Urban75 Home About Offline BrixtonBuzz Contact

Apple's iPhone <eta: and other smartphones?> tracks users every movement

But, as expected, it's just the local log that they are cleaning up, not the vast location database to which no-one realised they were populating.
 
But if the data in the larger database contains no user ID information, then the privacy concerns are reduced. And seeing as the local database contains entries not just for places you've been, but places in a wider area, so that location services work well in those places, the ability to tie your phone to any particular location is even harder than thought.
 
These calculations are performed live on the iPhone using a crowd-sourced database of Wi-Fi hotspot and cell tower data that is generated by tens of millions of iPhones sending the geo-tagged locations of nearby Wi-Fi hotspots and cell towers in an anonymous and encrypted form to Apple

...

The entire crowd-sourced database is too big to store on an iPhone, so we download an appropriate subset (cache) onto each iPhone
What they appear to be saying is that consolidated.db, with its timestamped locations, is someone else's data. Your own location is sent over the air separately in order to build the larger database. OK, the two might overlap (i.e. you might download your own submitted records), but for the most part it is only a cache of the wider area you've been in, which has some privacy implication but a very weak one.

This (if true) leaves me feeling that the technical approach is not unreasonable, and the security research that supposedly revealed this is pretty poor.
 
Here's a real world analysis of how accurate the tracking was:
Averaging entries with the same timestamp comes remarkably close to the phone’s actual location, but only if reception is good and cellular towers are dense. Averaging a random sample of consolidate.db entries with late-night timestamps yielded coordinates only 690 meters from the actual location of my apartment. The average of a block of entires on a Saturday gave me coordinates only 630 m from my girlfriend’s house. Both of these locations have great reception and are moderately-dense suburban neighbors. On the other hand, averaging entries during the week put me a full 8.1 km from the actual location of my office. We have terrible reception in my office, so this is not too surprising.

http://tomstokes.wordpress.com/2011/04/21/preliminary-analysis-of-the-iphone-location-log/
 
I agree that technically it's a pretty clever approach, but maybe the engineers were too hung up on what they could do rather than what they should do.

Without this publicity would anyone have realised that either their phone was periodically sending location data to Apple servers or that they had apparently agreed to this? We can only now say that the security research is "poor" due to hindsight. The fact that the researcher has made Apple come clean on what they are doing and has motivated other researchers to check out both Google and Microsoft and found them both wanting means that to my eyes the research is not poor at all - objective achieved.
 
Here's a real world analysis of how accurate the tracking was:

That analysis was from 5 days ago, before we knew that the data was not just from your own phone but was a consolidated download of surrounding 3g cells and wifi networks. So while it does give a fair impresion of how accurate the non-GPS location services on the iphone are, it doesn't have anything to say about how much actual 'tracking' was going on.

I think it's good that apple has come clean about what exactly is going on, but I still criticise the the original research for announcing that effectively "apple tracks your every move" when this wasn't actually the case.
 
That analysis was from 5 days ago, before we knew that the data was not just from your own phone but was a consolidated download of surrounding 3g cells and wifi networks. .
How do you know for sure that this is what is actually happening?
 
How do you know for sure that this is what is actually happening?

It makes sense from the reporting on the subject I've read. The fact that each wifi/3g cell is only listed once each. Apple's explanation.
 
Apples words certainly explains why the data from my iphone was very vague when I analysed it using that app (I dont live in a city).
 
Hmmm...

Other handsets perform similar tasks, but Apple yesterday denied tracking users and claimed that only a bug in the system was causing the phone to store location data on handsets for up to a year. Even data detailing which cells and Wi-Fi hotspots were in range need only be kept for a week, the company said.

Yet this appears to contradict a patent application for “Location Histories for Location Aware Devices” that Apple filed with the US Patent and Trademark office in September 2009.

“A location-aware mobile device can include a baseband processor for communicating with one or more communication networks, such as a cellular network or Wi-Fi network,” Apple said in its patent application. “In some implementations, the baseband processor can collect network information (e.g., transmitter IDs) over time.”

The plan sounds almost identical to the data-accumulating file that landed Apple in hot water with privacy campaigners, after researcher revealed that the company was collecting mappable data on handset locations...

Third-party access

Apple also planned, according to the patent, to allow third parties to see this data trail in a bid to build services around the system.

“The travel timeline can be used by location-aware applications running on the location-aware device or on a network,” Apple said at the time. “In some implementations, an Application Programming Interface (API) can be used by an application to query the location history database.”

Apple's intentions may have changed from the time the patent was filed in 2009 to when the tracking utility was implemented in iOS 4. The company has so far to declined to comment on the patent.

http://www.pcpro.co.uk/news/security/367048/apple-snooping-plot-thickens-iphone-tracker-was-patented
 
Some chancers are now trying to sue Google for $50m over Android 'tracking':

The two Michigan-based HTC Inspire 4G-owners said in their complaint, which was filed on April 27th in Detroit, that they've been tracked "just as if by a tracking device for which a court-ordered warrant would ordinarily be required." Naturally, they're seeking $50 million in damages, along with a court order to force Google to stop tracking owners of their Android devices.

They're going to have a tough time over this one, unlike the iPhone owners, because Google actually asks users to opt-in to the "collection, sharing and use of location," according to Google, which said "any location data that is sent back to Google location servers is anonymized and is not tied or traceable to a specific user.

http://gizmodo.com/#!5796968/google-sued-over-android-phone-tracking
 
Apple and Google scolded by US politicians over mobile data

Looks like both of them have been grilled over this.

"I believe that consumers have a fundamental right to know what data is being collected about them," said the Democratic senator Al Franken from Minnesota at a hearing of the new senate judiciary subcommittee on privacy, technology and the law. "I also believe that they have a right to decide whether they want to share that information, and with whom they want to share it and when."

Franken, chairman of the subcommittee, added: "I have serious doubts about whether those rights are being respected in law or in practice."

The Apple software chief, Guy "Bud" Tribble, said the company is committed to user privacy. "Apple does not track users' locations," he said. "Apple has never done so and has no plans to ever do so." But he added that the company's privacy policy says that Apple "may collect, use and share precise location data." Tribble wouldn't answer questions after the hearing about the apparent discrepancy.

Google's director of public policy in the Americas, Alan Davidson, said the company's Android smartphone platform has a similar policy. "All location data that is sent back to Google's location servers is anonymised and is not traceable to a specific user or device," he said.

But Franken challenged the assertion that Apple's and Google's location data are anonymous. He asked another witness, researcher Ashkan Soltani, whether the time-stamped location data could be used to track users. Soltani said that he thought it was possible, and that assertions the data are anonymous are "not really sincere".
 
Nice to see politicians getting to grips with this properly - ie: not seeing it as fixed just because the location data is not stored locally. The bigger picture is what is sent to servers.
 
Nice to see politicians getting to grips with this properly - ie: not seeing it as fixed just because the location data is not stored locally. The bigger picture is what is sent to servers.

Yep, interesting it's being taken this way too...
 
European Union may place tougher privacy restrictions on Apple

Looks like this issue isn't going away...

A new statement from the European Union could lead to greater restrictions on the handling of location data on mobile devices for companies like Apple and Google.

EU privacy officials published a nonbinding opinion this week stating that users must be given "clear, comprehensive" information about location data, according to Bloomberg. The opinion comes as data protection officials in Europe continue to investigate the iPhone location services controversy that recently erupted.

The new EU opinion states that information collected through Wi-Fi and location services is considered "personal data." Such a classification would make the data subject to EU privacy rules.
 
Back
Top Bottom