.m. PT on April 27 with information from Apple's response.
This story was originally published on April 20.