Archive for April 21, 2011

Thursday, April 21, 2011

consolidated.db

John Gruber:

The key question for Apple: Given that this file was widely known among iOS forensics experts back in September, why does it still contain historical (as opposed to just recent) location history today?

Andy Ihnatko:

It’s also, frankly, another reason why I value my iPhone’s “remote nuke” feature and wish it were possible to nuke all data directly from the handset. I can’t think of any circumstance under which my location data would possibly be damaging, incriminating, or even just embarrassing. That’s not the point: if I can’t control the data that my phone is collecting, I should at least have the power to destroy it utterly.

Update (2011-04-22): Guy English:

That said and done, no one has yet asked the really interesting question — if this had happened once Apple was shipping an iOS device that backed up automatically to an Apple server how much more of a shit storm would this have been? A very shittier shit storm is the answer. I’ll bet there’s more than a few managers who’re thinking very carefully about how to make damn sure they don’t have to spend an Easter weekend working to prove to Stuart Smalley that they’re good enough, and smart enough, doggone it.

Update (2011-04-23): F-Secure (via Alex Levinson):

And the real question is: How did Apple create their own location database? They did not have cars driving around the world. They didn’t need to. They had existing iPhone owners around the world do the work for them.

If you run a modern iPhone, it will send your location history to Apple twice a day. This is the default operation of the device.

Update (2011-04-27): Apple:

The iPhone is not logging your location. Rather, it’s maintaining a database of Wi-Fi hotspots and cell towers around your current location, some of which may be located more than one hundred miles away from your iPhone, to help your iPhone rapidly and accurately calculate its location when requested. Calculating a phone’s location using just GPS satellite data can take up to several minutes. iPhone can reduce this time to just a few seconds by using Wi-Fi hotspot and cell tower data to quickly find GPS satellites, and even triangulate its location using just Wi-Fi hotspot and cell tower data when GPS is not available (such as indoors or in basements). These calculations are performed live on the iPhone using a crowd-sourced database of Wi-Fi hotspot and cell tower data that is generated by tens of millions of iPhones sending the geo-tagged locations of nearby Wi-Fi hotspots and cell towers in an anonymous and encrypted form to Apple.

Your location data is being transmitted to Apple, although if you trust that there aren’t bugs in the anonymization and encryption this shouldn’t be of concern. Apple is trying to downplay the accuracy of the data, but it’s certainly accurate enough to track you for some purposes. They will be fixing the OS to cache less data, not back it up, and (in iOS 5) encrypt it on the device.