Apple's iPhone <eta: and other smartphones?> tracks users every movement
- Thread starter Kid_Eternity
- Start date
editor
hiraethified
That's complete nonsense. I often don't even bother turning on GPS in London because the cell tower triangulation is so accurate. It's clearly a different story out in the wilds, though.
ymu
Niall Ferguson's deep-cover sock-puppet
Google maps can nearly always get us within 200m of where we are on the canals, nowhere near a city. That's with no GPS, just a 3G internet connection. I'll test it when we get to some really isolated places and see how it does.
mauvais
on reddit or something
Or anywhere that isn't London. I get a radius of over a mile at home in suburbia. I know that Google's location service doesn't use triangulation though - just CID and LAC.
It usually looks like this:
Not mine, I just googled 'complete nonsense'.
editor
hiraethified
Cell locations can be very accurate, down to just 50 metres or less. That is a simple fact.
2hats
Dust.
They can also be wildly inaccurate/misleading!
2hats
Dust.
Use the source Luke
If you grab the provided application source code and modify it (the app grids the data every few hundred metres and only provides time resolution down to a week) then you can easily plot precise locations in both space and time.
However, just looking at my own 'map' the data are inaccurate. At best one can say subject X was in this area of a city around time T. My own map fails miserably to identify the locations where I'm most frequently to be found. Even looking at the data recorded in central London (with best cell tower triangulation conditions) a stalker is going to be very bored and/or confused hanging around locations I seldom if ever visit. Many of the datapoints are out by hundreds of metres, some by as much as tens of km (eg places I've never been). Some locations I know I've been on a given date are missed out entirely (eg entire countries or the fact I'm in a particular city, let alone at the resolution of a district/street/house).
For use in legal proceedings it should be straightforward to demonstrate it can't be trusted.
However, that doesn't excuse Apple for [A] surreptitiously collecting the data and not being up front about it, and as importantly storing said data effectively in the clear so it can easily be harvested by malware/dodgy websites/etc from the mobile device and/or the computer it syncs to. They could easily have encrypted it both in the synced backup image and on the mobile device (with app access via a suitable API).
Apple moved the datafile to make it accessible to apps in iOS4 as they made other API changes at the time which would otherwise have prevented apps that really need this data from being able to access it. Unfortunately this had the effect of making the data both easily accessible on backups and to 'forensic' tools.
Interestingly there's an on going story about police in the US using commercial forensic devices to harvest this sort of data in warrant-less 'fishing trips' as part of 'random' driver stop and searches (they scan the driver's mobile phone or other personal electronic devices found in the car):
http://news.cnet.com/8301-17938_105-20055431-1.html?tag=mncol;txt
Similar devices are doubtless used 'randomly' at border control/security/customs.
I'm guessing the device concerned (and any other forensic device) snaffles this location file, plus wifi base station data (which is also cached over time) and GPS/time metadata from photos on the phone. All three sources together could be used to plot a more accurate map of where the phone has been...
Some solutions? Jailbreak your phone and symlink the datafile to /dev/null. Or wipe the phone frequently and don't restore it (bye bye paid apps). Or use a dumber phone. Or one for which you have access to the complete source code.
If you grab the provided application source code and modify it (the app grids the data every few hundred metres and only provides time resolution down to a week) then you can easily plot precise locations in both space and time.
However, just looking at my own 'map' the data are inaccurate. At best one can say subject X was in this area of a city around time T. My own map fails miserably to identify the locations where I'm most frequently to be found. Even looking at the data recorded in central London (with best cell tower triangulation conditions) a stalker is going to be very bored and/or confused hanging around locations I seldom if ever visit. Many of the datapoints are out by hundreds of metres, some by as much as tens of km (eg places I've never been). Some locations I know I've been on a given date are missed out entirely (eg entire countries or the fact I'm in a particular city, let alone at the resolution of a district/street/house).
For use in legal proceedings it should be straightforward to demonstrate it can't be trusted.
However, that doesn't excuse Apple for [A] surreptitiously collecting the data and not being up front about it, and as importantly storing said data effectively in the clear so it can easily be harvested by malware/dodgy websites/etc from the mobile device and/or the computer it syncs to. They could easily have encrypted it both in the synced backup image and on the mobile device (with app access via a suitable API).
Apple moved the datafile to make it accessible to apps in iOS4 as they made other API changes at the time which would otherwise have prevented apps that really need this data from being able to access it. Unfortunately this had the effect of making the data both easily accessible on backups and to 'forensic' tools.
Interestingly there's an on going story about police in the US using commercial forensic devices to harvest this sort of data in warrant-less 'fishing trips' as part of 'random' driver stop and searches (they scan the driver's mobile phone or other personal electronic devices found in the car):
http://news.cnet.com/8301-17938_105-20055431-1.html?tag=mncol;txt
Similar devices are doubtless used 'randomly' at border control/security/customs.
I'm guessing the device concerned (and any other forensic device) snaffles this location file, plus wifi base station data (which is also cached over time) and GPS/time metadata from photos on the phone. All three sources together could be used to plot a more accurate map of where the phone has been...
Some solutions? Jailbreak your phone and symlink the datafile to /dev/null. Or wipe the phone frequently and don't restore it (bye bye paid apps). Or use a dumber phone. Or one for which you have access to the complete source code.
sunnysidedown
caput mortuum
I did laugh at this comment on another forum: "I cant find the app in the Mac app store, has it been pulled?"
ymu
Niall Ferguson's deep-cover sock-puppet
How could it be used to solve a murder? If the police need the data on someone, they can have it. This is of no use to officialdom*
But stalking? There's an app for that ...
*unless they're trying to circumvent the need for a court order via mass trojans
/paranoid conspiracy.
But stalking? There's an app for that ...
*unless they're trying to circumvent the need for a court order via mass trojans
/paranoid conspiracy.
2hats
Dust.
That's what warrants (judicially reviewed) for the police to obtain cell tower positional data from telco's are for.
If you look at the raw, 'precise' data on an iphone (or backup), you'll soon realise that due to numerous spurious datapoints and lack of accuracy that the only potential use in a court of law for this data would be for a miscarriage of justice.
editor
hiraethified
Kanda
Diving wanker
Bernie Gunther
Fundamentalist Druid
It's a bit weird. If they were planning to data-mine it, surely it'd make more sense to collect it server-side the way everybody else does?
Wondering if someone left some debugging code in the live build ...
Wondering if someone left some debugging code in the live build ...
2hats
Dust.
At the expense of a slower backup, yes, some. Doesn't touch the original, still clearly accessible file on the iphone itself, though. Of course if you share the computer with others and don't routinely use separate accounts, or leave those accounts logged in and add the password to your keychain (and unlock that at login) then others or malware can still access it. The most effective solution for the paranoid might well be to jailbreak the iphone and symlink the file to /dev/null.
Kid_Eternity
Quis custodiet ipsos custodes?
Yup that's why I don't see the burglar angle as that big a deal (in a practical sense not privacy sense that is), the chances of it happening are very very low.
This data is a marketing dream, the chances of it being sold or commercially exploited are hugely bigger than coming home and finding your house ransacked due to it...
ymu
Niall Ferguson's deep-cover sock-puppet
It would be illegal if they were storing it remotely.
It's not an error - the data is copied to a new iPhone automatically. It's there deliberately. (Link somewhere ^^ back there.)
Kid_Eternity
Quis custodiet ipsos custodes?
iPhone Tracking Is All A Big Mistake, Says Researcher
Looks like Apple's counter PR drive is gearing up:
Looks like Apple's counter PR drive is gearing up:
magneze
🎧
Laughable. 
At least we know who not to go to for forensics research.
It's not new - ok, not sure how that is good.
It's not _really_ tracking users - how is it not _really_ tracking users?
At least we know who not to go to for forensics research.It's not new - ok, not sure how that is good.
It's not _really_ tracking users - how is it not _really_ tracking users?
http://www.thefreedictionary.com/tracking
2hats
Dust.
Speculation
Summary: Skyhook et al too expensive so Apple might be letting customer handsets do the scanning and help build their own wifi-geolocation database:
http://www.f-secure.com/weblog/archives/00002145.html
The phone certainly stores wifi geolocation data (estimated latitude, longitude and timestamps along with altitude, speed, confidence, horizontal accuracy and vertical accuracy) in a similarly accessible database:
http://www.freedom-to-tinker.com/blog/wclarkso/tracking-your-every-move-iphone-retains-extensive-location-history
and harvesting your lat/long/time from the JPEG EXIF metadata on your phone is trivial.
What fun the police could have with a device that does all three and profiles the movement of the phone. Fishing trips to catch speeding drivers? "Now if I can just borrow your phone a minute, Mr Clarkson", as someone hinted at elsewhere.
Summary: Skyhook et al too expensive so Apple might be letting customer handsets do the scanning and help build their own wifi-geolocation database:
http://www.f-secure.com/weblog/archives/00002145.html
The phone certainly stores wifi geolocation data (estimated latitude, longitude and timestamps along with altitude, speed, confidence, horizontal accuracy and vertical accuracy) in a similarly accessible database:
http://www.freedom-to-tinker.com/blog/wclarkso/tracking-your-every-move-iphone-retains-extensive-location-history
and harvesting your lat/long/time from the JPEG EXIF metadata on your phone is trivial.
What fun the police could have with a device that does all three and profiles the movement of the phone. Fishing trips to catch speeding drivers? "Now if I can just borrow your phone a minute, Mr Clarkson", as someone hinted at elsewhere.
Not really, just download them again. But the info would still be on your PC wouldn't it?
Similar threads
