NEWS FROM THE LAB - Thursday, April 21, 2011

Actually, iPhone Sends Your Location to Apple Twice a Day Posted by Mikko @ 07:30 GMT

Forensic researcher Alex Levinson has discovered a way to map out where an iPhone has been. The information comes from a location cache file found on an iPhone (Library/Caches/locationd/consolidated.db).

In practice, this file contains your travel history.

Apple iPhone location

It should be noted that this file can't be accessed by third-party apps on an iPhone, as you need root rights to reach it. However, the file is copied to your PC or Mac during standard iPhone sync operations and is accessible from there.

Yesterday, security researchers Pete Warden and Alasdair Allan released an application that can take such a file and show your movements on a map.

UFED Physical Pro iPhone forensic examinationNow, this sounds bad from a privacy viewpoint. For example, authorities could gain a court order to do a forensic examination on your phone to figure out where you've been.

But why is Apple collecting this information to begin with? We don't know for sure. But we're guessing it's likely related to Apple's global location database.

Like Google, Apple maintains a global database of the locations of Wi-Fi networks. They use this to get an estimate of your location without using GPS. For example, if your handset sees three hotspots which have MAC addresses that Apple knows are within a certain city block in London, it's a fair bet you're in that city block.

We know how Google collected their location database: they recorded them world-wide while they had their Google Maps Street View cars driving around the globe.

Where did Apple get their location database? They used to license it from a company called Skyhook. How did Skyhook obtain this information? Well, they had their own cars drive around the world, just like Google.

However, the Skyhook database is expensive. So beginning with iPhone OS 3.2 released in April 2010, Apple started replacing the Skyhook location database with their own location database.

And the real question is: How did Apple create their own location database? They did not have cars driving around the world. They didn't need to. They had existing iPhone owners around the world do the work for them.

If you run a modern iPhone, it will send your location history to Apple twice a day. This is the default operation of the device.

Apple iPhone location

How can they do this? By asking for your permission first. There is an opt-in process during initial iTunes installation, but the prompt is highly misleading:

iTunes location

The iTunes prompt talks about helping Apple with Diagnostics information. It says nothing about recording your locations. If you take the time to read Apple's Privacy Policy, it does explain what they are doing:

     To provide location-based services on Apple products, Apple and our partners
     and licensees may collect, use, and share precise location data, including the
     real-time geographic location of your Apple computer or device.
     This location data is collected anonymously in a form that does not personally
     identify you and is used by Apple and our partners and licensees to provide and
     improve location-based products and services.

We believe the new secret location database found on the devices is connected to this functionality. Apparently iPhones always collect your location information, even if it's not getting sent to Apple.