toggle

iOS 4 found to be saving unnecessary location histories

updated 11:00 am EDT, Wed April 20, 2011

 

Content is unsecured, event speakers claim


iPhones and 3G iPads are regularly saving position data to a hidden file, say two presenters at today's part of the 2011 Where 2.0 conference in Santa Clara, California. The file, consolidated.db, is reported to have a "long list" of stored locations and time stamps, and moreover carry it over between backups and device migrations. A history can potentially hold "tens of thousands" of data points stretching back to the introduction of iOS 4.

The data is thought to be created using cell-tower triangulation, but with erratic timing, which could be a result of traveling between towers or else a device's own activity. People can access the information by downloading a custom application. At the software's download site, users can also read extra technical information.

The file may represent a security and privacy threat as by default, it lacks encryption or any other form of protection. The only immediate safeguard is to choose to encrypt backups through a device panel in iTunes. Apple is noted to have been informed of the vulnerability, but has not yet responded.




Share


By Electronista Staff

Post tools:

TAGS :  

iPhone, security, Apple, iPad, iOS, iOS 4

Related Articles

Recent Articles

toggle

Previous Comments

    Comment buried. Show
  1. prl99

    Fresh-Faced Recruit

    Joined: Mar 2009

    -16
    04/20, 11:12am | report spam | (2 replies) | reply

    and your point?

    How do you see this as an invasion of privacy or a security threat? Can you prove Apple is using this information? Who cares where my phone has been, I don't. I absolutely not going to go to the website and download that application. Who's to say that application doesn't imbed malware to track other data stored on my iPhone.


  1. ampm99

    Fresh-Faced Recruit

    Joined: Jan 2007

    +7
    04/20, 11:39am | report spam | reply

    cute app gives transparency to potential invasion

    You're right. This doesn't prove Apple or anyone else has violated your privacy. However, the potential for invading your privacy exists and transparency is healthy. The right to privacy includes the right to know if your privacy has or can be violated. Before secure internet connections, many people thought it was safe to enter cc info on any site. Now they know better.

    This app also reminds us there are trade-offs to all the benefits of modern technology. We each need to know the trade-offs to make our own judgements. So many features and license agreements inundate us, it is very hard to make any judgements without vetting by communities and sites like this

    I would use this information to either lobby Apple to encrypt this file with explicit opt in. Is access to his file what we agree to if you opt in to geo tracking with an iphone app? I wonder what happens if you delete the file? I wonder if an app can bypass permissions by going directly to the file?

    It's a cute app. however. I forgot a few places I had visited.


  1. gprovida

    Fresh-Faced Recruit

    Joined: Feb 2006

    +1
    04/20, 11:47am | report spam | reply

    App Seems Buggy

    All I get is an app window and a spinning "loading" icon.


  1. WiseWeasel

    Junior Member

    Joined: Apr 1999

    +12
    04/20, 12:00pm | report spam | reply

    Hmmm

    Something tells me this file is among the first targeted by law enforcement when they steal your phone's data without a warrant:
    http://www.popularmechanics.com/technology/gadgets/news/should-cops-be-alowed-to-scan-your-phone-during-a-traffic-stop-5587825?click=pm_latest


  1. osxpro

    Fresh-Faced Recruit

    Joined: Oct 2007

    +2
    04/20, 01:41pm | report spam | reply

    Who cares?

    Most Sheeple do not care what personal data is stored on them but the fact is, the government and other corporations are mining this data continuously. Just this week it was reported that WI police are downloading peoples phone data - a clear violation of our 4th amendment right to privacy and UNWARRANTED search and seizures.
    Tracking your whereabouts on a minute by minute basis is the Holy Grail for some Government agencies.
    Call me what ever you want but you have to ask yourself WHY does the government or ANYONE for that matter want to know your ever move?
    I am a Mac Professional but I refuse to carry an iPhone or ANY phone that is capable of tracking my whereabouts. I removed the RFID from my vehicle too - Yes all current model vehicles have trackable RFID's in them...
    I'm an honest person that pays my taxes, etc. My fingerprints are registered in many states because I hold a CCW license. BUT I DO NOT believe it's ANYONE's business to know where I am at all times and track every move and purchase I make. It's a b**** to carry cash all the time but I do.
    All the time I hear, "I have nothing to hide"... Neither do I but That's not the point folks! It's not a matter of having anything to hide but rather the fact that someone can and will watch everything you do. This is no different than having a government agent following you around with a video camera 24/7.
    Believe me when I say that when people no longer value their rights afforded under the constitution, someone will happily revoke them under the guise of "convenience". Mind you, the convenience will certainly be for them and not you.


  1. SierraDragon

    Mac Elite

    Joined: Mar 2004

    +8
    04/20, 02:17pm | report spam | reply

    C'mon, Apple.

    I am amazed that anyone could _not_ "...see this as an invasion of privacy?" Unknown to the individuals, ongoing time/location being tracked and stored in a readily accessible file is an obvious huge invasion of privacy. If this was not done for some nefarious purpose (e.g. govt. spooks must love this info) it would be (a) obvious and (b) erasable, like history on a web browser.

    I can see lots of positive uses for this info - - but NOT HIDDEN. Apple needs to make this a documented, on/off/deletable "Setting."


  1. wrenchy

    Forum Regular

    Joined: Nov 2009

    -6
    04/20, 03:03pm | report spam | (1 reply) | reply

    Well, well, well.


    Where are all the Google-hating, privacy advocates now? From the above posts,

    - prl99: "How do you see this as an invasion of privacy or a security threat? Can you prove Apple is using this information?"

    - DeezNuts: "The author's of the app are well respected authors." "Not likely they are a couple of guys trying to plant malware on your machine!"

    - osxpro: "Most Sheeple do not care what personal data is stored on them"

    Oh!! So it's ok for an iPhone application to clandestinely track AND store your location(s)? I can just imagine the comments on this two-bit board if there was an Android program that did just that.

    Looks like Apple just pulled.... A Google. Thanks Apple.

    iHypocrites. The lot of you.


    - Sent from my Android Device.


  1. testudo

    Forum Regular

    Joined: Aug 2001

    +4
    04/20, 03:53pm | report spam | (1 reply) | reply

    Re: Who cares?

    Most Sheeple do not care what personal data is stored on them but the fact is, the government and other corporations are mining this data continuously.

    That's because most 'sheeple' (not sure who you classify these people are, iPhone users?) don't believe companies like Apple would do something so stupid as leave your location history sitting around for anyone to read. Just like they wouldn't believe that MS would s**** up Windows so bad that it keeps getting infected.

    Just this week it was reported that WI police are downloading peoples phone data - a clear violation of our 4th amendment right to privacy and UNWARRANTED search and seizures.

    Sorry, you are wrong there. It has been ruled by the courts that getting phone data is not a 4th amendment breach. That is, they can get the numbers you call, but they can't tap the line. Same goes with knowing who you send an email to vs. knowing the contents.

    Not saying I agree. Just saying that's what the courts have ruled. Thank those in Congress for allowing them via the Patriot Acts and various other laws to 'stop the terrorists'.

    Tracking your whereabouts on a minute by minute basis is the Holy Grail for some Government agencies.

    They already do this through those security threads in the money in your pocket.

    Wait, I may have said too much.

    Call me what ever you want but you have to ask yourself WHY does the government or ANYONE for that matter want to know your ever move?

    Because they love you and want you to love them back?

    I am a Mac Professional but I refuse to carry an iPhone or ANY phone that is capable of tracking my whereabouts. I removed the RFID from my vehicle too - Yes all current model vehicles have trackable RFID's in them...

    If you carry any cell phone, they can track your movements. It's the nature of phones, since phones have to talk to towers to let them know they're near by.

    And did you remove ALL the RFID from your vehicles? In your tires, electronics, engine compartment, etc?

    This is no different than having a government agent following you around with a video camera 24/7.

    Who told you about Fred? Damn, his cover's blown!

    Believe me when I say that when people no longer value their rights afforded under the constitution,

    sorry, already there. Take arizona, where the idiots, um, I mean citizens, believe it is more important for the police to verify the citizenship of every person they stop (oh, excuse me, of all 'suspicious' people they stop, which means 'latinos') and have them 'prove' they're American, then worry about silly things like constitutional rights.

    someone will happily revoke them under the guise of "convenience". Mind you, the convenience will certainly be for them and not you.

    It isn't under the guise of convenience. It's under the guise of 'security'. We need to track and trace everyone and everything, read and hear everything, all because someone out there might be planning some nasty deed.


  1. imNat-imadouche

    Fresh-Faced Recruit

    Joined: Apr 2011

    +1
    04/20, 06:50pm | report spam | reply

    Google I hat...

    ...oh wait, this time its Apple.


  1. charlituna

    Fresh-Faced Recruit

    Joined: Sep 2009

    0
    04/21, 01:40am | report spam | reply

    unnecessary??

    hard to make that particular call since no one knows why the file is there in the first place. could turn out that it is a very necessary file.

    that said, given that you can't tap 3 times or some such and see the data but have to have the iphone and jailbreak it etc or the computer and use some kind of translator, is this really an issue (add that it's not going anywhere or to anyone). h*** we only have their word that they aren't recording any data. There's two reported call outs with their 'tool' one is supposedly google maps but what's the other????


Login Here

Not a member of the MacNN forums? Register now for free.

Recently Commented Articles

Related Forum Posts

 
close
Photo
toggle

Network Headlines

toggle

Most Popular

Sponsor

Recent Reviews

Logitech FabricSkin Keyboard Folio for iPad

Since the fourth-generation iPad didn't evolve much over its predecessor, the market for iPad accessories has remained somewhat static ...

Huawei Ascend Mate

The Huawei Ascend Mate is a phone that fits the screen-size gap between the 4 to 5-inch smartphone and the seven-inch or more tablet, ...

MaxUpgrades MaxConnect for 2006-2008 Mac Pro

Nobody outside of Cupertino's privileged bunch knows the future of the Mac Pro line for sure. Despite Apple's reluctance to tell us wh ...

Sponsor

 
toggle

Popular News