With recent reports popping up all over the web, it’s been confirmed that iPhones (and iPads that are 3G-enabled) are being tracked — at least since the update to iOS 4. While many are up in arms over the hidden nature of this tracking, it very well could be one of the coolest features of the iPhone.
The fact that it is hidden is the problem, really. There are plenty of folks out there who would love to be able to see where they’ve taken their iPhone in their travels — as long as they’re aware of it.
Now users can be made aware of it, thanks to an open-source application developed by Pete Warden and Alisdai Allan. iPhone Tracker is a desktop application that maps the information that your iPhone or 3G-ready iPad is recording about your movements.
Warden was an Apple employee for five years, but didn’t work on anything while with the company that was iPhone-related. He left Apple three years ago on good terms. Allan stumbled upon the tracking through some other work that exposed the hidden “feature.” Both men are disturbed by their findings.
I don’t know if they should be, though.
For example, I’ve taken a look at where my iPhone has been since it started being tracked in July of 2010. It’s interesting to watch the red and orange dots move across the screen as the desktop application maps out everywhere the iPhone has been. In the “all-time” view, it shows a broad cross-section of your iPhone’s whereabouts throughout. It’s a pretty amazing thing to see.
Warden and Allan’s concerns stem from the fact that this information was so easily accessible. They found the movement tracking almost by accident, and they hypothesize that the data is readily available on users’ machine — and a very readable form. The passive tracking has made it possible for others to get access to where you’ve been and when you’ve been there, all down to the approximate address — thanks to the use of cellphone towers that allow the tracking to take place.
Why is Apple tracking the movements of iPhones? Warden speculates that it could be in place for a feature that will come with a future update. But the fact that the tracking is transferrable doesn’t necessarily support that theory entirely, seeing as it is rare that when a user transfers a backup from one to device to another that they hang on to the second device to take advantage of any future upgrading.
With applications and services such as Foursquare and Facebook Places allowing users to check in to various locations, basically leaving a broken trail of bread crumbs in their path, this kind of ability on the iPhone didn’t — and still doesn’t — have to be an issue. The issue is that it was widely unknown that it was going on in the first place.
Now that you’re aware of it, you can take any steps you see fit to deal with it. That’s the real beauty of the duo’s findings. Enough with the fear and furor over this hidden “feature” — we should be thanking Warden and Allan for bringing this to light.
The more one knows about something, the more one can do something about it. Warden and Allan have provided users with something that wasn’t offered before: knowledge. It’s up to each user as to what they do with that knowledge.
Update: Users can opt-out of the tracking by turning off global Location Services on the device. That will, however, impact any third-party app that wants to use location services. Users who want to keep the tracking from occurring will have to keep on top of that as they install new apps. Apple has a portion of the license agreement dedicated to Location Data. It can be viewed here.
Sorry, but this is a violation of privacy. Location tracking is one of those things that should always be opt-in. Based on this article, there isn’t even a way to opt-out. There’s a big difference between opting to have the fact that you went to the grocery store made available to other people, and having every moment of your day recorded and presumably transmitted to Apple.
@Bradley Farless (This was taken from a comment at the cited TUAW post)
Taken from the iPHONE SOFTWARE LICENSE AGREEMENT
(available athttp://images.apple.com/legal/sla/docs/iphone4.pdf):
“(b) Location Data. Apple and its partners and licensees may provide certain services through your iPhone that rely upon location information. To provide and improve these services, where available, Apple and its partners and licensees may transmit, collect, maintain, process and use your location data, including the real-time geographic location of your iPhone, and location search queries. The location data and queries collected by Apple are collected in a form that does not personally identify you and may be used by Apple and its partners and licensees to provide and improve location-based products and services. By using any location-based services on your iPhone, you agree and consent to Apple’s and its partners’ and licensees’ transmission, collection, maintenance, processing and use of your location data and queries to provide and improve such products and services. You may withdraw this consent at any time by going to the Location Services setting on your iPhone and either turning off the global Location Services setting or turning off the individual location settings of each location-aware application on your iPhone. Not using these location features will not impact the non location-based functionality of your iPhone. When using third party applications or services on the iPhone that use or provide location data, you are subject to and should review such third party’s terms and privacy policy on use of location data by such third party applications or services.”
So, the way to opt-out would be to not enable location services — or withdrawing it. Opting out will have an impact on the tracking, but will also impact apps that offer location services as part of the feature set.
The reason i didn’t include opting out is because it hampers some of the iPhone’s features that some of the apps offer. If you want to opt-out, you can…but the aforementioned is definitely worth noting before you do so.
“Both men are disturbed by their findings.
I don’t know if they should be, though.”
Seriously?
You dont care that someone has been collecting your location information without your knowledge? you are ok with being tracked?
Its a “feature” when there is a database somewhere of everywhere you have ever been? A database that you did not ask to be collected and that you did not know they had?
I wanna smoke what you are smoking (its still 4:20, I think).
@David Carcamo You don’t think your mobile operator has a more detailed log?
is that what makes it ok?? someone else has more info so might as well let anyone and everyone take it?
I dont think any of them should have our info.
Would you be ok with Honda knowing exactly were you are and were you have been (GPS)? or How about your Levis Jeans (RFID)? should they know when you put them on and took them off?
Someone is digitally following you around, if we dont allow this from government and the law enforcement why would we allow this from private companies that have no one keep them accountable.
Apparently this is not only acceptable but encouraged by some bloggers.
This whole thing is overblown and more than a little silly for anybody who actually knows the technical details.
The file in question is called “consolidated.db”. It’s well understood and documented, and has been ever since the day iOS4 came out. This is not “new” information by a long shot.
Basically, this file is used internally for the Background Location services. In iOS4, they implemented background location features. Meaning that an app could request to be updated on location in the background, to keep track of driving and such similar stuff.
The way this actually works is that the iPhone constantly stores cell tower based location info (*not* GPS. GPS uses too much power) into a database, and then it notifies background apps that requested it when the location changes. Lots of map apps use it.
Apps can’t access this data directly, they have to use the Location API like everybody else. Meaning that they have that popup asking “share your location?” with the app’s startup.
The data never gets sent over the network. It does get sent to your computer during a sync, but this is actually incidental. A synced backup syncs the whole user partition on the device, which includes this file. And yes, if you don’t encrypt the backup, then the backup is easily read by other software. That’s why iTunes offers an encryption option for backups. You seriously should use it. All your mail, private data, contacts, etc, is in those backup files. That’s what makes them a “backup”.
Now, the only real question is why is this database not expiring and deleting location info that is months old? The most likely answer is that there’s no real reason to do so from a technical standpoint. There’s no privacy issue there, because the data stays on your phone, unless you sync it to a computer.
This is not “hidden”, it’s well documented technically. Yes, the phone is tracking you, but that’s because *you want it to do so*. You have applications that have requested location tracking and you said yes. Heck, Maps is one of them. The fact of the matter is that the phone gets your cell tower based location anyway in normal operation (it’s used to adjust power levels), so storing it and then using that information to provide background location services to your applications that want it is something you actually do want it to do, because at some point, you actually told it to do just that.
If you’re privacy concious but still want functionality, then a) install the “Find my Phone” app, which will let you do a Remote Wipe of the thing if you lose the phone, and b) set iTunes to encrypt your backups. It actually asked you to do that when you first sync’d the phone, but you probably skipped it. Now you know better.
@David Carcamo Personally, I am not bothered. I know that my device has GPS built into it. I have looked at Apple’s service agreement which states it will log your location data and possibly share it.
When I heard about the tool, I was excited to try it. Perhaps I am used to the fact that I will be tracked wherever I am.
Doesn’t mean I don’t understand your point, it’s just something I have no issues with.