iOS devices secretly log and retain record of every place you go, transfer to your PC and subsequent devices

Security researchers presenting at the Where 2.0 conference have revealed a hidden, secret iOS file that keeps a record of everywhere you've been. The record is synched to your PC and subsequently resynched to your other mobile devices. The file is not transmitted to Apple, but constitutes a substantial privacy breach if your PC or mobile device are lost or seized. The researchers, Alasdair Allan and Pete Warden, have released a free/open application called "iPhone Tracker" that allows you to retrieve the location data on your iOS device and examine it. They did not discover a comparable file on Android devices.

The file contains the latitude and longitude of the phone's recorded coordinates along with a timestamp, meaning that anyone who stole the phone or the computer could discover details about the owner's movements using a simple program.
For some phones, there could be almost a year's worth of data stored, as the recording of data seems to have started with Apple's iOS 4 update to the phone's operating system, released in June 2010.
"Apple has made it possible for almost anybody - a jealous spouse, a private detective - with access to your phone or computer to get detailed information about where you've been," said Pete Warden, one of the researchers.

iPhone keeps record of everywhere you go

iPhone Tracker

I write books. My latest is a YA science fiction novel called Homeland (it's the sequel to Little Brother). More books: Rapture of the Nerds (a novel, with Charlie Stross); With a Little Help (short stories); and The Great Big Beautiful Tomorrow (novella and nonfic). I speak all over the place and I tweet and tumble, too.

More at Boing Boing

Eurovision 2013: An American in London

The technology that links taxonomy and Star Trek

Anonymous

I think it’s cool.

I was hoping it might display where my lost iphone went.

But I guess information is only available to my laptop after synching. (?)

Plus, it appears that in my case it is only reading the data for my iPhone 4, and nothing for my previous iPhone 3Gs.

- Joe
- peterbruells
  
  ‘xactly. The information is gathered and stored on your iphone, where it presuambly of some use. It does get backuped, since basically everything gets backuped, but only then can you make use of the data.
dotsandlines

Some of you really ought to look at the app’s own FAQ:

“Why are some points in places Iâ€™ve never visited?
As far as we can tell, the location is determined by triangulating against the nearest cell-phone towers. This isnâ€™t as accurate as GPS, but presumably takes less power. In some cases it can get very confused and temporarily think youâ€™re several miles from your actual location, but these tend to be intermittent glitches.”

also,

“To make it less useful for snoops, the spatial and temporal accuracy of the data has been artificially reduced. You can only animate week-by-week even though the data is timed to the second, and if you zoom in youâ€™ll see the points are constrained to a grid, so your exact location is not revealed. The underlying database has no such constraints, unfortunately.”
Anonymous

Will one of you delightful codemonkeys build a linux or windows version? I’d like to see where I’ve been. :)
dotsandlines

Funny thing is, I might have bought an app that did this, but I’m not so happy that we weren’t to know the data was just sitting there unencrypted for someone clever to grab. Not ready to jump to conspiracy theories though.
- Anonymous
  
  No need to jump to conspiracy theories. Apple, the “company who’s security is so good you don’t need to worry about viruses” just left a gaping security hole in their premier product offering.
  This is equivalent to having a secret log file that keeps your internet site history for ever, even after you’ve deleted the history that you can see in your browser.
  Whether they tried to or not, they’ve been screwing their users for who-knows how long. This will be extremely easy to patch. Lucky for Apple, they will be able to do so quickly, they won’t lose quite as much in the inevitable settlement or FTC fines.
Anonymous

well, now i know why my phone service sucks, the phone has never been in the county where i live. It also hasn’t made it to my office yet. But it seems to just love prospect park in brooklyn, where i haven’t been in years.
Victor Drath

Err, scratch that last line I said, I was thinking of something else.
Anonymous

Just for the record, I’ve had three iPhones, and I managed to generate a map/timeline going back to 2007 using this software, so the “iOS4″ statement above probably isn’t correct.
Stevedore

I have nothing against this existing in theory, but I work for a company. We roll our corporate ios policy onto every iphone we give out to an employee (made with apples iPhone Configuration Utility), and I don’t recall any options along the lines of ‘disable OS-level GPS tracking’.

That is just unacceptable. This sort of behaviour is why we’re still 80% Blackberries and likely to stay that way..until somebody eventually offers an android variant with the same security guarantees RIM does.
Victor Drath

To those of you who say you don’t see a risk or see how it matters, the freedom to go about one’s business is a fundamental human right. Would you mind a stranger tagging along behind you 24/7 with everything you do? No? Well that’s what you’ve got.

I couldn’t carry a device or support a company that endorses this kind of crap.
- remixgk
  
  I agree with you, but this information is in no way tagging along. For example in my own data the area around my home only showed up once in the past 3 months!
  
  It’s very hard to have GPS devices that don’t inherently expose some information, especially if people expect GPS fixes in under 10 minutes in areas surrounded by buildings.
  
  All smartphones in the market do this in one way or another. Android apparently doesn’t cache this in the phone and instead contacts Google every single time.
  - Anonymous
    
    … meaning that your complete location history may reside on Google’s servers rather than on a device that you keep in your own pocket, or a computer you keep in your own home. Choose your poison I guess -
- xian
  
  Well Victor, I hope you don’t own any cell phone of any kind then, because all this information and more is available to the carriers.
  - Victor Drath
    
    “Well Victor, I hope you don’t own any cell phone of any kind then, because all this information and more is available to the carriers.”
    
    Really? Wow, that makes it ok then! What was I thinking.
    
    I have one. But it’s old and I’m pretty darn sure it dosn’t have anything to keep tabs on me. It’s also off when I’m not using it or expecting to hear from someone. I’ll replace it when someone releases a truly “smart” phone – one that can be wiped and reloaded with a OS of my choosing. Until then I guess I’ll have to suffer without access to tens of thousands of stupid apps that no one really needs.
    - xian
      
      I think you fail to understand what is going on here. No matter what phone is in your pocket, be it the devilâ€™s iPhone or an old Razr, at any point in time your location can be roughly determined by the signal strength your phone gets to nearby cell towers – this is called cell tower triangulation. This is where the information in these logs is coming from, but itâ€™s stored locally on an iPhone to help determine its position without needing to connect to the network, thus making for a nicer user experience in the maps app.
      
      Hereâ€™s more info on this if you would like to be a little more informed about what youâ€™re carrying around in your pocket:
      http://en.wikipedia.org/wiki/Mobile_phone_tracking
      - Victor Drath
        
        Vintage 2003, cheap model. I’d wager it dosn’t store or transmit much of anything. And I know for certain it dosn’t when it’s off, not like newer phones. My main peeve at new phones is that I’m stuck with what they come with on them, I wanna be able to load different OS, just like any computer. Otherwise I’d just install a hard power switch on one and be happy.
Anonymous

if you agree to apples terms and conditions you agree to them collecting and using data!! your phone can be located at anytime from cell towers. The police use this information in missing persons cases. Google gathers data about you all the time, as do thousands of companies. Usually they spin as providing information to help us make our applications better. Whats the big deal about this info being on your phone anyway? Phone network operators keep this info too. In Ireland by law they have to. It can be used in court, or to help find missing persons.
Anonymous

Enable iTunes backup encryption. Rest easy. Problem solved.
WeightedCompanionCube

The Guardian howls and Cory joins the chorus…

You know, I first read about this on Engadget’s RSS feed, but when I tried to read the article it wasn’t found. They unpublished it, because the guardian is incorrect and this is a non issue. Your wireless carrier has the exact same data about you.

Anyone who gets their hands on your iPhone or your iPhone backups (or your computer, for that matter…) has access to things a lot more sensitive than your cellular roaming data. Set a passcode on your phone. Encrypt your backups or use Filevault or some other disk encryption.

And Pantograph – I RTFBiasedBlogWithNoSource that Slashdot story references. Michigan has a CellBrite UFED. The probably have one of them and it belongs to the crime lab. It is for conducting forensics on phones. I don’t think a traffic cop is ever going to touch it.

And the CellBrite can bypass passcodes on many phones, but it can’t defeat the passcode protection on the iPhone… they only way to do that is to have the key stored in the iTunes library the phone was last synced with. Otherwise, you can’t even backup the phone, which is the only way to get data off a non-jailbroken phone. Apple stores also have a CellBrite device for transferring data from old phones, and it requires the iPhone not have a passcode set.

Besides, if you’re paranoid and think something like that is going to be attempted, quickly enter your passcode incorrectly 10 times to make it wipe. You can do that without even taking the phone out of your pocket.
Anonymous

So this could help you figure out what you did and where you went last night, damn alcholic black outs…. ;-) Seriously though.. WTF? I never bought an IPhone (waited and bought a droid) But such a program could be written for them, as well (it just doesn’t seem to have happened.. yet. )
Anonymous

Lets hope killers and rapists all carry iphones, that way the police can pin their location.
warmlogic

I just loaded my data using the iPhoneTracker app that I downloaded and built. If you look at data that iPhoneTracker accesses it’s obviously not from the GPS, it’s from cell phone tower triangulation. The size and color of the circles on the map plot seem to be the strength of the connection to each tower at a particular point in time. I’m going to guess that Apple does not care where you go, but that they probably use these data to learn how to more effectively choose the right towers to connect to or something like that. Obviously the data could still be misused by a 3rd party, but anyone who thinks Apple has malicious intent regarding the history of their whereabouts needs to get over themselves.
- Rob
  
  ” anyone who thinks Apple has malicious intent regarding the history of their whereabouts needs to get over themselves”
  
  You mean the Apple that has an ads platform? That Apple? No company involved in marketing EVER misuses data, nope.
  - warmlogic
    
    I knew I shouldn’t have included that inflammatory sentence in my post.
    
    Also, to anyone who thinks that keeping track of your (phone’s) movements is the coolest thing ever, check out Google Latitude. There are a number of free apps in the App Store to connect your location history to Google Latitude, including one from Google. The data can be much more accurate because you can have it use GPS.
Anonymous

Everything is encrypted on disk and on iPhone if a passcode is enabled on the iPhone, even backups.
nantel

How long until Apple gets sued because somebody used iPhoneTracker and their home computer and found out about their spouse’s affair?
roboton

Am I the only one who thinks this is kinda cool that I can finally see my travel behavior?

Imagine an app that could access this data, and also access traffic data that would be able to suggest better routes for driving? Or say the app could access other types of data and select say, a bike commute that passes by your favorite coffee shop, yet still gets you to work in a timely manner, or can figure out which bus stops you use and automatically alert you if there has been a schedule/route change?

I like that I don’t have to take ATT to court to get this info.
- karl_jones
  
  Am I the only one who thinks this is kinda cool that I can finally see my travel behavior?
  
  Not at all.
  
  I too think it’s kinda cool that I can see your travel behavior.
- Anonymous
  
  Roboton: I know the app you are looking for. It’s called waze. It’s an open-source GPS app that aggregates data from the people who use it and gets smarter about routes as it goes. http://www.waze.com.
Dr jayus

Blimey, my phone’s been swimming off to South Wales and Bournemouth in the night. Must be illegal iRaves going on.
caipirina

Stoooopid question? but how exactly does one run this application> I tried both the tar and zip .. the only thing that seems to be doing something is the index.html (showing a map, but no trace) … I just wanna see how much data it ahs on me … any hints ???
- warmlogic
  
  It would have been nice if readme.asciidoc included instructions of some kind. I downloaded and decompressed the zip file, opened iPhoneTracking.xcodeproj in Xcode, and pushed the Build and Run button. Voila.
Coal

As has been said, anybody who’s concerned about the potential privacy implications would have nothing to worry about here, as they’d already have their phone passcode locked, remote wipe enabled, and backups encrypted. It’s very easy to do these things too, and has the bonus of stopping people who steal/find your phone or access our computer from seeing your address book, emails, phone history, photos, any sites you’re logged into etc. Absolute non-issue, and getting wound up over it makes as much sense as cleaning your house before you go on vacation so as not to give a bad impression to any burglers that break-in during that time.
remixgk

I would except this level of sensationalistic reporting from the Guardian, but not boingboing.

The file name says it all, CellLocation, under the Cache directory.

Apple is essentially caching the location of cell tower ids, so they can do triangulation without having to request this info again from their servers. Cell triangulation is needed even with a GPS chip, because otherwise it would take a really long time to get a lock.

This actually enhances your privacy with respect to Apple since their servers don’t get a request for your location at every point (which how Google does it). This is Cell ID to location is requested only when you go somewhere else covered by different cell (or the cache expires)

Sure maybe this file could be encrypted by Apple using some key, but that key could also easily be cracked and then what.
- nantel
  
  Yes I think that you are right, it definitely looks like cached locations for cellular towers. I compared my location data to my iCal data and spots would only appear the first time I would go to an area but not on subsequent visits.
- Rob
  
  And what about the WiFiLocation that contains every access point your phone has ever seen, what about that?
  
  Seen, not connected to and used.
  - remixgk
    
    I’ve just checked the WifiLocation file.
    
    It contains 669 unique timestamps (down to the second) over almost a year period. So highly doubt it contains all the access points my phone has seen during all that time….
    
    I’ll have to look into it further but I’d hazard a guess that it only gets recorded when I actually use a location app.
    
    Again this seems to be just used to cache information from Apple’s servers.
    
    The Wifi information contained is a simple MAC address, just like Google’s Street view cars capture.
Anonymous

Web browsers store where you have been online and what you did there, but because it helps you out by improving your experience, no one really complains. As long as Apple is not receiving this information back from the phones, I do not see a problem.

By the way, your email tracks what messages you have sent and to whom. Is that a bad thing? And do you really think that when you delete a message it is actually gone forever? Think again. The number of server backups and redundant backups used to keep things running smoothly will prevent that from ever happening.
Anonymous

So from now on, gone are the long, tiring nights of planning! Gone is the covert surveillance! If the person you want to rob/kidnap/stalk is an iPhone user, just steal her phone (or her PC) and choose the best moment and place for your actions. Well done, Apple. I can hear from here the rubbing sound made by the hands of thousands of criminals and secret police officers all over the world.
(I’m appalled. This is not bad engineering, it is *malicious* engineering. It’s impossible that they didn’t think of the possible misuse of what they were -secretly- setting up.)
Anonymous

Steve Jobs is an (evil) genius.
Anonymous

20 April 1984.

Dear Diary,
Sometimes I feel as though all the news I’m hired to read and make changes to is already eerily familiar, as though I read about it in a book once a long time ago.
bobrk

So they checked this by turning off Location Services on the phone and seeing if it still logged locations, right? Right?
Anonymous

Combine this with yesterday’s news about Michigan police being allowed to copy data off of phones during traffic stops, and suddenly there’s a big problem here.
bob d

Having run the program, it appears that some of the data points are wildly inaccurate. Not “cell tower triangulation” inaccurate, but “60 miles away” and “a mile offshore in the ocean” inaccurate.
Also, it may pareidolia, but some of the data points appear to describe trips to cities that I took before I owned my iPhone, but while I owned my previous AT&T cell phone. Is that even possible that it has access to data from AT&T?
Since most of the data points appear to be based more on cell-tower locations than where I actually traveled (in other words, it very roughly shows what cities I’ve been in or through, but not particular locations), I can’t say the surveillance aspects bother me too much.
Anonymous

Hm… anyone have any idea why the tool they provide to “prove” this seems to be saying that none of my iOS devices has ever been anywhere near the city I actually live in? I’m not sure this data is what they think it is.
UncaScrooge

I first read this article in the Guardian as well. I was struck by the irony of it all.

Here is a group of people concerned that the movements of their PHONE might be tracked. Meanwhile, the English cityscape is dotted with eleventy-billion police-state cameras. Apparently, these cameras track where YOU go, not where your PHONE might happen to be.

If I hand my phone to a friend, they might be able to create an “alibi” for me whilst I am off doing something disreputable. If I wished to do this in London, I would have to wear a rubber Margaret Thatcher mask everywhere.
teapot

I’m not even going to make a smarmy comment this time.

Oh, wait… yes I am. Even when there is easy-to-use visual proof that Apple has programmed its devices to secretly collect and store location data, the fanboys will still sing in harmony how it’s a non-issue for which King Jobs cannot be held responsible. If the apple store being renamed “genius bar” wasn’t enough of a hint:

You. Guys. Define. Lame.
- remixgk
  
  Newsflash for you: all smartphones are programmed to collect cell phone mast location data. They all tell you that in their T&Cs too. It’s essential for location services to work (you know the Google Maps, geolocation for photos)
  
  Maybe (it’s not been confirmed yet btw) Android doesn’t store that information in the actual phone, but you can bet it’s always transmitting and requesting it from Google.
  
  Nokia phones also send it to Ovi.
  
  Not sure about Microsoft, but unlikely to be any different.
  
  It’s actually good we can see this data now, instead of being hidden like the other devices.
slamorte

We’ve known for over a decade that a cell phone can be used to trace your location. We’ve known for years that the cell phone companies keep this data on us, and that the police can get it with a warrant. There reasonable evidence that the cell companies and piping this data about us directly to Homeland Security *without* a warrant.

And now you find that *you* have a copy of this data, owned by you, on a computer you *own and control,* and you are calling it a privacy violation?

And now you want Apple to delete this data for you, so only the corporations and the government have it? And this will make you feel safer? How?
Anonymous

Having a mobile phone means that you are inherently connected to the grid. If you don’t want that, don’t carry one. Still want iOS Apps? Get an iPod Touch or iPad.
Avram / Moderator

Does this have anything to do with Apple’s “Find My Phone” feature?
- peterbruells
  
  My first gut feeling says “no”. I find the “cached celltower data” much more plausible. At the moment I’m trying to understand the code – it’s undocumented, of course, as befitting true hackers – and to get to the supposedly unaltered information.
  
  Some of the data is indeed wildly inaccurate – reporting that I was supposedly 60 km away when our time tracking tool reports that I was at the company headquarters.
Anonymous

Really? I love this “They did not discover a comparable file on Android devices.” Perhaps because the data is sent directly to Google.
Anonymous

Not seeing the big deal. If the Feds want to know where you’ve been, they can check cell tower logs just as easily. If you are delusional and think you are a spy and they are tracking you, then throw your phone away, or get a 20$ disposable like real spies do.
Anonymous

Just launched a web application equivalent to iPhone Tracker for PC users. You can check it here:
http://www.26horas.com/apple-device-tracker/
Best regards!
Anonymous

um, how do I make the app work?
Aloisius

Am I the only one who thinks this is the coolest thing ever? I now have a map of every place I’ve been to with route information! The plots of my own travels are pretty cool.
Anonymous

Never in his wildest nightmares did George Orwell think people would beg for, pay for and even stand in line over night in the cold and rain to get the latest government surveillance device.

2/3 of humans are just sheep.
Anonymous

as if anybody needed to get access to this file to track somebody…. every phone company collects more accurate information about their customers, keeps it for a long time and uses it for all kinds of things. The EU grants US police access to airline passengers data, companies install sniffers and rootkits on the pcs of their workers. And yet nobody seems to care.
Anonymous

This is awesome! I for one am really psyched someone keeps track of where I am, cause I’m not always so good at it!
remixgk

More discussion by a another real expert on how this is mostly a non-issue blown out of proportion:

https://alexlevinson.wordpress.com/2011/04/21/3-major-issues-with-the-latest-iphone-tracking-discovery/
snej

The app doesn’t work for me â€”Â says it can’t find the ‘consolidated.db’ file. I think this is because I checked the box in iTunes to encrypt my iPhone backups. Which is something that any of you who are concerned about this stuff should already be doing, right? Right?
noen

People know that all cell phones have a back door built in so that the authorities can listen remotely right? If you attend a secure meeting ALL cell phones are kept outside of the meeting room for exactly this reason.

We’ve been living in a surveillance society for some time.
- Marktech
  
  We’ve been living in a surveillance society for some time.
  
  I daresay, but the point worth making is the availability of the information.
  
  “The Law can get a court order for this from the phone company if they can prove cause” is different from “The Man built in a backdoor”, is different again from “Anyone who can get on my phone or my computer could find this stuff out.”
remixgk

@Anon 1:35

Here’s a bit of news for you, the police can already pin the location of any phone, not just iphones, they don’t even need to look at any files.
The .invalid

Yet another reason why the iPhone SUCKS.
Anonymous

It just goes to show, you can’t be too careful.
weatherman

Apparently this tracker app is Mac-only. So I guess all PC users are safe, since what you don’t know can’t hurt you!

Seriously though, what is Apple thinking with this. Why would this data be kept? What useful purpose does it serve? Apple had better explain it right-quick, and fix it.
- xzzy
  
  The site linked to describes a way to manually extract the data. I’d assume that once you adjust paths to reflect a Windows system, the same process will work.
  
  I personally think the feature is kind of cool, though it’s pretty suspicious that it’s not something you can opt out of, and it’s not something Apple ever told us the device was doing. But beyond that, GPS logs can be fun.
acrocker

So you’re telling me… this can help me find my lost keys?
- Zeeky Santos
  
  Sadly no, it only tracks your phone, not your keys. Remember how we can always remember where we’ve been but never where we left our keys. Problem still applies.
Anonymous

You’re not safe on PC either. Creepy app can find you from Twitter updates and other apps..

http://ilektrojohn.github.com/creepy/
Pantograph

No you see this is actually a good thing because… Look! Shiny new gadgets!
Thelovebot

Whoa, this is too funny. All the Apple fanboys (and gurls) making excuses for their good buddy Steve and The Company That Can Do No Wrong. Wake up. This is part of their business model. You love it, don’t you, Xeni?
- remixgk
  
  If that’s so what a great business model, store a file with cell tower locations in the users phone.
  
  Sounds like a winner, maybe it would have been back in the Internet gold rush on the 90s.
  
  1) Store a file with cell tower locations in the users phone
  2) ???
  3) Profit
  
  Apple is just missing the ??? part.
remixgk

Meanwhile it has been found that Android also caches cell tower locations and wifi locations, however it appears to keep only your last 50 cell towers and last 200 wifi points.

https://github.com/packetlss/android-locdump

Still 50 cell towers is more than a day’s worth for most people.

So the truly paranoid might want to stay off smartphones altogether.
Dan Kelly

“”Apple has made it possible for almost anybody – a jealous spouse, a private detective – with access to your phone or computer to get detailed information about where you’ve been,” said Pete Warden, one of the researchers.”

Actually the researchers have made that possible. Up till now very few people would have known about the existence of the file, let alone have the means to access that information!

That’s not to say there are questions over why this information is stored and what it’s used for – there’s no indication that the information is anywhere other than your iDevice and base PC?
- bardfinn
  
  “Actually, the researchers made that possible …”
  
  There’s nothing quite like victim/whistleblower blaming. Security through obscurity is no security at all.
  
  I SAID GOOD DAY!
- Brother Phil
  
  Obscurity is not security.
  Apple made this possibly by setting the device to record the users movements. The researchers made people aware of the risk.
  - remixgk
    
    I think the two researchers slipped a lot into the FUD zone in their article, the information disclosed – even if one does have access to the physical devices – is quite small.
    
    Meanwhile it’s also been found that the phone caches not only the cell masts and hotspots it sees by many others in the general area (like across the whole city) making any true tracking even harder.
    
    There’s a far better analysis by Christopher Vance who – unlike the two people behind the original story – is an actual forensics researcher.
    
    See http://blog.csvance.com/?p=136
- an0nymous
  
  Security through obscurity is no safeguard at all.
  - Dan Kelly
    
    I wasn’t suggesting that. It’s just that the researcher was making a rather sweeping statement. Private Detectives / Hackers could well have know about this for a while, and used it for nefarious reasons.
    
    However if it’s only just hit the public net (boingboing, twitter, the Guardian etc.), then I suspect very few jealous spouses would have used it.
    
    Now however that is a very real possibility.
    
    Just saying.
- Scatterfingers
  
  We can’t control what people do with information. There’s no sense in blaming the researchers. If the signal is there, it WILL be used. For whatever.
peterbruells

Well, it works on my iPhone 3Gs, but reports place I haven’t. And my iPhone hasn’t been there, either.

There is *some* connection to place I’ve been and passed through, but this looks – to me – as a list of cached cell-tower info, loosely based on the region I spent most of time.

I really don’t see how this is in any way a risk.
Nelson.C

The researchers keep saying that Apple is collecting this information, but they also say that the data is not being transmitted back to Apple. So which is it?

A device is not the same thing as the manufacturer. The iPhone is collecting the data â€” which fact may be good, bad or neutral â€” but Apple aren’t collecting it, which would indeed be a bad thing, without proper legal controls.
- Pantograph
  
  You mean Apple hasn’t been caught collecting it. We don’t know whether they have collected the data remotely.
  Perhaps it’s for their upcoming iAlibi app, or perhaps it is for spying on users.
  
  *dons tinfoil hat* For instance: Michigan law enforcement wants the ability to seize mobile phone data during traffic stops. This data would make it very easy for them to trace people’s movements, even without nasty warrants and stuff. I bet all police departments around the world would love to have that ability.
  - Anonymous
    
    Great. Now we have to pop out our cellphone batteries before digging out that license, registration and proof of insurance.
darren

It’s a location cache. If you’ve ever wondered how the Maps app is able to find your location almost immediately, this is how they do it. This is also how location services work on the iPod touch and WiFi iPad, both of which can pinpoint your location without any network connection at all.

It’s a great feature.

If you’re concerned about your privacy, then encrypt your data (it’s just a checkmark in iTunes) and turn off Location Services (it’s just a switch in the iPhone settings).
Anonymous

My credit card records also show where I was when I used those cards. I put this in the same category.
Bodhipaksa

My iPhone is under the impression it’s been to Vegas. I’ve never even been in Nevada, so I wonder how it got there?
- remixgk
  
  There’s lots of errors in many people’s data. Mine also says I’ve been in France, but I’ve not been there even since before the first iPhone came out..
  
  Again this is not unexpected, people were already location problems when phones didn’t use the GPS chip itself. It just shows this is really cell tower database mapping which is sometimes wrong.
  
  The whole thing has been a storm in a teacup, and I highly suspect the timing of it, given today was also when Apple announced their earnings.
  - Anonymous
    
    Do you suspect the timing because:
    a) Somebody is trying to maliciously negate any surge to apples share price, or
    b) Apple released a slightly unfortunate secret to divert customer attention from the fact their profits have doubled from the same period last year?
    
    The second one makes for a much better conspiracy theory, I feel.
    - remixgk
      
      @Anon
      I don’t think it’s either, but the timing is a bit suspicious. The researchers are well versed on Apple’s ways, one even published an O’Reilly book on iPhone Development.
      
      I’m sure they know when Apple makes their earnings calls.
Anonymous

Chaos Congress last year i think…i guy had a talk about a location software, which is transmitting data to apple. google has a similar software on androids. it scans wlan networks and sends them with gps information to the companies. wardriving on it’s finest. the data is not personalized (i believe)…
this one…is a step further.

@Dan kelly: coz not the whole world knows about it, doesn’t mean nobody knows it. i think they made it better by giving the information out and helping to understand what is going on.

even if it’s not transmitted doesn’t mean it will never be… everything as a big network…they just have to change some updates and it will be send out.
- Michael Smith
  
  Chaos Congress last year i think…i guy had a talk about a location software, which is transmitting data to apple. google has a similar software on androids. it scans wlan networks and sends them with gps information to the companies. wardriving on it’s finest. the data is not personalized (i believe)…
  this one…is a step further.
  
  I have written a desktop widget for android which my wife and I use to keep track of each other. It replaces a lot of phone calls along the line of “when are you leaving work?” and “did you remember to do X?”. It works through a CGI script on my home server. Its all pretty simple. It uses AGPS from the GSM network.
Jake

iTunes seems to have an option that allows you to encrypt your backups. Might this be something that prevents the data from getting out to all of those jealous spouses and private detectives that happen to read BoingBoing?
Anonymous

I’m pretty disturbed by this, but the data my phone has logged doesn’t seem to be very accurate. It shows that I’ve been in the middle of a large river many times as well as a city I’ve only been within fifty miles of. It is not even accurate enough to show what street I live on, only coming within four blocks of my actual location. This seems more like the data of which cell towers I use the most. What it does show is which parts of town I frequent. Apparently I go to the mall quite often, but the exact location of my secret lair remains a mystery. But still, I’ll be writing to Apple to voice my displeasure, whatever that’s worth. Just so everyone here knows, the iphone camera tags every photo you take with GPS data and seems to be more accurate, but this feature you CAN turn off.
Enoch_Root

I surprised by how inaccurate it is. Its generally right and I can match up trips I have taken and general areas I usually go to but it certainly would not be very useful for “tracking me” or even finding where I live. (This is because it uses cell tower triangulation not the GPS – presumably for power consumption reasons.)

That being said I still don’t like it, especially since there is no “off switch” for the “feature.”

Now, does anyone know of an app that will fire up the GPS every 10 min or so and take a reading, save it, and export/map it later? That would be awesome. I have RunKeeper (which I love) and have seen several similar apps but they continuously use the GPS which is too much.

Basically something like http://www.wheredoyougo.net/ (which is awesome) but with real locations not check ins
- bolivar13
  
  If you read the info on the visualization tool carefully you’ll notice that they have added a little bit of error to the tracking data for safety purposes. The actual data is more exact.
- peterbruells
  
  Apple doesn’t allow this for power consumption issues. Snark aside, allowing this would just encourage bad programming practices.
  
  I you need such a service, you can probably find it on Cydia, since the basic architecture of iOS is certainly able to do this – it’s just being disallowed.
  
  I haven’t checked the data myself, but if it’s just trilateration (it’s not triangulation, even if commonly called that way) AND if it came with 4.0,, it’s probably related to location based services. Did anyone test this software with an iOS 3gs or older? Only iPhone 4 offers location based events and this seems to be tied into this.
bcsizemo

Okay, just out of curiosity why does this matter?

My GPS shows me all the routes I’ve been on in map form, so why is this any different.

-Outside of a jealous wife/detective/police..ie, you are doing something wrong or are lying to someone, then whats wrong with this information.

If you loose the phone I’m sure there is much more important information on it than just where it has been.

I know people get in a tizzy about things recording them, and if Apple is collecting it then that is not a good thing (not that I would they would have a need for it really. I mean if you use the app store then they already have a CC with your home address/billing address on it.)

I don’t like the idea of it recording my whereabouts, but as long as this data is only location and is not being beamed lived to other places then I don’t see how it becomes a danger to the user. (Again, having a live feed of your location being beamed out on the internet would allow someone to track you down easily. And that can either be a good thing, or very very bad.)

I would like to know why Apple has iOS setup to do this, and what their original idea was behind collecting the data.
Anonymous

Steve Jobs is the Foursquare mayor of your mom.
Just Good Sense

Apple is a consumer products company that wants to make money selling shit, not an electronic security firm with a vested interest in a surveillance state. This is almost 100% certainly intended for marketing purposes.

I’m also confident the information isn’t sent anywhere now, but is in place to help get us to the Minority Report future where you walk into the mall and, since the MCP sees you’ve been to the health club three times a week in the last month and had lunch at the Lettuce Emporium, you’re offered a Gap coupon for new pants.

Occam’s Memorial Day Blowout Razor applies, I think.

(And yeah, I mixed movie metaphors. I’m not ashamed.)
- bardfinn
  
  Apple is a consumer products company whose corporate offices reside in a surveillance state with a vested interest in arbitrarily violating citizens’ privacies (and Apple is itself very, very good at surveillance and security). Intent is irrelevant; I certainly never intend for someone to walk in my front door and steal all my (meagre) possessions. I don’t intend for someone to walk in my front door, install a camera, and then record my family in our day-to-day business. Nevertheless, the power seized by an oppressor grows equal to what is possible.
  
  PostScript: Don’t discount the zeal of jealous spouses. Just because it’s only now been publicly reported doesn’t mean someone didn’t have it subpoenaed, analysed, and dropped in their lap during closed-door negotiations.
- Anonymous
  
  Apple also uploads your private encryption keys for iChat to your dotMac account. This is not a company that is friendly towards keeping your private data private if you get in trouble.
Anonymous

Does this only work if you have Mac OS 10.6? I’m running 10.5 and I’m getting an error message telling me that it won’t work with my current version of Mac OS X.
Anonymous

If you’re on Windows 7 and using the default options, the file cache that the second link above referencse under the question “How can I examine the data without running the application?” is located at:

C:\Users\\AppData\Roaming\Apple Computer\MobileSync\Backup\

I’d suspect it’s pretty similar on most other flavors of windows.
bobrk

So they checked this by turning off Location Services on the phone and seeing if it still logged locations, right? Right?
- remixgk
  
  That’s a good question bobrk, seems like a huge omission in the article. I guess the outcome would dampen their conclusions.
Anonymous

It seems like we need a campaign to put pressure on Apple by refusing to buy Apple products and stock including iTunes downloads until Apple fixes this GPS security flaw. Is their such a campaign yet?th