Got an iPhone or 3G iPad? Apple is recording your moves

A hidden file in iOS 4 is regularly recording the position of devices.

Update, 4/27/11 — Apple has posted a response to questions raised in this report and others.

By Alasdair Allan and Pete Warden

Today at Where 2.0 Pete Warden and I will announce the discovery that your iPhone, and your 3G iPad, is regularly recording the position of your device into a hidden file. Ever since iOS 4 arrived, your device has been storing a long list of locations and time stamps. We’re not sure why Apple is gathering this data, but it’s clearly intentional, as the database is being restored across backups, and even device migrations.

iPhoneTracker screen
A visualization of iPhone location data. Click to enlarge.

The presence of this data on your iPhone, your iPad, and your backups has security and privacy implications. We’ve contacted Apple’s Product Security team, but we haven’t heard back.

What makes this issue worse is that the file is unencrypted and unprotected, and it’s on any machine you’ve synched with your iOS device. It can also be easily accessed on the device itself if it falls into the wrong hands. Anybody with access to this file knows where you’ve been over the last year, since iOS 4 was released.

In the following video, we discuss how the file was discovered and take a look at the data contained in the file. Further details are posted below.

What information is being recorded?

All iPhones appear to log your location to a file called “consolidated.db.” This contains latitude-longitude coordinates along with a timestamp. The coordinates aren’t always exact, but they are pretty detailed. There can be tens of thousands of data points in this file, and it appears the collection started with iOS 4, so there’s typically around a year’s worth of information at this point. Our best guess is that the location is determined by cell-tower triangulation, and the timing of the recording is erratic, with a widely varying frequency of updates that may be triggered by traveling between cells or activity on the phone itself.

Who has access to this data?

Don’t panic. As we discuss in the video, there’s no immediate harm that would seem to come from the availability of this data. Nor is there evidence to suggest this data is leaving your custody. But why this data is stored and how Apple intends to use it — or not — are important questions that need to be explored.

Related books by Alasdair Allan and Pete Warden


What are the implications of this location data?

The cell phone companies have always had this data, but it takes a court order to access it. Now this information is sitting in plain view, unprotected from the world. Beyond this, there is even more data that we have yet to look at in depth.

For example, in my own case I (Alasdair) discovered a list of hundreds of thousands of wireless access points that my iPhone has been in range of during the last year.

How can you look at your own data?

We have built an application that helps you look at your own data. It’s available at petewarden.github.com/iPhoneTracker along with the source code and deeper technical information.

What can you do about this?

An immediate step you can take is to encrypt your backups through iTunes (click on your device within iTunes and then check “Encrypt iPhone Backup” under the “Options” area).

Related:

tags: , , , , , , ,
  • R Barrett

    I can think of a million reasons why this will become a non-story but I’ll give only two right now: Foursquare and Mobile Me. If you use either of these apps you already chart your daily path.

  • Mike

    Indeed Foursquare and MobileMe do this. The main difference R. Barrnet, is that you voluntarily opt-in to those services and can opt-out. I do not subscribe to either of these, yet Apple is clearly tracking my movements WITHOUT MY EXPRESS PERMISSION to do so.

    What part of privacy do you not understand?

    And then to store this sensitive data unencrypted? Seriously bad security.

  • Carlos

    Is there any indication Apple is retrieving or collecting this data? Sounds like the device is but what evidence is there that the information is being sent to Apple? Interesting certainly but the write-up makes it sound like there’s some conspiracy here.

  • http://radar.oreilly.com/aallan/index.html Alasdair Allan

    Carlos, At this point, as we say in the video, there is no indication that the data has left your device apart from being synching to the machine on which you back up your phone.

    Neither Pete nor myself think there is any sort of conspiracy going on, however we’re both worried about this level of detailed location data being out there in the wild.

    While the cell operators already have this data, it takes a court order to obtain it from them. You can now do the equivalent by simply leaving your iPhone in a bar. That doesn’t seem right to me?

  • http://www.patrickkaine.com Patrick

    Man, it’s getting SO hard to be a criminal AND have a cool phone.

    Great find guys. Thanks for the encryption suggestion.

    May I also suggest instituting a strong password on your iPhone, I use Passcode Lock (not the 4 digit one) with “Erase Data” enabled.

  • SD
  • http://Www.eliainsider.com Elia Freedman

    Could this be related to the find my phone feature that Apple offers to all owners of their iDevices? In other words, iApple would only access this file if you requested your device to be found?

  • http://lewisshepherd.wordpress.com lewis shepherd

    Particularly interesting in light of the news that “The Michigan State Police have a high-tech mobile forensics device that can be used to extract information from cell phones belonging to motorists stopped for minor traffic violations. The ACLU of Michigan last Wednesday demanded that state officials stop stonewalling freedom of information requests for information on the program.”
    http://www.thenewspaper.com/news/34/3458.asp

  • http://mmv3.com Marvin Plummeridge

    So what? Nobody can access the data unless they get a hold of your device, and if they manage to do that then they know your search history, email, cookies, etc…

    Morale of the story is don’t lose your phone.

  • Berklie

    I have several iDevices on my Mac… but iPhoneTracker only displays the information for the first one that it finds.

    Is there a way to display a different iDevice than the one it finds first?

    Thanks!

  • GungFee

    Just use a program like iPhone Browser, and delete the consolidated.db file everyday. Additionally, I ALWAYS make sure location services is disabled on my phone, unless I specifically need it.

    total-privacy.int.tc

  • Interested Party

    I will take this post seriously if you change the title of the post to read “Got an iPhone or 3G iPad? Your device is recording your moves”. There is no evidence of Apple Inc actually accessing your data and that needs to be clearly articulated.

    Linking baiting your heading tarnishes your credibility and diminishes the quality of your work. This is not a desired outcome given the criticality of your findings. This is the first step to becoming HuffPo (Nothing wrong with them – just the lack of credibility)

    And no, it is not enough if you mention that critical fact in the video. It needs to be not in the headline and in the first para.

    - Disappointed Reader.

  • Dean

    http://blog.csvance.com/?p=39

    There have been multiple discoveries since which explain many of the things you state you don’t understand yet.

    Sorry to be brutal with you, but I suggest you try googling and you’ll find the answers to several of your questions, from last year. This is pretty old news now.

  • Marc Hedlund

    It looks to me like this company may sell products that extract and display this same data:

    http://wiseforensics.com/index.php/products

  • http://technicalmussings.blogspot.com Drew Gulino
  • Tadg

    Thanks for the heads up. Is the data sent to Apple? if not, it’s less of an issue.

  • EAK

    What? No Windows or Linux version? Needs to be a java applet that will run on the iPhone itself, perhaps mapping it to Google Earth?
    My .02.

  • Andrew Terry

    You say, “in my own case I (Alasdair) discovered a list of hundreds of thousands of wireless access points that my iPhone has been in range of during the last year.”

    The logging of wifi access points and their co-ordinates sounds very similar to what Google was doing with its Street View cars. Could Apple be facing the same kind of trouble that Google got in to?

  • http://radar.oreilly.com Mac Slocum

    A number of commenters have rightly raised the question of who has access to this data. Alasdair and Pete note at the end of the video that there’s no evidence to suggest the data is leaving your custody.

    To further drive that point home (and acknowledge that a mention at the conclusion of a 20-minute video isn’t exactly “highly visible”) we have included a new segment in this piece titled “Who has access to this data?”

  • http://jor.is Joris Witteman

    Doesn’t this merely have to do with the Places feature that’s part of the Photo/Camera app?

  • http://grenangen.se Marcus

    Just as Drew Gulino menions in his blog post, symlink it to /dev/null if you have hacked iPhone and the problem is solved.

    And it’s not the same thing as using 4square or gowalla. This is being tracked / logged without the control of the user. I my self use gowalla, but only sometimes and it’s always on my terms.

  • http://blog.precom.at PRECOM Rainer

    I see it like @Tadg…if the data isn’t sent to anyone, it’s not worth talking about…

  • http://rossnotes.com Ross M Karchner

    Joris might be on to something– pictures and coordinates are probably associated after the fact, by looking in exactly this kind of log and connecting them by timestamp.

    The fact that the log keeps growing is probably just laziness/sloppiness on Apples part.

  • Kevin

    Sounds like another thing for divorcing spouses to subpoena…

  • http://wesmorgan.blogspot.com Wes Morgan

    There’s an aspect to this discovery that hasn’t really been discussed – the potential for third-party exposure.

    I work in software support, and I often travel to customer locations to provide on-site assistance. As far as I’m concerned, it’s no one else’s business if I’m working with a particular customer. I make it a point not to use location-based apps to “check in” on customer premises, out of respect for the customer; I don’t want to generate any “Oh, Foobieblex Inc. must be having problems if Wes is there” kind of chatter.

    The fact that this information is preserved on a mobile device means that “some app” could retrieve it, rebroadcast it, et cetera. That strikes me as a potential privacy issue not only for me, but also for my customers.

  • David P N

    That information is used for the Wi-Fi and Cellular based location that ipod Touches, iPads with Wi-Fi only and iPhones and 3G iPads use when a GPS lock is not available.
    That information is anonymized and ciphered to apple, over a Wi-Fi connection, every 24hours when available (if no Wi-Fi is available in the next 24hours, then when the next Wi-Fi connection is available).

    Whenever you use a location application (with available GPS), the iPhone stores GPS coordinates and additional radio signals information. It’s standard stuff for location-bases systems (check out skyhook wireless, for example).

    Apple has disclosed all of that information before – how it stores and uses it – (at a senator’s request):
    http://markey.house.gov/docs/applemarkeybarton7-12-10.pdf
    You can see the full ‘issue’ in this page (includes the privacy concerns request, and apple’s response):
    http://markey.house.gov/index.php?option=com_content&task=view&id=4055&Itemid=141

    Regarding the .pdf, it’s an interesting read, but the main part is section II. – location-based services. Part C is where they talk about what they gather, etc.

    This has been disclosed back in July 2010. This is a known thing.
    Also, Google, Nokia, Skyhook Wireless also store information like this.

  • Kevin

    Sounds like something divorce lawyers and police drug units will start subpoenaing.

  • http://wesmorgan.blogspot.com Wes Morgan

    I understand how they use the information, but I don’t see why it needs to be preserved/maintained for any significant length of time. The article mentions that they find “typically a year’s worth of information” when this data is reviewed.

    Perhaps the “fix” could be an option by which the user can set a retention level for this data.

  • http://hemispheres.leberwurstsaft.de/en/ Pit Garbe

    This is most probably just to achieve this:

    Faster initial, approximate location by cell or WiFi network. First time you’re on the spot the iPhone records the positions of cells and WiFi networks, keeps them around *forever*. Whenever you want to have your current location (e.g. in Maps.app) it’ll be quick to lookup for the surrounding cells/WiFi networks, whether you have come across them at some point. Use the recorded location as a guesstimate, then refine with real aGPS data.

    And there’s your “location log”. It’s actually a cell, WiFi station – position cross reference table.

    One remaining issue: Why the timestamp? It’s quite unnecessary to achieve what I think they’re doing.

  • http://mikecanex.wordpress.com Mike Cane

    Ah! TV writers just got a new plot device. Countdown to this being in ALL the Law & Orders and ALL the CSIs in 5… 4… 3…

  • Paul Benjamin

    Combine this story with the one of the Michigan State Police dumping smart phone on traffic stops.

    http://www.popularmechanics.com/technology/gadgets/news/should-cops-be-alowed-to-scan-your-phone-during-a-traffic-stop-5587825?src=rss

    You can’t move and you can’t hide.

  • http://fettemama.org fefe

    This is outrageous! Legal action (in germany) will be taken!

  • http://none Chris

    You say “Don’t panic”
    Have you seen this?

    http://www.thenewspaper.com/news/34/3458.asp

    “Michigan police found the device could grab all of the photos and video off of an iPhone within one-and-a-half minutes” they are working on a wireless version

    “The device works with 3000 different phone models and can even defeat any password protections.”

    Cellebrite UFED Physical Pro used by police –
    http://www.cellebrite.com/forensic-products/ufed-physical-pro.html

  • Tony Arkles

    I’m looking at this data a bit… It looks like the WifiLocation table is keyed off the MAC, so it would only have (in theory) an entry for the last time each hotspot MAC was seen. I’m on an iPod Touch 4G though, so I don’t have any cell tower data to look at in my database.

    Still pretty creepy…

  • Stefan

    Weird, my MacBook tells me the iPhone Tracker application is “not supported on this type of Mac”. Is it PowerPC only?

  • oriste

    I understand you want your 3 minutes of fame, but this is old news. I can’t believe you didn’t read this article, published in September 2010 – http://bit.ly/dT4qo4 – it could have saved you a lot of “stumbling upon”.

  • Jon

    Tried to download your app but was told “You cannot use this version of the application iPhoneTracker with this version of Mac OS X.”

    I’m running 10.5.8 — is there a version that works with that?

  • Tony Arkles

    Pure speculation, but I’ve been thinking about this a little more.

    The WifiLocation table sounds like exactly the data that Skyhook would love to have to improve the performance of their MAC-address-to-rough-GPS-coordinate database.

  • http://twitter.com/thomas_witt Thomas Witt

    “Privacy means people know what they are signing up for in plain English. Some people want to share more data. Ask them. Ask them every time. Let them know precisely what you are going to do with their data.”

    – Steve Jobs last year at D8 conference (http://www.allfacebook.com/steve-jobs-offers-his-opinion-on-privacy-at-d8-2010-06)

  • http://www.thomas-witt.com Thomas Witt

    And by the way, you all opted in:

    «Location-Based Services

    To provide location-based services on Apple products, Apple and our partners and licensees may collect, use, and share precise location data, including the real-time geographic location of your Apple computer or device. This location data is collected anonymously in a form that does not personally identify you and is used by Apple and our partners and licensees to provide and improve location-based products and services. For example, we may share geographic location with application providers when you opt in to their location services.

    Some location-based services offered by Apple, such as the MobileMe “Find My iPhone” feature, require your personal information for the feature to work.»

    http://www.apple.com/legal/itunes/uk/terms.html

  • Vik

    I want to SUE them! I’m a big privacy freak and how dare they track me? I didn’t allow them! I don’t even allow any apps to use my location. I am so angry and disillusioned.

  • fra

    Are people really this paranoid. This is a not a privacy issue at all. Your movements/whereabouts are recorded in many ways by many other methods e.g. when you use your credit/debit card, CCTV, check in at hotel, airport, restaurant etc. There are already logs kept by mobile phone companies when your phone connects with one of their masts. This is a log on your device!!!

    Just what are you people all up to that requires such a level of secrecy…from yourself!!!

  • Mike

    Also thanks from Germany!!

    Mike

  • http://www.roughlydrafted.com DanielEran

    As David P N notes above, the most likely reason for collecting location data is to build up a connection between WiFi hotspot MAC addresses and GPS coordinates, data Apple once got from Skyhook Wireless.

    Keeping a record of this information helps the device find its location faster than having to poll satellites or cell towers each time you take a geotagged photo, or use an app that wants to use your location. Apps have to ask, but the system has to know, and be able to supply this quickly or else the user has to wait around.

    Timestamping this data would coordinate the connection between WiFi base station discoveries and GPS/mobile tower locations, as your location is discovered in 4D space as you move. If you walk into a building and are suddenly out of range of GPS or mobile service, but have WiFi, the system can assume you’re still pretty close to where you were.

    As to why this information isn’t protected like Fort Knox, it’s probably because it’s not any more valuable than your browser cookies, user documents, contacts, or other private data that could maliciously be used to do bad things.

    This report seems to be a little over the top and behind the curve. That said, Apple does need to keep advancing security (for example, by offering real full disk encryption), but iOS is already far ahead of other mobile platforms. At least it is the vendor on the hook here, and not random Android app developers from China.

  • Michelangelo D'Agostino

    The first hits on my phone were all right next to Cupertino, before I even bought it. Did anyone else notice that, or did some employee take my phone out first?

  • http://www.everydaysnews.com andaja

    there are many spy software for iphone/ipad
    as stated here
    http://www.everydaysnews.com/2011/04/iphone-spy-software/

  • Dave Wood

    I rather suspect this data, and the Google Maps similar data; is collected as a direct result of ‘secret’ negotiations with the US government as part of their Anti terrorist activities. Unfortunately if it this true it has to be ‘deniable’ and the company will always appear to take the wrap.

    Although I have little sympathy for US ‘world domination’ I fully understand why the US wishes to defend their own borders using whatever technology they can put their hands on which enables them to keep one step ahead. Any government would be failing in its duty if it did not get involved in such subterfuge.

    At a personal level I am more concerned with the memory being gradually reduced on my device.. :)

  • paul

    Interesting. I could actually see uses for this, just to see how much repetitive travel I do without realizing it. And yes, I could *remember* to log trips but that doesn’t seem to work so well ;-)

    The instructions to find all the data were a little out of sync with what I found:
    • the actual data directory is ~Library/Application Support/MobileSync/Backup (no final s on Backup)
    • there is no “iphonels.py” script, as mentioned here [http://petewarden.github.com/iPhoneTracker/] , but copying and pasting the code listing at comment 3 at http://stackoverflow.com/questions/3085153/how-to-parse-the-manifest-mbdb-file-in-an-ios-4-0-itunes-backup will get you what you need
    • and the Manifest.mbdb file is one level deeper in one of the randomly-named directories in the Backup directory

    Not complaining, just hoping to save someone else some time.

    This is interesting stuff. I think we need to be aware that our right to privacy may not be as all-encompassing as we think it is. There’s no evidence that Apple is anyone is doing anything with this and it could just be a programmer error, a debug/testing mode that never got toggled off in the release process.

    The first legal challenge where someone attempts to convict or exonerate, based on data gathered by a personal device, can’t be too far off.

  • Kelly Location Withheld

    If you are surprised and/or upset you are also an idiot!

  • paul

    Sorry for the duplicate comment: typical movabletype slowness made me think the comment posting process was hung (seriously, a site as big as O’Reilly still uses movabletype?). Looks like quite a few of us got bitten by that.

    commenter oriste links to an earlier citation of this, in a bid to boost that site, but what’s missing is that the poster here has built the tools to get into this data while the site he mentions still hasn’t. As someone said, real artists ship.

  • Donna

    See that! Soon we won’t need expensive DNA tests anymore. We’ll just use cell tower memories stored on our phones.

  • Christian

    “if the data isn’t sent to anyone, it’s not worth talking about…”

  • Tom
  • http://radar.oreilly.com/aallan/index.html Alasdair Allan

    Christian, accidentally leave your iPhone in a bar and then say that again?

  • http://whatreallyhappened.com Michael Rivero

    I would suggest that the purpose of this system is surveillance on the public for various government agencies. Computer makers are compromised by government all the time. Remember when Microsoft accidentally revealed NSA_KEY in their crypto service?

  • janey

    oh boy. how long before lawyers get all over this and someone else files another lawyer-loving class action lawsuit? ugh..

  • http://www.vesselhead.com Rebecca Dias

    Could be used to determine if roaming charges are valid.

  • Nick P.

    And.. YES… west virginia is “hilly”.

  • Anonymous

    Why not just visit http://oo.apple.come from any IOS4 device and opt-out?

  • Pedro Menezes

    never seen so many icons in a dock before!

  • k6o

    I can see track data on Japan where I live, but I can’t see tracking data on US I visited last year. Roaming data doesn’t seem to be stored? I accessed AT&T netwrok as roaming when I was at L.A.

  • Gurloc

    It makes perfect sense. Since you agree to allow Steve Jobs to havest your organs to keep himself alive (did you miss that line in the iTunes user agreement you clicked on?) he obviously needs some way to find you so he can harvest them!

  • Happy on 3.1.2

    Not on all iPhones. Only on iPhones with iOS4.

  • steve

    Does this mean that Foursquare is obsolete?

  • Jody Whitlock

    Well, I think this is interesting. I can see where this is very helpful for a parent. now I’m not saying replacing your trust in your child with technology, but since kids will be kids this can help to make sure that when that knock comes at the door, you can help to prove your childs innocence beyond a shadow of a doubt.
    Personally, I do not own a Mac or ever will purchase one (even though I do have an iPhone), I will be looking to develop a Windows app that will be able to parse this file.

  • oriste

    Commenter Paul should re-read the first line of this article: “Today at Where 2.0 Pete Warden and I will announce the discovery that your iPhone, and your 3G iPad, is regularly recording the position of your device into a hidden file.”

    They will announce the DISCOVERY, not some program that can display geo-locations on a map. In my comment I point to the fact that this “discovery” took place more than 6 months ago by another person. Real artists copy?

  • Variegate

    Way too much Apple fanboys in the comments to remain objective, if you ask me.

    If it were MSFT they’d be plagued with courts by now.

    Ah, the irony.

  • Haggie

    I’m very happy that my wife does not read O’Reilly…

  • Alkhemist

    I used to feel the same way some of you feel — that if you’re not doing anything “wrong,” then it shouldn’t matter what is shared. But I no longer feel that way. Why? Because I read the news. ONLINE. (TV infobabes don’t count as “news.”)

    It’s amazing how many people have been suckered into a false sense of security by the Fatherl– I mean, Homeland Security. Are these people okay with the TSA groping six-year-old girls, too? Just how much freedom are you guys willing to give up?

    I hope to God these people wake up before it’s too late.

  • Scott

    OMG I just discovered that my contacts and calendar info is synced between my iPhone and Computer! Those bastards! There were no blinking lights telling me to opt out. This is even worse because if someone steals my computer and phone and hacks them they will know where I will be in the future.

    In other words, you are seriously stretching the privacy issue here. But look at all the clicks you managed with your sensational article title, nice work!

  • http://www.xonk.de Largos

    It is really worrying what Apple does with the Monopol it holds…

  • Joe C

    For iPod Touch users, wi-fi location data is stored, it seems. Of course, having no GPS or mobile phone technology, the iPod Touch can only know where it is once you’ve connected to a wireless access point somewhere, but when it does it then must download a list of other access points nearby (within a certain radius, perhaps – I’d estimate about a mile, but this is anecdotal). This is how you can go out of wi-fi range with an iPod touch but it will still figure out your location as long as you don’t move too far away from the last wi-fi point. (I’ve found this feature very useful when travelling!)

    The backup data store includes this location information. I’ve just had a look through the data for my iPod Touch, entering the co-ordinates into Google Maps, and it’s got a pretty accurate list of my movements over the past year or so – but only in places where I’ve connected to a wi-fi hotspot at some point (even if I’ve then disconnected, it’s been able to track the movements due to the feature mentioned above, until I leave that area, then it has to connect again to know where abouts it is, and so on).

  • Oh sigh

    The naivete of some of the people commenting above is frightening. For your information: companies track you, they analyze your behaviour with the device, on the device. They do this to understand your profile better, to be able to e.g. enable targeted marketing. They can also sell this information on to marketing companies even if they don’t use it.

    It is not even funny reading some people accusing consumers of being “paranoid” about this activity. You people are so clueless it hurts. You have no frikkin idea what has been going on for many years in consumer analytics, you just obviously don’t know anything about the topic. Shut up and go bury your collective head in sand.

    The writers of this article are worried for a good reason. However, it would do them good to get inside Google, Apple or Facebook to see how shit gets done IRL.

  • Anonymous

    What happens if you just remove the files?
    On a Mac, you can use TextWrangler (free)
    to look at hidden files, open them,
    delete all the info and then save or
    delete the info, save, and then delete
    the files.

    But then what goes wrong? Anyone know
    before I try?

  • Allan

    @Scott, is that a serious comparison? If, then you take the top price of fanboys, just on top of MG Siegler, congratulations.

  • John Doe

    Kevin wrote: “Sounds like something divorce lawyers and police drug units will start subpoenaing.”

    A curious spouse with access to your laptop or home computer’s iTunes application won’t need to bother with a supoena.

  • Ghost

    The very first entries on my two iPhones are in Las Vegas, NV. Dated before I received the phone.

  • Chris

    @R Barrett, those are opt-in. Never opted-in for apple to store locations on a local database on my computer.

  • paul

    Commenter oriste might want to consider that many people can discover the existence of thing but the person who actually does something with the discovery is the one who gets into the history books. If they were unaware of the earlier announcement — and since the person you’re defending didn’t actually do anything with what they found — a search might not have yielded anything. I just searched for “ios4 location tracking logging” and the site you mention is not on the first page of results, despite the mentions here.

    This — “A colleague of mine and I are currently developing a small application to parse this data out of the database and plot it in either Google Maps or Earth. Stay tuned to this spot for further updates and I’ll post it as soon as it’s ready.” — dates back to September 2010.

    And a comment from the author — “Based on the new information I’ve seen from testing this on other DBs, I believe my original guess on what this data was is off. From some of the other research I’ve been seeing as well as some more of my own, I’ve seen that these points are more about the towers or points the phone is seeing. Including the WiFi data.” – sounds like a bit of a walkback. So either they didn’t discover what they thought or didn’t look at it in the same detail as the posters of this page did.

    I’m not sure how much I trust the data logged anyway as I don’t see places that should be there, places where I have used location service to geotag an image, and see others I have never been even close to.

  • Anonymous

    Alasdair and Pete,

    What about all the files found in “/private/var/root/Library/Caches/locationd”?

    I have an iPhone 3G on iOS 3.1.2, and although the “/Library/Caches” folder is empty, there are still some GPS tags in the “/private/var/root/Library/Caches/locationd” folder in the file “cells-local.plist”.

    There is also a file “lto2.dat” which is about 45 KB in size, and is referenced in the “cache.plist” file. Specifically, “cache.plist” has a string which reads “FileUpdate.http://iphone-wu.apple.com/7day/v2/latest/lto2.dat“. Seems strange, why is this huge file being updated weekly, maybe even uploaded?

    Could you please look into those and update your post to reflect your findings? Thank you.

  • David

    As has been pointed out, cell phone companies have this tracking information, but law enforcement authorities require a WARRANT to see it.

    Because the tracking info is kept on your iPhone, California authorities need only arrest you to see it, no more pesky warrants:

    http://articles.cnn.com/2011-01-05/tech/search.warrant.phone.gahran_1_cell-phone-text-message-drug-deal?_s=PM:TECH

    “…the California Supreme Court ruled that police in that state can search the contents of an arrested person’s cell phone.”

  • Jonathan

    Has everyone just been using the iPhone Tracker app and not looking at the consolidated.db itself?

    I’m on a PC, so that wasn’t an option for me, so when I finally got access to the file, I also found a table called “LocationHarvest” which seems to contain harvested GPS data from whenever the GPS has been on. This table stores VERY ACCURATE location data from when I used TomTom to navigate while driving or Runkeeper to record my running. There is also speed data in this table (implications for traffic tickets, etc?).

    Compared to ~2000 entries in the CellLocation table, LocationHarvest has ~7000 entries.

    tl;dr: GPS data is being collected and saved as well, but only when the GPS is activated via another app — however this information is much more accurate.

  • http://radar.oreilly.com/aallan/index.html Alasdair Allan

    Jonathan, That’s an interesting discovery, my own LocationHarvest table is empty. Which if it’s normally full of GPS data is somewhat puzzling as I can get lost in a car park so I use the GPS fairly heavily.

  • Mike

    The iPhoneTracker app does not run on a macBook?? Bad cpu type

  • http://www.locustid.com/ Nick Oba

    Great expose, good job guys.

    Having said that, I agree with DanielEran above, this is a logical thing to do for connectivity reasons.

    Also, why is everyone assuming it’s Apple that want this data? If I were a carrier, I’d want to know how people are using their iPhones so I can provide better coverage.

  • MAO

    “It means nothing, blah blah blah your paranoid. blah blah blah your a conspiracy nut blah blah blah it’s for your own good”

    BLAH BLAH BLAH until your soon-to-be-ex-wife gets a court order allowing her attorneys access to the phone information to establish corollary evidence that you are in fact having an extra-marital affair with said “female”. Or the I.R.S. and Treasury agents hand your attorney a warrant from the court establishing “Bank A safety deposit box” as the probable location of undeclared cash income from your business operations. Or the local police arrest you at home for leaving the scene of an accident when you clipped the side of that car in parking lot of Wmart and “screw it I’m going home”.

    Thank You Apple and ALL the other Companies for DESTROYING THE RIGHTS AND FREEDOMS ENSHRINED IN THE U.S. CONSTITUTION.

    Sincerely,

    Your Low Class, Criminal Customers

  • photonboy

    When trying to run the data visualizing program I get an error that says it can’t be used with my version of OSX. I am running 10.5.8.

  • +++ath0

    Just thought I’d post the CellLocation table structure here for all to see:

    CREATE TABLE CellLocation (MCC INTEGER, MNC INTEGER, LAC INTEGER, CI INTEGER, Timestamp FLOAT, Latitude FLOAT, Longitude FLOAT, HorizontalAccuracy FLOAT, Altitude FLOAT, VerticalAccuracy FLOAT, Speed FLOAT, Course FLOAT, Confidence INTEGER, PRIMARY KEY (MCC, MNC, LAC, CI))

    as you can see the cell tower IDs MCC, MNC, LAC and CI are declared as PRIMARY KEY, so this table will have a single unique entry for each cell tower.

    No tracking of regular movements is possible. Also only cell towers locations are stored, no movements within the cell tower range.

  • Ivan

    The Police can use their new device to hoover that data up at traffic stops
    http://www.thenewspaper.com/news/34/3458.asp

  • http://www.forensicfocus.com/index.php?name=Forums&file=viewtopic&t=7012 elferp
  • Stephen Culver

    I ran the tool, and it appears that it is only getting cell towers. You really can’t tell where I was in any detail, and spots on the map are huge where I never go in my city (but I might be using the cell tower). In bigger cities where there are more towers, this might be an issue, but I really don’t see how this information could negatively affect me personally.

  • JL

    Perhaps someone asked, but here’s a practical question: for those of us selling our old pad for the new iPad 2, when you reset the pad in iTunes will the consolidated.db file reset as well???

  • chawker

    Great opportunity for break-ins, serial killers, anyone who needs to know someone’s daily habits. Lovely job. Apple, making potential victims the most vulnerable.

  • Zen Ism

    Google “consolidated.db” and you’ll see articles from September of last year about this file and how to access it.

    This is not a breaking story.

    I never expected click-bait titles and other tripe from O’reilly…

  • Julian Day

    Where is that girl with the mallet when you need her?

  • bawker

    Love seeing all the “Apple is the anti-christ” comments all over about this story. Does no one remember the commercial where the guy was a big dot, looked like the girl in Willy Wonka who turned in to a blueberry. I can’t remember the carrier, but I’m pretty sure the iPhone hadn’t been released yet, and you could look at a map of where your friends were. They appeared as dot, which is why the guy was a big dot. That seemed scary to me at the time, but the technology is nothing new.

  • AnthonyE

    Big Deal. So this information is stored on my computer at home when I back up my iPhone. If some malicious person accesses my computer I got bigger problems than them finding out where I was last week. They have my tax records, etc. etc. If they got a hold of my computer, they already knew where to find me.

  • http://www.willclarke.net Will Clarke

    I’ve been poking around at the data for a while and it would seem that, as others have posted, it is NOT storing your location but rather the location of the cell towers that you have communicated with. My guess is that it does this in order to help you find better signal or discover cell towers more quickly when you’re in an area that you’ve been before.

    I am confident of this because I’ve analyzed a bike trip I went on where I was using GPS frequently on back roads. The phone should have known my exact route since it was placing me correctly on the map as I traveled but instead the data points are all clustered near major roads that I DIDN’T travel on and cities that I went around. This is because there were no cell towers near where I was and it was instead communicating with towers far away.

    This isn’t to say there aren’t privacy concerns, but the fact is that this data can’t reveal your location with a high level of specificity at all.

  • http://leuropa.eu/apple Robert Redl

    Steve Jobs about privacy, location in phones at D8
    “Privacy means, people know what they SIGN UP for in plain english…”
    http://www.youtube.com/watch?v=39iKLwlUqBo#t=1m2s

  • http://trendtradesystems.com/etftrendtradingreviews.html Bill@ etf trend trading review

    Hm, thank God I have a plain phone. Why would I need an iPhone?! Right? The info Apple can get on you, can be sold as marketing data.

  • Jim Read

    Wow. I didn’t know about this. Why is apple tracking me? Is this even within privacy laws? I feed betrayed. Feel like not using iphone anymore.

  • Anonymous

    i say bring back the old nokia 5110 no camera no wifi no gps just a plain jane phone lol

  • Jonathan

    @Zen: I did a Google search and restricted the date range to everything older than the past few days, and couldn’t find anything extensive about consolidated.db. If most of us did not know about this background tracking before this, and now we do, that IS breaking.

    @Alasdair: I’m not sure why my LocationHarvest table is populated but yours is empty. Possibly because I don’t uses the native “Maps” app much, though, and the data is definitely archived/”harvested” from the past few days of my TomTom driving directions and Runkeeper running/route tracking.

    (I’ve only had IOS4 for a few weeks, so I’m not sure how far back this data could go, but this table could definitely get very big considering the extensiveness of GPS data).

  • Jonathan

    @Alasdair: I take my last thought on the native “Maps” app. Not even trying to purposefully test this in the last few hours, I used the “Maps” app briefly this afternoon and just now I compared the changes to my consolidated.db and “LocationHarvest” table.

    There is new data, even though I only used “Maps” to look something up, but then put my phone to sleep/standby for the drive. The data corresponds to the times when the phone wasn’t asleep because the the screen turned on to show a new text message or notification (even though the “Maps” app wasn’t in focus).

  • http://www.willclarke.net Will Clarke

    Again though, it looks like Apple is not storing the location of the phone, it’s storing a list of cell towers you’ve communicated with. It’s not using the cell tower to triangulate YOUR location, it’s using GPS and other towers to triangulate the location of the towers.

    I typed up a detailed analysis of the data from my phone, compared against a known route I took. You can read it here:
    http://www.willclarke.net/?p=247

  • Hamranhansenhansen

    I expect an O’Reilly writer to know the difference between “Apple is recording your moves” (not true) and “you are recording your own moves” (true).

    In the United States, the government does not even need to get a warrant or even do any paperwork to track you via your phone, even if it is a feature phone, the cell tower knows where you are, and the carriers have even made the government a convenient app for that. Between me, AT&T, the government, and Apple, it is only Apple that DOESN’T KNOW where I am.

    Very poor showing from O’Reilly. DO BETTER.

  • kyle

    A) I would hope in the event someone kidnaps me, that maybe this could be used to find me

    B) As a wireless carrier, I might want to find out where to put more service appliances – As a wireless customer, i encourage the use of this information

    C) If the government or apple, or some emerging paranoid entity of the 2 uses this to see how much i’m going to the Dildo store, well, more power to them, I hope it’s worth a laugh in the analytics room.

    Fear mongering at it’s best. I could read more into an A-HA video.

  • http://radar.oreilly.com/aallan/index.html Alasdair Allan

    Will, interesting analysis. Many thanks for that!

  • bobz

    I checked out the data. At first I was ready to be pissed. Im glad I only sync to my computer.

    But this looks like tower/signal strength data not location data.
    Of course it by nature identifies some range of mobility indicating presence.

    I doubt after a few more days pass if anyone will really care…not sure I do, but I guess Ill think about it and see how Apple responds.

    Apple tends to compound stuff like this so an arrogant condescending response might change my mind as to whether it bothers me.

  • Azin

    So I think it’s cool that you guys visualized the data, but please do give credit to the researchers before you: http://wp.me/pVqgQ-19

  • http://www.willclarke.net Will Clarke

    You’re welcome! Like I said in the post, I think you guys did great work putting this together and there are definitely still privacy concerns, but you might want to restate things a bit. If what I’m saying is correct, “A hidden file in iOS 4 is regularly recording the position of devices” is technically wrong.

    Also, it would be good to clarify what kind of detail we’re talking about. Your iPhone can get your location within a few meters, but if what it’s storing is cell tower location then your actual location could be thousands of meters away. That’s several orders of magnitude less precise.

  • eponymous

    …and then they came for the iPhones, and I didn’t speak out.

  • Jonathan

    @Azin: I believe the core of “giving credit” would require that these researchers use the resources, results, or information from the cited source. To me, its not clear they did.

    While you give a link to what appears to be someone that has done some very comprehensive work, he did so in a niche and in an unpublicized way. Alasdair Allan and Pete Warden might have found this independently and on their own and publicized it widely for the exact reasons Alex Levinson was not as vocal/open: this brings up lots of privacy concerns and is a very valuable resource for forensics, etc.

  • http://strenan.tumblr.com Arif Muslax

    This is not new and this is not secret.

    3 Major Issues with the Latest iPhone Tracking Discovery

  • Jonathan

    @Arif: Azin (above) linked to the same page, which is good, because I want to correct myself and say I do not want to assume that I know Alex Levinson’s motivations.

    Rather than say Mr. Levinson (who wrote that page with his 3 issues with Alasdair Allan and Pete Warden’s research and “discover”) would have wanted to keep this revelation secret, I will just say that maybe the computer forensic industry has known about this for a long time, so this isn’t “new”.

    That doesn’t mean it was not “secret” though, as I would assume the computer forensics industry would probably not want their methods widely/publicly-known, especially if a certain popular device is always recording (rough) location data that can be “one of the most forensically rich files an analyst can use” (from Levinson’s chapter in the ‘IOS Forensic Analysis’ book).

    If all of a sudden now that this tracking is all over the media, experts come out and say they’ve known all this time (even if they have documented and discussed this in their niche conferences and publications), it can still be news to us consumers who didn’t know about this potential breach in our privacy expectations.

  • JL

    Excuse me that I’m insisting, but can someone answer my pratical question (even if it’s, ‘I don’t know or know one knows”): if you reset your iPad via iTunes before selling it, will this file or others similar to it reset or will your cell tower usage tracking (locations) still be present on the iPad? thanks!!!

  • Rob D

    Looking at the WiFi location details for long/lat (WiFiLocation), that seems to be much more specific/accurate.

    On my phone, it was giving me the exact location that I had used WiFi connections, and since WiFi has a very short range, mapped onto Google maps, it was placing me in the building that I actually used the WiFi connection from.

    Agreed, that some of the data wasn’t 100% accurate, but it was much better than the GSM tower locations.

  • http://www.darknet.org.uk Darknet

    Yah this is not new, nor revolutionary, nor some kind of secret.

    It is however interesting and I’d wager that the majority of the iPhone using general public don’t know about it.

  • Marc Jansz

    and again: Apple is evil

  • Pete Austin

    “1) Apple is not collecting this data.
    2) This hidden file is neither new nor secret.
    3) This “discovery” was published months ago.”

    https://alexlevinson.wordpress.com/2011/04/21/3-major-issues-with-the-latest-iphone-tracking-discovery/

  • Rob D

    For the CellLocation table, if you plot the data with only rows where HorizontalAccuracy = 500, then it much more accurate.

  • MrV

    This is an insane violation of basic privacy, remember all the furore Microsoft would receive if it’s web browser had a security flaw.
    Society becomes more orwellian by the day, not that the serfs really care.

  • michel

    doesn’t work for me..

    http://img685.imageshack.us/img685/5229/schermafbeelding2011042.png

    Couldn’t find “consolidated.db.”

  • http://yasirimran.blogspot.com/ Yasir Imran

    This move from Apple is quite un-necessary and I must call it stupidity.

  • Jonathan

    @Pete:
    1) Yes, it looks like they’re not collecting it… YET. For now, they’re recording it.
    2) Did you know about this file before this? Did Apple tell us about this file?
    3) Did you see the earlier publication of this “discovery”? Me neither. Neither did everyone else that doesn’t subscribe to specialized computer forensic publications or read the IOS computer forensics book (and even in that book the description of the file is less than 1 page total out of over 300).

    That link has been posted many times now.

  • Bob

    No one will ever use any information against you. There are no two or more people that have ever conspired to commit crimes against others. All conspiracies are only theories. Please enjoy your portable communication devices as though no one is listening or watching you and your families every move.

  • uhuznaa

    Does anyone notice that this is not the phone location but the cellphone tower locations your phone sees? And that this is not a full tracking of where you were at which point of time, since it logs every station only once? So it logs a new station only when your phone sees it the first time and then never again? Not very useful for tracking the user, I tell you!

    Well, I know that hardly anybody cares for facts, but maybe one or two of you are different! Greetings to all intelligent beings out there, nice to meet you!

  • Rob D

    @uhuznaa:
    Although it only logs 1 record per tower, I think its still updating the existing record, so that it is a log of when you were last at that tower, not the first time.

    I haven’t done any massive testing around that, but, all the towers around my home have today’s date & time on them, so its defiantly updating it with the current time.

  • Brain Divorce

    So its on my PC and my other half suspects me of an affair with Busty Doris.

    This could bite big and am sure it would not just be me who would be paranoid.

  • Fisken

    Hm, I was looking into this database right now and it certain contains sensitive information. But what about the timestamp, what format does it uses?
    Unix timestamp seems to give the correct day and time but 31 year early. Todays date seems to be 21 April 1980 according to this.
    And it is not MAC-timestamp either?

    This is the timestamp from the database for 21 April 12:14:23:

    325167263.010523

    But when I converts it using online converters for unix timestamp it tells me:

    21 April 1980 12:14:23

    Is this only for me or what?

  • uhuznaa

    @Rob D: You’re right, my bad. It logs every station only once, but it updates the data. Still, this not user tracking. It’s station mapping. Apple is not interested in where YOU are, Apple is interested in where the stations are.

    By the way, the carriers log and store position data all the time. And this data is not on your phone, but right on their servers. They’re tracking you whereever you go, whatever cellphone you’re using and they do not only store the last time you where somewhere, they track you night and day. And nobody complains.

  • Nigel

    This is a panic about nothing. All it is storing is the location and MAC address of wireless networks the phone has detected. This is to help give you an accurate location when you have no GPS reception.

  • Fred

    The world new order – averybody has to be under conrol – say “thank you” to freemasons

  • http://www.blog.drmotte.de dr. motte

    you have been observed! this is part of the invisible tracking of user and location data is harming me and against my personal and digital freedom! who is afraid of me? is this a modern slavery and feudalism?? i will never buy an apple computer any more! is apple a security system of a hidden government of your country? who invest in software like this with nothing getting out of this? all this is part of the vitreous panopticon concept of hidden observation of people! this is evil!

  • Andrew

    How do I view this stuff on a PC?

  • Andrew

    I am pretty sure Apple does receive the locations!
    The phone can know the cell identity (CID,LAC…) from the mobile network, but it does not know the cell tower geolocations (latitude, longitude).
    So there has to be a protocol that sends the cell id to Apple and returns the gps info.

    This communication has to happen, there is no other way you can see a cell tower gps location in the phone database!

  • Jamie

    I read all the posts and the article and the Guardian article.

    A) what is being recorded is cell phone tower and wi-fi interaction-not location of he user specifically.

    B) there is NO mention of the iPhone’s prominent “location services” setting- either establishing or disavowing it’s role here that would record a users location for photos, maps, and other apps.

    Poor journalism, reporting all around.

  • Lorenzo
  • Martin

    Thanks Alasdair and Pete. In the video you were unsure about at what time the phone saved tracking info. I happened to be on a couple of trips lately, and from browsing through and analysing “my” data, I can definitely say:

    - It’s NOT when I sent SMS
    - It’s NOT when I placed a call

    I take it that data points are only recorded when I have “data roaming” switched on

    My guess is that it records data points when I actively start e-mail or any other data service.

    Does this make sense with your own experiences?

  • paul

    If this article — http://www.f-secure.com/weblog/archives/00002145.html — is right, then Apple not only logs this information but collects it, as often as twice a day. The question for forensics experts is now well it’s anonymized: hoping for no MAC or CDMA/GSM markers seems optimistic. Anyone have any details?

  • Fiona

    Interesting story and video but I am quite surprised that Apple was not contacted for input. If they were, I missed the mention. Don’t they deserve a chance to provide context to this capability before publication? You still have the option to challenge their position but to not include it at all makes me wary.

  • DataSpirit

    Good article, brings awareness to everyone that didn’t already know this happened.

    Though I think the comments here are better than the article, some good sensible stuff and a good read.

    I’m not fussed about the collection of data myself, my only concern is how safe it is. The data is pretty easy to access, but knowing this makes you better prepared. And I’m pretty sure all other smart phone’s do this, they just encrypt the data correctly.

    I found a bit more info on accessing the specific location data, hope it helps.

    http://www.iphonebackupextractor.com/blog/2011/apr/21/apple-are-tracking-your-every-move-on-your-iphone/

  • http://www.softfoamearplugs.com greeninil

    Is there an iPhone app to process this stored data?

  • Jim

    I’m sure it’s a great little app. But personally I wouldn’t trust anyone (developers of this app) who don’t state clearly that it is for Macs only. Why not make this clear up front? Are they tricking Windows users into downloading files onto their computers that maybe they use for nefarious purposes. Or possibly they are such arrogant aholes that they forgot most people don’t have Macs and never will.

  • http://www.flickr.com/photos/diffdude/ Rick B

    Here are some maps I created from two iPhones, clearly showing the same data on each phone. Apple must download the location info of Cell towers and WiFi spots near you, in order to help locate the phone quickly. The data is from the CellLocation and WiFi Location tables in the consolidated.db file. They are not storing your exact location, but you can easily see where someone has gone to an accuracy of a couple miles.

    http://www.flickr.com/photos/diffdude/

  • http://androidtabletguide.com/ Storage

    Nothing surprises me with Apple.
    Wonder if this will boost Android and Blackberry sales.

  • http://caffeine.shugendo.org David "Lefty" Schlesinger

    There’s an awful lot of unwarranted hysteria around this story, but it’s pretty clear from an actual examination of the data that the phone is hardly “tracking your every move”. See my posting at http://caffeine.shugendo.org/2011/04/21/iphones-and-location-lets-not-get-hysterical/ for more details on some of the stuff I’ve found while poking around…

  • Conal

    lol.it’s funny to me that some people think this is a non issue. “i can think of 1 x million reasons this is a non story blah blah four square, blah blah….” said the fan boy. People at least have a choice to use those kind of apps. I think most people just assume your locations (with any phone/carrier) are being stored (somewhere) and used for marketing, research etc….I think it would be ignorant to think otherwise. Smart phone people have learned to take the bad with the good. but to store in plain text is kind of sloppy, especially for apple. Iphone owners are just supposed to take Apple’s word for it that this info is not leaving the phone. Even if that is truth, what if the phone gets hacked……Iphones (and other smart phones)are not exploit free….

  • Joe Informed

    Ever head of Alex Levinson? Might want to read his book where he made this “discovery” last year. Time for some attribution.

  • Paul

    Hi there!
    For me the results look a little bit different:
    Screenshot
    I could just use this as a map of the infrastructure of the world ^^

    So I don’t really panic. Apple just failed.

    Edit: Sorry, I just realized I couldn’t add the image directly.
    @Admins: Delete the other two posts, please.

  • Sienna

    Coincidence:

    The Michigan State Police have started using handheld machines called “extraction devices” to download personal information from motorists they pull over, even if they’re not suspected of any crime. Naturally, the ACLU has a problem with this.

    The devices, sold by a company called Cellebrite, can download text messages, photos, video, and even GPS data from most brands of cell phones. The handheld machines have various interfaces to work with different models and can even bypass security passwords and access some information.

    Read more: http://news.cnet.com/8301-17938_105-20055431-1.html#ixzz1KBHx8Yvj

  • http://google Robert

    Dear interested party,
    I will take your post seriously if you change the title of your comment to read “Disappointed Reader”.

    Baiting your indentifer as one that is interested tarnishes your credibility and diminishes the quality of your work. This is not a desired outcome given the criticality of your comments.

    Your a “disappointed reader”, your headline misleads that you are a “interested Party” not disappointed Reader”. APPLES AND ORANGES. How long have you worked for Apple?

    Keep drinking the KOOL AID people, follow the light, these comments are informative, lets see, “just because they have the technology, does not mean they will use it” Really? Really?

    When do conspiracies become reality? Why are they all conspiracies when they seem to far fitched? How is this article a conspiracy? Of course – all companies R & D new technology and spend millions on it and then shelf it – because they like collecting things.

    This has been a point of view, not an attack. And yes, the one world government is fast approaching. We cannot stop it, make it happen, the end comes faster. BOO!

    Robert

  • nfree

    All the comments about the various other ways a person is/can be tracked are not to the point. Neither are those that point out this is not such new “news.”

    Is that all the Apple fanboys have to fall back on?

    Either Apple is incompetent in the apparent lack of truncation in the location database, and/or is a hypocrite for paying lip service to privacy for its users and transparency of its policies.

    Which is it fanboys? Wait … don’t answer! Distract others and yourself by pointing out that we can be tracked in other ways and besides this is old news.

  • JL

    Okay, a last attempt to get a pratical, serious answer to a question that SHOULD concern those of us that have the old iPad and are planning to get the new one (yes, some of us, even if we may have an issue with the consolidated.db file being unencrypted and not divulged to the as clearly as it shold have been, do still plan to use iPads) or simply are going to sell an iPad. IF YOU RESET the iPad in iTunes, will this RESET the file or files in question concerning the locational data???? Please someone, could you say yay or nay to knowing the reply to this question?

    And folks, dropped the bickering or the issue and start thing action and solutions. If you really are bothered by the privacy aspects (sue or join a class action lawsuit) help change it. If not, look for solutions like the authors of the article and other have to try to understand the issue of fix it.

    And that is the basis of my question…finding solutions.

  • Jose Marcelino

    This is such an overblown story just made to bait the iPhone wave, I’m speechless to see such an unbalanced discussion from people claiming to represent O’Reilly.

    Do these so called hackers really not get what a cache file is?

    Clearly this is not the same O’Reilly I used to enjoy before. Well, you can count on me not buying more books from you anymore.

  • Jose Marcelino

    @JL
    I see the writers are more interested in riding their 5 minutes of fame rather than actually help anyone.

    Yes if you set it up as a new device it won’t have your old cell towers in the consolidated.db file.

  • DS
  • Jacob Doobie

    Jose,

    Are you an Apple employee? Or just a fanboy?

    A “cache” file is different from a database that records locations with a timestamp.

    Jacob

  • Xavi

    I believe the data is being sent out. My data transfer logs have data being sent out every night at 2:00am in the morning. I’m asleep at this time of night and the iphone is on standby. AT&T denies any knowledge of what that information is.

  • http://www.howardstern.com Negrodamus

    Wait cant we just ssh into the phone, replace the consolidated.db with a blank file and then set its attributes to read only.

    Im thinking problem solved without having to use an app for it.

  • Jonny

    I don’t use Mac products at all because I actually DO have intellectual property and patent-worthy materials that I don’t want ANYONE to get their grubby hands on.

    I have my own private virtual server with my own private encryption and security schemes to protect these materials. I also provide this service to my clients because mainstream solutions are inferior.

  • Jose Marcelino

    @Jacob

    Neither, I’m a research scientist working in CS, and you are?

    Like it has been pointed out ad nauseum in comments above this file is a simple cell phone tower location CACHE file.

    If you say this isn’t it a cache file you clearly don’t know what cache means.

  • Nat Eguchi

    This program deletes the tracking data from your iphone, making it impossible for people to see http://universlabs.co.uk/iphone.html
    Please Donate :)

  • Scott

    Your cellphone provider has a nice database of your every move that is accurate. They’ve had this for years. THAT is what you need to be outraged about, not a file that is safely on your phone that is not sent to anyone.

  • Jose Marcelino

    Meanwhile it’s been found that Android also has a cache file of cell masts and wifi points.

    https://github.com/packetlss/android-locdump

    It does appear to be restricted to 50 cell masts or 200 wifi points, but still 50 cells is more than most people cover in a day.

  • http://www.dotrights.org ACLU of Northern California

    We are glad that the researchers didn’t just announce their finding but actually created an app that helps you really understand how much information your iPhone has been capturing – that’s exactly what we’re trying to promote with our Develop 4 Privacy Challenge! http://www.develop4privacy.org

  • Simsurfer

    Thank you two guys for discovering this! I dont use foursquare. I did NOT opt in to have my iphone track location. Can someone Please make an “untrack app” we can install easily to remove the tracker?

  • RK

    Not sure they’re doing too good of a job. My map is showing places I have not been to in the last year and several places I did go to don’t show up.

  • NL

    Seriously???

    Who cares??? That’s called TECHNOLOGY. Do you use a credit card? GPS? Cell phone? Internet? Then you can lie to yourself all day long and think that your information is not out there…

    It is ridiculous that people are spending this much time talking or worrying about a non issue…

    Anyone can find out everything that there is to know about anyone they want – that’s called the INTERNET.

    Get used to it.

  • Privacy Nut

    As far as I can tell, turning location services off does NOT stop the tracking. Location services has been off — if not forever, then for many months on my iPhone. I just downloaded the iPhone tracker and was appalled to see the apparent tracks my iPhone left behind, especially when I moved the time-line around. As far as I know, the few apps I have are not “trackers.”

    I agree with those who want the choice to turn it off. I chose not to use Facebook, Twitter or the other services that broadcast one’s life to the world.

    So, let me chose NOT to be tracked by Apple for any reason. (I don’t want to get a whole bunch of ads, either, on something I’m already paying an arm and a leg to use.)

  • Chris Edens

    You need to update your story. Apple has indeed confirmed that they are grabbing this file from your phone every 12 hours or if it’s disconnected for longer it will send it upon cell/wifi discovery.

    Some have said “what’s the big deal, they can already do this”.

    Well, if they want to seek out your phone and locate you they can. Just think for a second! This is different. This is a tape recording of your movements that is then sent to Apple which then apple is free to do with what they want. I assume it’s all being put into a database along with everyone else.

    I’m not trying to be an alarmist and I certainly don’t have anything to hide. However, is this the kind of thing we want from our phone provider’s? I asked to make phone calls and get the stock reports, not to be part of a data harvest with out a clear picture of intent. Hiding a vague statement in the TOS is not being upfront and I expect for Apple to be more forthcoming when it comes to intentionally tracking and recording my personal movements.

    Our Xbox and PlayStation, Wii, Cable TV boxes, TIVO, red light camera’s, search engines, credit card companies, satellites are all busily recording our activity every time we access those devices and then sending it back for market research monkeys and who knows what else to comb through. It is out of control and this is just one more in a long line of privacy violations.

  • Chris Edens

    Sorry for the double post. I’m not sure what happened. Here is the source that both Apple and Google are receiving this file.

    http://online.wsj.com/article/SB10001424052748703983704576277101723453610.html?mod=WSJ_hp_LEFTWhatsNewsCollection#articleTabs%3Darticle

  • Julia

    FYI – Horizontal Accuracy probably refers to the GPS value HDOP – Horizontal Dilution of Precision – which is a value that indicates how precise the lat/long values are.

    In the cases that are wildly off, it would be interesting to see how high the HDOP value is.

    http://en.wikipedia.org/wiki/Dilution_of_precision_(GPS)

  • Jonathan

    @DS and everyone that keeps linking to Alex Levinson’s post over and over again: have you even read both this article and Levinson’s post?

    Levinson works in computer forensics, while Allan and Warden have nothing to do with that field. Levinson might know about consolidated.db, but only published a vague description in a niche computer forensics book, and wrote papers and presented to computer forensics conferences.

    I thought it was obvious, but maybe I just have to be blunt: it was probably in the best interest of the computer forensics industry to not be open/public about how this tracking works. If you read the links on this page, Allan and Warden found out about this tracking on their own while researching something else.

    Why should Allan and Warden attribute or give credit to someone that didn’t help them and only posted more details and a long “I already knew this” AFTER THE FACT?

  • lex

    actually, when i went looking for the consolidated.db file on my iphone 4, i found it in 2 places

    it is not only located in the user data partition, it seems to also be located in
    ./private/var/root/Library/Caches/locationd/consolidated.db

    but i also found this file in
    ./System/Library/Frameworks/CoreLocation.framework/Support/consolidated.db

    however, the interesting thing is that the first one is 5.8megs but the second one is 17.8megs

    i haven’t had a chance to point a sqlite viewer at it yet but that’ll be my next step

  • Jonathan

    To emphasize what this is a big deal to us consumers, here’s how a certain computer forensics software company describes their new feature (new as of one week ago) which uses consolidated.db:

    “This tool parses the file “consolidated.db” that stores the geographic coordinates of the places visited by the device user. GPS coordinates are recorded to the file automatically by the smart phone itself. Once extracted, the program displays this information as a chronologically ordered list of records and reconstructs the approximate route of the offender…” (http://www.prweb.com/releases/2011/04/prweb5246234.htm)

    Its kind of hard to argue about the lack of accuracy/usefulness of this data when certain computer specialists are selling the exact opposite idea.

    This screenshot also shows this forensic software’s uses of the tables of consolidated.db (e.g. “CellLocation” and “WifiLocation”) as the datapoints for mapping/tracking of where someone has been: http://forensicsuite.com/images/screenshots2/images/extras/Locations.png

  • Norman

    Is there a way of accessing this file on a windows 7 system? When I tried the openstreetmaps page just sat there loading but nothing happened

  • markus

    you guys haven’t found out anything new, in fact you got credit for something that was already found out at least one year ago.

    and this service here exists also since September 2010.

    http://www.courbis.fr/Localisation-iPhone-votre.html

    Shame

  • http://planning.freeforums.org Adrian Woolley

    I find it funny that your wife or husband can go home today and check to see where they were on a particular day, strip joints, friends house, brothels lol.

    I made a tutorial to extract and explore the data if anyone is interested. It is very mac friendly and its possible with a PC

    http://www.youtube.com/watch?v=9bu80fkm9TM

  • k.buytaert

    The US FCC imposes a CPNI ruling.
    “customer propriatary network information” or the protection of ones personal data collected through networks.
    I am wondering if this is not an infraction of this FCC ruling.
    It’s most probably also an infraction of similar rules of identity protection in other nations, similar to E.U. privacy protection act.

  • mike

    Can anyone please give a step by step on how to use this application and view my data on a windows xp used to update my iphone. I am not that technical at all

  • Steph

    And to run an Windows-like app ?

  • Info

    I know you may call me crazy, but I know why this information is being kept. Same thing with Google.

    Both companies receive funding from the government. Interesting enough, the DoD. They also coordinate with NSA & CIA.

    NSA has as part of it’s covert operations the DomInt, or Domestic Intelligence Unit, and the SigInt, or Signals Intelligence.

    You may not think the information is leaving, but if you check what information is being by sent via the google and apply update services on these machines you might be surprised.

    Also another factor, remember, apple can remote into any of it’s devices, so can the NSA and CIA. So essentially data doesn’t need to be sent at regular intervals.

    I used to work with law enforcement before and this kind of data can be used in both prosecution and defense, especially since it’s a map of where you have been.

    I’m certain now that this information has come to spotlight apply and google along with the various agencies are not going to be happy. Covert operations work best when they are just that.

  • lex

    actually, when i went looking for the consolidated.db file on my iphone 4, i found it in 2 places

    it is not only located in the user data partition, it seems to also be located in
    ./private/var/root/Library/Caches/locationd/consolidated.db

    but i also found this file in
    ./System/Library/Frameworks/CoreLocation.framework/Support/consolidated.db

    however, the interesting thing is that the first one is 5.8megs but the second one is 17.8megs

    i haven’t had a chance to point a sqlite viewer at it yet but that’ll be my next step

  • Fred Clouse

    It’s sort of like Mobile Spy (http://www.mobile-spy.com), but built into the phone itself.

  • Wayne

    Easiest way to solve this problem is to get rid of the phone. Contrary to popular beliefe, yopu cansurvive without one

  • Keith

    I can still see no way of running this on a PC is it intended that a PC version of the app will be made available. I can find none of the files mentioned consolidated.dl etc anywhere on my PC.
    I have tried all ways but am obviously missing something critical!

  • Jonathan

    @Mike, Steph, and Keith: The file exists also for PC users backing up with iTunes. Unless you’re a bit technical, there is no quick way to get access it yet.

    Roughly, the way I went about it was to use iPhone Backup Browser (http://code.google.com/p/iphonebackupbrowser/) to figure out what iTunes’ masked filename for consolidated.db was, then used a Firefox plug-in (same as what Warden used: SQLite Manager https://addons.mozilla.org/en-US/firefox/addon/sqlite-manager/) to export the database tables to csv format to map using an online tool (http://www.gpsvisualizer.com/).

  • Eric Dechêne

    Can anyone please give a step by step on how to use this application and view my data on a windows xp used to update my iphone ?

    Thanks all

  • Nguyen

    My friend had lost his iphone, if there is a tracker why does Apple and AT & T said that they can not locate the phone?

  • Silence

    I was very disappointed to find it DOES NOT WORK if you run Tiger OSX and have a 3G Iphone that runs iOS3.x (since iOS4 doesn’t work well on a 3G I never updated).

    I wanted this capability on my iPhone

    Would have LOVED it

    In all sincerity

    It would have created a map of my life and it would havebeen such a wonderful thing.

    Very disappointed and I don’t understand all you people’s scared perspective

    Big Brother doesn’t exist

    Its just Evil capitalism

    Wake up this is America.

    Fascism gets crushed – no matter how much the GOP and the Tea Party wants you to believe otherwise.

  • http://www.everydaysnews.com josephine

    some in depth info here too about spying
    http://www.everydaysnews.com/2011/04/iphone-spy-software/

  • Giuseppe

    I see the effect of Facebook & c. people dont understand the equivalence privacy and freedom. They are ready to be slave, their mind are completely washed. they are willing to give up their own freedom for just a simple service…
    “The man who trades freedom for security does not deserve nor will he ever receive either” B.Franklin…

  • http://dashBurst.com dashBurst

    Everything gets tracked eventually, we are stat junkies at heart.

  • tt92618

    Honestly I doubt this information reflects places you have been. The data appears to me to reflect the location of transmitters that the phone has been in reception of, not the location of the phone itself. I took a look at the data on my device and I am confident that the vast majority of the data points reflect places I have certainly _not_ been. In fact, the one place where I use my phone most of all, my home, did not even show up. So what gives? If this data is, as has been suggested, a ‘map of my locations’, then why aren’t any of my locations really showing up? What is this data? I suggest it is engineering data only containing the location of the cell towers and other networks the device has talked to.

    I think this is very much a non issue – I don’t believe at all that this information could be used to create an accurate picture of where you have actually been with your device.

  • NOVA

    The file is in the iPhone filesystem in the folder /private/var/root/Library/Caches/locationd/, correct? I’ve seen a launch daemon in the iPhoneFS named ‘com.apple.locationd.plist’.

    Does anyone know if this is the daemon that records the data? I know that there’s a Cydia package named untrackerd to clean the consolidated.db but it may be more practical to remove this daemon if that’s all it does.

  • Anonymous

    For those that are after the CDMA (Verizon) version of the iPhone Tracker: http://blog.swinden.com/post/4805659184/iphonetrackercdma

  • Binary Ninja

    This so called discovery by these guys is actually not theirs at all .. this was actually discovered by Sean Morrissey from Katana Forensics back in 2010 yet they claim it as their own and fail to credit anyone else pretty bad taste…

    Katana Forensics actually have looked into this file a lot further then these 2 so it makes you think they have alternative reasons for posting and claiming at their own…

  • Joe-Bubba

    Even if the data ends up being used for supposedly benign marketing purposes, it is obnoxious and an invasion of privacy. Isn’t anyone else damned tired of marketeers that make uninvited sales pitches aimed at stealing our money? The whole game is slanted unfairly to the seller’s advantage — i.e., big business. No wonder that the average working man is chronically in debt. Businessmen keep themselves wealthy by keeping the masses poor.

  • http://no roy boate

    You mean we can ever find the a…holes??

    For two decades I worked with a company where there were two people you could never find out where they lived. Those two were the most dangerous I’v ever met; one a sociopath (now working in Romania, an excellent place for him) and one now working inside the Attorney Generals’ office (not sure what he does there, but it ain’t good, I tell ya!)

  • Jonathan

    @Binary Ninja:

    Forgive the exasperated tone of this comment, but your comment is the 3rd or 4th saying something that has already been said and refuted.

    There is no logic to the assertion that this was discovered first by someone else, e.g. Levinson (software engineer and researcher for Katana Forensics), Morrissey (CEO at Katana), etc.

    If you read the links and FAQ in the article, Allan and Warden discovered it on their own — WITHOUT USING THE PAST *SECRETIVE* RESEARCH OF THOSE IN THE COMPUTER FORENSICS INDUSTRY — and announced it as a discovery widely because it was not known to the general public.

    Others (basically those involved in the computer forensics industry) that NOW claim to have known about this a long time ago and argue that its not Allan and Warden’s discover might be technically right, but this article and the media attention this past week is what informed the general consumers and those not in the computer forensics/security industry of this privacy hole.

    Per Morrissey, the fact that this tracking was not very public was a “good thing” for them.
    “The iPhone’s location-tracking file “has been flying under the radar for a while,” said Sean Morrissey, CEO of Katana Forensics. “For forensics (investigators), that’s a good thing. You don’t want to tell the bad guy” that you can get this off their phone.” (http://www.mercurynews.com/business/ci_17911919)

    To me, Katana and everyone involved in computer forensics have no right to say Allan and Warden are “claiming” someone else’s work, or that they need to “credit” past researchers. Allan and Warden figured this out on their own, while other/past researchers were purposefully secretive.

  • GE

    Is there a mobile-app and/or Windows-program (Mac-program) that can used to get rid of or clear the location log file?

  • fakeresearchers

    Allan and Warden just sent this viral that is all they have done and not even correct on a lot of their so called facts .

    Right from their opening titles they insinuate it is recording you when in fact all the other people who have researched this file have found it doesn’t track the person it is only accurate to 700 metres approx or 40 miles maybe approx if the wind is blowing correctly.

    They cant even decode the data correctly it is tracking of cell towers or nodes most likely to get the best signal for the device it is not tracking people like they claim.

    “Got an iPhone or 3G iPad? Apple is recording your moves
    A hidden file in iOS 4 is regularly recording the position of devices.”

    Apple had sent a 2 page letter to the US congress 9 months ago on this issue and after others had raised the same question ..

    Apple did not need to respond to these 2 who were looking for their 15 mins of fame so they can go back to their programming..

  • Mac

    I downloaded the tracker program on Apr 20. Yep, all that stuff was there. I synched my iphone last nite & there was a new ios available, so I upgraded. Today I look and that tracking file is not there. I booted up iphone tracker & nothing appears.

    ‘pparently, they got embarrassed & got rid of the capability, renamed it and hid it deeper, or, __________ (fill in the blank yourself).

  • http://themasterofnews.blogspot.com Master Of News

    After two IT experts, the lack of protection of the iPhone and have discovered iPad, the computer company Apple is now under attack.
    Here more news about Privacy Policy: Apple’s iPhone and iPad under fire or themasterofnews.blogspot.com

  • theMOM

    maybe steve jobs didnt call me personally and say “susan, your iphone tracks your moves. i just wanted you to know that,” but common sense tells me its capable of doing so and more than likely is.

    i read/watch the news and there is always something about criminals getting busted when police check the pings on their phones. i download apps which want to use my current location to find the nearest coffee shop, or free wifi. i use the map app to help me find a location.

    i have a macbook, an ipad and an iphone which all connect to the internet. i download and surf on all three which means someone out there knows where i am at that moment, knows what im downloading and might even have the capabilities of tapping into my devices.

    i have mobileme on all there devices and also on the devices of family members. i can see where anybody in my family is at any time what makes me think no one else can???

    the webmaster of this site can find me if he has a stat counter.

    why in the world am i going to worry about a hidden file on my computer that keeps track of the whereabouts of devices unless im somewhere i dont want other people to know about?

    PS now if they come out with a program that can read text messages without having to download an app or program, call me. lol

  • http://en.wikipedia.org/wiki/Troll_(Internet) Conrad

    WTF Apple? Why didn’t Steve tell me this?

    I’m definitely switching to Android now, it’s better in any way!!!

    Also, I fly below the RADAR ^^

  • Mike P

    Dear all

    I haven’t read all the comments on this (life’s too short…), but this is my contribution to the debate: sorry if it repeats anything.

    I’ve analysed the records in consolidated.db that my iPhone has made of my movements, and found:-
    1) 8,770 latitude/longitude pairs over the period 14th September 2010 to 19th April 2011;
    2) 17,546 MAC address records, over the same period;
    3) an increased rate of recording in 2011 relative to 2010, especially in February;
    4) there are only 175 dates/times recorded, however: from 1 to 151 ‘locations’ were recorded for each single date and time;
    5) on one day this month, 121 ‘locations’ were recorded for a single time, dotted over an area of 3,500 square miles;
    6) I have not visited at least two of the recorded ‘locations’ since I had my iPhone.

    What possible use could this inaccurate, randomly-recorded ‘data’ be to anyone?

  • Jonathan

    @theMOM: Yes, they easily have ways to read your text messages without downloading apps or programs. The same researchers who were secretive/”under the radar” about what they knew about iPhone tracking makes software that can does that too:

    “Lantern was designed to acquire and analyze data from iOS devices (iPhone, iPod Touch, iPad)…. Lantern 2 carves for images and video from physical images. Logical and physical email analysis. Document analysis to include 3rd party applications…”
    http://katanaforensics.com/forensics/lantern-v2-0/
    http://katanaforensics.com/wp-content/gallery/new-lantern-2-gallery/acquisition.jpg

  • kurt turing

    There are some scienctist interested in the behavior of human movements. For instances A-L Baranasi of Northwestern University. This type of data (assumed anonymous) could be very useful in these kind of researchs.

  • MasterX

    I also have checked out my db file for WiFi and Cell locations, after converting it to readable maps i noticed my location was not even listed.
    The closest location is 3.5+ hour drive from my location. Which is odd being i nor the phone have been where the maps pin points show.

  • http://www.secrethomesex.com/ Stolen

    I think society has generally agreed to give up on privacy in exchange for all the other benefits offered by google/facebook/apple…

  • Connor

    People, please remember that Apple do NOT get this data! I’m annoyed, not at the fact that is recording my whereabouts, but that it is so incorrect, it placed me in an entirely different country! Literally across the Irish Sea, and not only this, but It never shows that I used my devices at home or in school, which are about the only places I use it! All these so called news organisations are telling us absolute nonsense!

  • MichiKami

    If any Windows-users are interested in seeing their own data, here’s an explanation of the process:
    http://michikami.blogspot.com/2011/04/ispyphone-your-iphone-knows-where-youve.html

    The map at the end shows the place & time of each location stored, but some are many miles from where I was. I suspect Apple’s goal is to geo-coord WiFi hotspots, with an eye towards location-aware marketing. Nothing really nefarious.

  • Helge Becker

    It is highly disappointing how low o’Reilly can get with creating buzz about a nonstory. This is neither a security problem, nor does Apple gather personal data here. o’Reilly would be well advised to get rid of those 2 idiots that do nothing more then producing themselves.

  • OOOHHHH!!!!!

    BIG Brother is watching some of you, but not others. The iPhone 4 has a special detector in it that determines if 1. You are american, 2. If you engage in criminal activity or not. 3. If you paid your taxes or cheated on your wife in the past 12 months. It does this through a special hidden camera and microphone that have been incorporated into the iphone 4 volume buttons.

    Then there is a hidden app that collates this data and sends it off to Homeland Security and Apple themselves. They in turn have a secret division of 50,000 researchers who spend every day trawling through the information, collate the dodgy stuff about dodgy people and post this into another hidden database only known to HS and the IRS.
    (I got that direct from Steve Jobs’ iPhone because I have been tracking him using this method.)

  • http://www.itrackmyiphone.com Anonymous

    O’Reilly researchers are a bunch of sensationalist reporters at best who published this article without the full set of facts at hand , any actual practical research of the plotting of the maps v location like other have done, they hadn’t even looked into it enough to know this had already been brought up..

    I would not consider them a credible or honest source for solid information on this topic …

    As Mike P and Master X amongst many others in the tech community have proven their app actually is extremely bad in the so called tracking aspects it is not accurate at all …..also how bad the researchers were at interpreting what data they thought they had found… all sensationalism and no facts were reported at a cost to Apple’s reputation

    But hang on this has all be found out after they went to the Internet with their liable story against Apple saying they were tracking their users …

    Maybe the next law suit will be Apple v O’Reilly

  • Geoff Lee

    After using the app provided, I noticed it included location data for which I wasn’t at. It included data points for a mountain I have never been up to. With Wednesdays’ announcement from Apple, it can only be what they’re calling crowd-sources location data.

  • Marv

    Hope this isn’t a rehash of previous comments. It’s a cell phone. Apple can write an app that uploads any of the data in the phone (including pictures), so obviously they can track you and pass the data to anyone they want. If they are not doing that today they could do it tomorrow and with improved accuracy. It’s BAD to be on the Government Radar. Is there any day you haven’t broken some law (for example, going over 55 in a 55 speedlimit zone even though it is safe, clearly an example that one is law breaker, a criminal). Remember that day you told the wife you were at work and you played golf with friend? Remember that significant other that didn’t like you visiting a particular friend? I don’t want to be tracked. By the way, did anyone see in the Apple manual that they are always being tracked? Does anyone think Apple or Facebook have a Social Conscience?

  • jgo

    I agree with Mike. Sure, they need to get a signal, and do the hand-off as you move. No, they do not *need* to and should not record your location down to a few feet. No, they do not need to and should not retain your location information from second to second even if it were only within a mile or even within 3 miles. That’s personal private information and it does not belong to AT&T or any other company.

    The fact that the feral federal government has blessed such abuse for their nefarious purposes is no excuse.

    Location services should be handled by a totally separate piece of hardware that can be physically turned off and/or removed from the device.

  • KB

    As more new has gotten out it also appears that Windows phone 7 and Google have also been monitoring your location, so this isn’t just an apple thing, but they are taking all the heat for it while the other phone makers keep quiet even though they are doing the same thing.

  • ycep

    Dear all, any and all information about a person should and not shall not be open to any one because. This is the hidden secret for the establishment to keep a track of every move we make of what a person is doing!
    It must not be allowed! They must not keep our personal, private and the little freedom that we still have to keep exploiting us.
    We must keep the JACKELLS!!! Out our information our life’s.
    They are keeping selling, Bartering, Trading Exchanging, Distributing or passing our information.
    Remember it is a powerful tool for them to keep making $$$$$$$$$$$$$$$$$$$$$$! And keep us as SLAVES.
    We do not need to be told what to listen, read, eat, or where to go, or trace us where we are etc, etc.!
    Already Banks, Credit Cards, Insurances, The Media and even the Government are miss-using our personal and private life information for their benefits without telling us!
    Will you tell us how to block them out of our cell phones, etc?
    Ycrep, California.

  • NEO MAX

    As a matter of fact, I discovered that Google was collecting our location data last year using Google Maps, street view car and Chrome, so I developed a few online tools to query their server to check how much do they know about us. After checking the results, I found that Google has listed numerous cell sites in their servers, but many MAC address were not included in their location databases yet.

    But I have no idea the location tracking issue would cause such concerns. If you want to know if Google is watching you, check them here: http://bit.ly/m4k4sO

    You can use the tools to query your MAC address, IP address and nearby cell towers.

  • Roland

    I’ts time for someone to construct an electronic device to plug into cell phones and other data storage devices, which would absoultely fry all
    simm cards, memory chips, and any other storage
    medium, I mean completely destroy, no recovery whatsoever. Of course it would have to be designed
    so that it would not destroy just a few initial bits of info before burning something out prior to all info being destroyed, this wiuld make the
    use of the device moot. I’m working on an absolute
    cell phone destruction device for my own use, since electronics is outside of my expertise. The
    conversion of a digital camera case into a thermite pack to place my cell phone in, and ignite (multiple igniters for reduncey) to make sure ignition would be sucessful.Would worry about
    misuse of welding supplies, at a later date.

  • Ricardo Santos

    Lets hope none of the people that minimize the seriousness of this, losses their iPhone or get it stolen.

    Can you see the picture? A person does not only have your phone, but know where do you live, where do you work, what road you use, what is your daily routine. Now you get it?

    The need to keep track for phone antenas is BS. You do not need a long time tracking of the user position. What you need is the current user position, noting more. Of course there is nothing to keep a company to track your whereabouts and sell it. Potential customers, government, your employer, debt colectors, directed ads, psychotic ex-boyfriend that happens to work at Apple, etc.

  • Sam

    Alasdair, are you going to publish a follow-up to this, explaining how the data you discovered is a cache rather than a log?

    Didn’t you notice that each location (be it a cell tower or wifi hotspot) is only recorded once? Surely this should have tipped you off that this is not a log of everywhere you’ve been, but a way of efficiently making use of Apple’s location database?

  • http://www.nacaseven.com nacaseven

    It’s not okay to get tracked like this, but now the data is there, so I want to use it and do nice things with it.

    I wonder if I can use it to geotag my photos from the last year…? Or see how many miles I traveled, … is that possible?

  • Geomorph

    @nacaseven In spite of what Alasadair and Pete reported, it turns out they were wrong and the iPhone is not tracking your every move. So no, you won’t be able to find out how many miles you traveled! This website might be of interest to you, though: https://openpaths.cc/

  • http://esriaustraliatechblog.wordpress.com/2011/07/05/esri-vs-apple-analysing-my-iphone-tracking-data/ Thom M

    I investigated my own data more thoroughly and it doesn’t reveal anything specific about where I live, work, or have spent time. See blog post here: http://esriaustraliatechblog.wordpress.com/2011/07/05/esri-vs-apple-analysing-my-iphone-tracking-data/

  • Dr. P niss

    We have always been watched and tracked. Grow up.

  • http://www.architekturgemeinschaft.de Rob

    Yes, that can make even fear, but the products are simply superb

  • Valentino

    Is there anyway to contact apple who is tracing our iphone? My iphon4 was stolen 2-3month ago. Police cant help to find my iphone & i didnt apply for mobile that time so if apple have the tracking record of the ios 4. Then my iPhone4 might able to trace back, right?

  • ndru

    @valentino

    yes, I do believe so. It’s a pity you didn’t have a mobile contract at that time as it would have been much easier that way.

    ndru from kabelky

  • http://GamblersParadise.Webstarts.com Robert

    Apple is not storing the location of the phone, it’s storing a list of cell towers you’ve communicated with. It’s not using the cell tower to triangulate YOUR location, it’s using GPS and other towers to triangulate the location of the towers.

  • Oliver

    Apple may not have access to kind of data right now but, pressumably this file will be transfered to Apple when iOS5 ‘frees iDevices from the need for computers’ and all data is synced directly onto Apple’s Cloud based storage. If I thought Apple were that devious, I’d say introducing the file in iOS4 was in preparation to upload it with the introduction of syncing to their iCloud thanks to iOS5 next month. Something to ask Apple I think…

  • http://qlinkwireless.com Mark

    As long as the data isn’t being sent somewhere, I don’t have a problem with it. Thanks for the phone tracker app.

  • http://www.cekmagdurlari.com M. Suvain

    Apple is a great company so they can do what they want.They dont have the right to do what they want but they can do something like this and noone can stop them .Apple cooperates with US Goverment so they make project that US Inteligent Agencies can collect information from all over the world for famous or important People !

  • http://www.findipad.net shedboy

    People use these daft social services anyway, so its not an issue.

    Would be handy if Apple ever sold the ability for targeted advertising or even for tracing a lost one or stolen one.

  • http://www.rottentwits.com/ tr0n

    As far as privacy is preserved. I don’t have any problem.

  • Norbert Lacey

    it takes a court order to access it

    No, it doesn’t. It takes a court order to use it in a legal sense.

    Going back to the first days of electronic switching, access to collected (and real-time) information (date/time-stamped phone numbers, calls in-progress, etc.) has been easily accomplished by a variety of technical and governmental personnel. If and when interesting content is noted, obtaining a court order is trivial, and subsequent monitoring becomes admissible.

    Quis custodiet ipsos custodes?

  • http://www.spypenhq.com Ronald I

    This is a late response, however I wanted to comment on the fact that Private Investigators are actively seeking ways to utilize this information, which presents a complete grey market for this information. (Source: Know a number of agency’s).

  • http://www.timlove.co.uk Tim Love

    I am personally in the ‘who cares’ section of society. Here in the UK we are the supposedly the highest surveiled population in the world. It is almost like there is a camera – either government, local council or cctv on every corner. To be perfectly frank, I think the UK public will have got so used to being followed on camera, that the fact that their IPad or IPhone is following them as well, will be of little interest!

  • http://www.aboutmedicalbillingandcoding.org/ Ceete

    It is amazing how things are moving forward I am so happy that I am not using this iPhone anymore.

    My shock came last year when I was going through my pictures and then there was an option “Places” when I checked the places iPhone was tracking where I took the pictures.

    What on earth happened to my privacy?

    I did turn the location off and still had issues. I am happy with my landline and that old sucky cellphone.

    Thanks but no to smartphone.

  • http://www.squidoo.com/best-films-of-2011 mike @ best films of 2011

    bit creepy to be honest. Ive always had a iphone since launch and to think they could track me is a bit weird :S

  • http://www.bootland.nl Michael

    So what’s new? Just take a walk through a metropole and see how many camera’s record your moves.

  • http://www.freeogvernmentcellphones4u.com Rob

    This whole story became a bit of a non-story. Apple responded appropriately and the cell phone data was never used by third parties.

    I just wonder why they ever bothered recording this data. What value is their in knowing where people have been? Targeted advertising?

  • http://beamer-kaufberatung.de Beamer

    Well, I don’t mind. As long as no one sells the data and they remain on the iphone.

    Ok, it is always a bit creepy to now somebody is tracking you. But nothing really to worry about.

    Since Apple changed it, even less than before.

  • Adam

    I can understand the reasoning for caching wifi locations, apple even mentions that they do this in their WWDC 2011 video on CoreLocation, stating that the caching helps CoreLocation quickly determine if there are any available wifi’s in range that it can use before attempting the more power-intensive GPS transmitter.

    As for tracking the actual position of the device itself, I can also see how this would be used in conjunction with the storage of the Wifi locations to quickly filter the list of wifis the device searches through to be only those wifis near the device’s average location, and then if no wifi is found the system moves on to searching through all of the cached wifis instead. That being said, I dont see the need for a year-long cache of this data.

  • Terry Lawton

    Awesome post. Here’s a tool that lets your create location-based applications such as Distance Search, Map Mashups, and Automatic Geocoding without coding http://blog.caspio.com/web_apps/create-location-based-applications-with-caspio/

  • http://www.freegovernmentcellphones.net Marcus

    Remember when Apple and Google used to be the upstarts, the anti-establishment, the ones we could trust? Now, they are 1984 itself. And guess what, the gov is tracking people through its free government cell phones program too.

    We are under surveillance.

  • Mark

    Nice article. But what do I do with the iPhone Tracker ZIP file? Am I supposed to download this while browsing the GIT website from my iPhone4 (and the app gets auto installed to my iPhone desktop)? Or download to my Windows7 desktop? Any help appreciated :)

  • http://www.ambitenergyopportunity.org Ambit Wesley

    “Man, it’s getting SO hard to be a criminal AND have a cool phone.”

    Now THAT was funny! :)

    I appreciate the video.. very thorough…

    Man, these kinds of stories have just continued … Privacy is dead.

  • http://www.mobile-music-search.com J Banks

    Hey what happend about this?

    Are there any updates .. or official news from Apple?

  • http://www.couponfacet.com John

    It is for iOS 4 but what about iOS 5, I think it is already a solved problem. Thanks for sharing.

  • http://www.teethwhiteningsupersore.com Mark

    hey, did you get any update from Apple ?

  • http://www.creativefluff.com CreativeFluff

    It’s insane how much personal information is spread around without the knowledge of their respective owners. Insane and disgusting.

  • http://matthustonex2systemx.blogspot.com/ Matt Huston

    What I think is the continuous data about your location can be used for your good as well as bad. Apple is surely going to make big money through this data.

  • http://eczema-cures.org Eczema Cure

    I’m sure most of us sound paranoid when it comes to devices tracking our movements. It’s not the tracking but who is using the data. Part of me wonders if this is why they provided us iPads and iPhones at work. Easy way to keep track of the workforce? I guess i should remove my tinfoil hat.

  • http://www.printmeashirt.com Innes

    Apple will very much reap the full rewards of possessing this kind of data and it will help them in the way they are able to process data also.

  • Mohamedsps

    a free website games online
    its free free free
    Get Started Now !
    http://moxgames.net/

  • Dkarampinis

    there is a huge dose of reality in this statement, eventhough it sounds a bit peculiar and paranodi for most people. Of course they dont tracj YOU unless there is a reason to do so, espionage cost millions of euros dont forget!