I bet its entirely different when you're in any kind of built-up area. Wifi points every few hundred meters, small cell towers every kilometer or two. I bet in those situations, someone could derive a pretty close record of "your moves". Even if the individual points jump around, you're presumably hopping cells and seeing new Wifi APs every few minutes - even when you're just walking around your house or your office - and that data can be triangulated.
I think the OP is right inasmuch as Apple probably didn't set out to track users as much as keep track of connected wifi & cell APs. That doesn't mean the data won't be enough to track movements in urbanised areas.
The article goes further though, and claims it's "not 'recording your moves'" and is just a "general place at a general time". I don't you can say that point-blank. As stated, I think that it's going to be entirely location-dependent as to whether the database can be treated as a "record of your moves" or not.
What it does is log the locations of all cell towers that it can communicate with at a point in time. So for a given timestamp, there will be dozens of points logged. So while the data will be able to say "You were somewhere in downtown Pittsburgh at 1:59PM on Monday", it won't be able to say "You were at 517 Liberty Ave at 1:59 on Monday." Also, timestamps for existing towers are updated whenever they are mapped an additional time. So if I was downtown again on Thursday, no one would be able to tell from my data that I had been there on Monday.
See my previous comment in another thread for more detail:
Argue that the accuracy makes the data less usable for nefarious purposes, or argue the (much more pertinent to my mind) point that your carrier already has high-accuracy historical info and this really just puts similar historical info in your hands as well, point out that law enforcement can easily get the carrier info without ever even touching your iDevice, but don't try to claim that this is not recording location info attached to you.
Is that sensationalist? Or, does it represent the most logical explanation of this story from a technical and engineering background?
In GSM the phone also had to know the distances to each tower +/-500m in order to adjust the timings for communication with the tower.
(It's 8 years since I did is stuff so memory might be off on the numbers a bit :-)
Anyway the larger issue is that it is not clear exactly what information is being logged. We know some location info is vulnerable, but exactly what and how much? The O'Reilly researchers really should have done a better job. The least they should have done was to run some controlled experiments with a freshly wiped phone.
Secondly, it's only maintaining a single record for each cell tower and updates the "last seen" timestamp. So while it can tell you the last time I've been to a specific area, it can't tell you how often or when I've been there previously.
I still think this should be fixed, Apple should explain it and release an update that pares it down to the bare minimum data for whatever function it serves.
However, let's honestly go through the implications of this:
- The user's cell provider already knows this. [1]
- If someone "owns" the user's phone then they can get their movement history. But that's at a point where they can track the user's current movements anyhow, so that's lose-lose there - the only difference is the historical angle.
- If someone steals the user's computer/phone they can get their previous history up until then. That's bad, but I bet nearly everyone has more sensitive private information available on their computer hard disk or their iPhone's internals - stuff that would be more exploitable than historical location data.
- Someone could maybe sneak private API calls into a legit app that sent this database somewhere else. No idea how feasible that is. However, if they can do that then it's pretty close to the "ownage" scenario described above - they can probably do anything anyhow.
If it comes out that Apple is sending this data back to Cupertino for some nefarious purpose then that is very bad as well, but I bet that's not the case.
[1] http://www.zeit.de/digital/datenschutz/2011-03/data-protecti...
Basically by having it stored locally, it lowers the barriers to accessing data, so that it is no longer restricted to law enforcement people seeking telco data.
That changes a lot of things.
For instance imagine you're a police informant or undercover cop: a technically savvy mob would be silly not to hoover up the location data of everyone in their org, which could lead to some interesting discussions.
Sure, but if they have root or physical access to the phone (which they need) they can install a realtime tracking snooper to follow you around instead.
I agree this lowers the barrier, but fundamentally it seems to come down to - if you don't want people knowing where you are, don't carry around a GPS-enabled always-on computer in your pocket!
OK, that opinion didn't last long. Seems like they are sending it back, but at the same time it's well known about:
Again, it only stores that most recent time that you've seen a specific cell tower, it doesn't store your entire movement history.
What they're instead doing is, when possible, retrieving cell network / SkyHook (wifi) data about Lat./Long. for towers/APs that your device can see and when it last saw them.
This is for the Location service that an iOS device offers, so that if you choose to provide your location information to an app and it can't get a good GPS lock - this cached information is used to provide a "best guess".
In addition, it's used to provide an accelerated guess as GPS gets a lock (it's the "+" in GPS+).
The timestamp is to provide "last best location". I'm sure the rest (MACs, tower IDs, etc.) can be used to triangulate a better fix based on what's visible and what signal strength to each location is like.
The device caches this information locally because the Lat./Long. of a cell tower / AP will not change - but the timestamp for the last time your phone has "seen" it could be updated, without having to re-hit Apple's servers for the details.
It's being done because: storage is cheap, the amount of data doesn't take much space for thousands of points, it reduces server talk, and it speeds up your GPS/location acquisition for apps that you wish to use it with.
Apple's only mistake is that they didn't encrypt this information. Outside of that, the only other thing they could have done would be to store it purely in RAM - but RAM is at more of a premium (in MB) than flash storage (in GB).
They use an A-GPS chip. The "A" in A-GPS stands for assisted, which means it can be assisted by the cell towers to help find the GPS satellites more quickly. Because of the connection with the cell network, some confuse its capabilities with plain triangulation. It will continue to function as a plain GPS device in the absence of cell service, however.
Most of the points on my map correspond exactly with known locations of my carrier's towers, so the explanation makes sense. However, there are dots in locations where there are no towers. I don't think it is WiFi locations because I do not see any of the places I commonly use WiFi.
Personally, the fact that the file is in a cache directory path, and that some people don't have much data, or any, suggests to me that some programmer forgot to trim his cache or picked a ridiculously large size before he decides to trim.
"locationd" wants to know the coordinates of the cell towers you communicate with in order to triangulate your position without turning on the GPS, and it doesn't want to eat the battery by querying servers all the time. That argues for a cache of the towers you frequent. It's only one bug or poorly chosen constant from there to the situation people are reporting.
[1] That still reports your travels in gross terms and is a problem in need of a fix.
So to access it, a person needs access to either your phone or computer. But if they have access to your phone or computer, is a cache of cell towers you've connected to really a significant concern compared to the other things the accessor could get ahold of from either of these devices?
Timestamped travel information generally equates to "hey, this guy returns home between 7 and 8:30 most nights, works in the office five days a week, and here's where his home is". It's no great stretch to equate that to "he will not be home during this time frame" and suddenly a lost phone turns into a much larger burglary.
There's also plenty of larger privacy concerns, but even just the out-and-out-crook scenarios should be concerning enough.
While it seems obvious from that analysis that it is indeed logging the locations of the towers rather than the phone, I am more interested in how it derives the locations for those towers.
It could simply have a lookup table, but that would mean every iPhone has a lookup table of every cell tower (GSM and CDMA) as well as WiFi point in the world - with a globally unique identifier and location - as part of the OS. Which seems pretty implausible.
If it's doing a remote lookup, then it must be polling some service to determine the location of every CellID it seems. Something like OpenCellID (http://www.opencellid.org/) or Navizon http://www.navizon.com/) is what I mean. If so, it would effectively be broadcasting your location in real-time. This is equally implausible, as it just seems like the kind of thing we'd have heard about by now through OS investigation, or even just "why is my battery draining so quick".
It could conceivably triangulate the tower itself, but that's implausible as a) the phone's GPS would have to be active (see battery issue above) and b) it couldn't possibly be accurate unless you were effectively spiralling around the emitter.
It can't be getting it from the signal itself, as "emitter location" sure isn't part of the WiFi spec and I'd be amazed if it was in GSM or CDMA.
How else can the iPhone know (or estimate) the GPS coordinate of cell towers?
When my carrier installed a new tower in my area, Google Maps would start with my location hundreds of miles away until the GPS locked on. It eventually corrected itself, but I assumed at the time that they had the wrong GPS coordinates entered for that cell location.
There are dots on my map for places I have never been, so I don't think it is coming from the on-board GPS receiver.
It would probably be hard to track to any specific address (that's what I am looking into now) but by matching date with the coordinates it was trivial to see where I went for: 4th of July, my friends bachelor party and wedding, Halloween, Thanksgiving and New Year's Eve... among other events.
It is only updated when you use a location based service. Google Maps, Places on Facebook, Twitter, Foursquare and the like. I don't use anything besides Google Maps and only to get information on how to get to certain locations. Honestly I am not to worried about it.
See http://nce.fd.org/PDF%20Cellular%20Tower%20Location%20Inform... :
"Cellular service providers generally retain information about phones’ contacts with towers, including which tower(s) each phone contacted during any given check-in, and which “face” of the tower(s) the phone contacted."
For cell towers, iOS has access to coordinates from the tower's signal itself. For Wifi, the best approximation would be the GPS location of the device. Unless it associates Wifi APs with nearby cell towers, or "fuzzes" that location.
That's simply false. It is tracking your location, regardless of how accurately it's doing it, and irrespective of Apple's intentions.
That means someone reading the data can know roughly where you where when, the direction you where traviling in, and how fast you going.
Does that mean Apple set out to track you? No! But it does mean that your phone is tracking your position, all the time, everywhere you go, and is storing that data in a way that is not protected from exploration by any third party that happens to acquire access to it.
That's a serious bug, and is worth a little sensationalism.
Even lookupd caches could be represented in similar light: "Your Mac secretly records the websites you visit in a hidden file." It's just that we're all used to (and understand) DNS lookup caches, and locationd and location lookups are relatively young.
While you may be correct (and I think you are, because Apple has previously mentioned that they use such data to map tower locations) but I have a few counter points to your article (may not refute your main conclusion): 1. Even Cell Triangulation can be way off depending on a lot of factors. I use it regularly on my Android phone with Tasker for some profile purposes and it gives me worse results most of the times than actually working with exact tower ID that I am seeing. I've seen it being as off as upto 5 kms
2. The location data is collected for other countries as well, not just for the parent network within US. Out of the various articles from various people, they have seen data from all places where they used cell services, including abroad like Japan, India, etc. The data only seems to be missing when they don't have a cell service.
3. What irks me is that why they need to store this data on the device and PC? Even if they were building their own cell tower database, it should be done and done once apple gets the data. Why would they keep a whole history about it on the phone and PC? Maybe it is an oversight? But I can't find any reasonable explanation for this.
The FAQ: http://petewarden.github.com/iPhoneTracker/#9
The wonders of following links.
On one hand, it says "your iPhone, and your 3G iPad, is regularly recording the position of your device into a hidden file."
Later on, it mentions a "a list of hundreds of thousands of wireless access points that my iPhone has been in range of". This suggests that the list is one of cell towers (and perhaps Wi-Fi routers ?), but not actual device locations.
There are legitimate potential worries about that, but "ZOMG Apple is Big Brother" is the kind of rhetoric that keeps people confused and afraid about security to the point that they do screw themselves over.
http://www.cannonade.net/blog.php?id=1482
I am not really surprised Apple doesn't throw this data away. I think they could have been a little more transparent about it though.
Cue false outrage... Endless CNN coverage.
Trolling rant: Meanwhile, US phone carriers, advertisers, and the government have known your location within 9 feet, ever since the warrentless wiretapping scandal. To the point that NSA, has a direct fiber split of all AT&T customer internet traffic. http://webcache.googleusercontent.com/search?q=cache:Rm4GQZm... America, choose your battles and get a grip on reality.
Oh come on. That's like saying, "I'm not laughing AT you, I'm laughing NEAR you."
