April 24, 2014

avatar

Tracking Your Every Move: iPhone Retains Extensive Location History

Today, Pete Warden and Alasdair Allan revealed that Apple’s iPhone maintains an apparently indefinite log of its location history. To show the data available, they produced and demoed an application called iPhone Tracker for plotting these locations on a map. The application allows you to replay your movements, displaying your precise location at any point in time when you had your phone. Their open-source application works with the GSM (AT&T) version of the iPhone, but I added changes to their code that allow it to work with the CDMA (Verizon) version of the phone as well.

When you sync your iPhone with your computer, iTunes automatically creates a complete backup of the phone to your machine. This backup contains any new content, contacts, and applications that were modified or downloaded since your last sync. Beginning with iOS 4, this backup also included is a SQLite database containing tables named ‘CellLocation’, ‘CdmaCellLocaton’ and ‘WifiLocation’. These correspond to the GSM, CDMA and WiFi variants of location information. Each of these tables contains latitude and longitude data along with timestamps. These tables also contain additional fields that appear largely unused on the CDMA iPhone that I used for testing — including altitude, speed, confidence, “HorizontalAccuracy,” and “VerticalAccuracy.”

Interestingly, the WifiLocation table contains the MAC address of each WiFi network node you have connected to, along with an estimated latitude/longitude. The WifiLocation table in our two-month old CDMA iPhone contains over 53,000 distinct MAC addresses, suggesting that this data is stored not just for networks your device connects to but for every network your phone was aware of (i.e. the network at the Starbucks you walked by — but didn’t connect to).

Location information persists across devices, including upgrades from the iPhone 3GS to iPhone 4, which appears to be a function of the migration process. It is important to note that you must have physical access to the synced machine (i.e. your laptop) in order to access the synced location logs. Malicious code running on the iPhone presumably could also access this data.

Not only was it unclear that the iPhone is storing this data, but the rationale behind storing it remains a mystery. To the best of my knowledge, Apple has not disclosed that this type or quantity of information is being stored. Although Apple does not appear to be currently using this information, we’re curious about the rationale for storing it. In theory, Apple could combine WiFi MAC addresses and GPS locations, creating a highly accurate geolocation service.

The exact implications for mobile security (along with forensics and law enforcement) will be important to watch. What is most surprising is that this granularity of information is being stored at such a large scale on such a mainstream device.

Comments

  1. Swiit Apps says:

    Location privacy is highly overrated. If anyone is doing wrong someplace, they pretty much leave their DNA around for the law and courts to go after.

    Most likely, governments may be insisting on products to incorporate location tracking.

    • Ian Davey says:

      But any random adversary (not law enforcement) only needs the right technical skills to get this data off your phone. Matching DNA requires more special equipment, which he/she is less likely to have or spend the money to use.

  2. Delafield says:

    In 2010, Apple pulled “WiFi Stumbler” apps from the App Store. I believe that some of the apps that they pulled did the same thing Apple is doing – recording location and WiFi MAC addresses, which you could upload to a database . Apple realized the value of the information, once they entered the advertising business, and decided they didn’t want others to build such databases.

    http://modmyi.com/forums/mac-news/702713-apple-pulls-all-wifi-stumblers-app-store.html

    http://wlanbook.com/iphone-wifi-scanner-apps-banned-by-apple/

    Google also recently got into trouble for building the same location/MAC address database when they accidentally captured packet data.

    Regards.

  3. Logical Extremes says:

    Yes, Apple is amassing a huge geolocation database with precise locations of Wi-Fi MAC addresses. They disclosed to the US House of Representatives in 2010 that this information is collected, stored, and then transmitted from iOS back to Apple:

    http://1.usa.gov/gEzGPj

    BTW, there is no Opt Out from having someone else geolocationally compromise *your* Wi-Fi access point MAC address. All they have to do is connect to it using an iPhone (or other device that does this) with Location turned On. That causes iOS to transmit the correlated MAC address with the precise GPS coordinates.

    If, for example, you use your laptop as an access point for other devices or for friends, Apple and other geolocation service providers have a nice history of your travels.

    • Anonymous says:

      “there is no Opt Out from having someone else geolocationally compromise *your* Wi-Fi access point”

      Sure there is, gratuitously change the MAC address and ESSID on a regular basis.

      Also, switch off the beacon.

      • gnaddrig says:

        But this is a workaround, not an opt out option. Apple doesn’t want users to opt out. I don’t know how much effort it takes to change the MAC address and ESSID, but I guess this is too much hassle for most regular users, and who knows whether it is possible to track those regular changes as well…

  4. +++ath0 says:

    “Apple could combine WiFi MAC addresses and GPS locations, creating a highly accurate geolocation service.”

    This service already exists from companies other than Apple, Google was exactly capturing this with their Street View fleet, and there’s also the pioneer of it all, Skyhook.

    I know you say you have 53,000 MAC addresses but could you check how many unique time points you have?

    I have over 60K MAC addresses stored in that table, but only 669 unique timestamps. (the second field). Which is a bit odd.

    • +++ath0 says:

      My records go back 8 months by the way.

    • John Millington says:

      Why make a deal with Google when you can do it yourself cheaper? Why hire people to drive around in vans like those chump suckers at Google, when you can have people pay you to carry around your data-collector?

      It’s brilliant. Or rather, it would have been, if they hadn’t got caught. Or rather, it will be, assuming Apple doesn’t lose any customers/revenue over this.

  5. Anonymous says:

    A forensics whitepaper was published in September 2010 which documented the existence of this data – iPhone 3GS Forensics: Logical analysis using Apple iTunes Backup Utility. Mona Bader, Ibrahim Baggili, http://www.ssddfj.org/papers/SSDDFJ_V4_1_Bader_Bagilli.pdf

  6. Robert says:

    Apple has put out a press release addressing this issue:
    http://www.apple.com/pr/library/2011/04/27location_qa.html

  7. Anonymous says:

    Did anybody else read that article, I forget where, several months ago that enumerated the fact that basically all of the various kinds of internet service providers – one example of course are the free email providers – (another being combination hardware/software/service providers.. probably too, I’d guess..)

    …were making a lot of money, more than almost anybody outside of that world realizes, off of law enforcement’s information requests of various kinds. Of course, many flat out refused to divulge it.

    But others did, the article cited enough specific details about how much some providers charged to get a picture of a profitable sideline for them if even a small percentage of their users were subjects of enough interest to have some law enforcement agency buying this data.

    So, this significant, potentially large, hidden revenue stream exists.

    Would anybody be surprised if it was growing in importance as companies learned what they needed to do to maximize it?

    No, I don’t think so -

    Is it unreasonable to wonder how much its relative importance is? No.

    Say XYZ company makes both all its hardware and controls its software..and networking..
    XYZ is then in a position to provide more data. The more data they could provide, the more they could charge for it.

    After all, at that point the government is a captive customer.. even though they are also a government agency.. if they want so-and-so’s data, they have to buy it from his or her’s provider.. they can’t shop around..

    If I was a hardware manufacturer who also had control over the software, Id be tempted to try to figure out ways to maximize that aspect of my business just as I would anything else.

    Social networks, too.. Early on in the process..

    Businesses always try to exploit markets wherever they find them.