Yes, but if they are collecting the information, obviously they have intentions for it. They may be implementing their intent in steps. This honestly really ticks me off. Apple needs to be slammed with a law suit and lose big if they are doing this secretly. Think about it. Collecting this information to a file and not being forth coming about doing it or why? Do you really think they are collecting it just for you to have such a file? If there were such a silly reason, why not tell you about it? It is pretty black and white, if it is being collect into the file, that file is being collected by someone or they have the intention of doing so in the future. Is there any information if it is being done when location services is not turned on? Does it override that location services setting of being off to collect it anyway? My guess is that it does, but I would not know for sure. Of course companies want you to believe what they are doing is harmless. A dishonest hand never plans to be obvious. It's called deception.
On 4/22/11, Aman Singer <aman.sin...@gmail.com> wrote: > Hi, Karen and all. > This has been extensively discussed on the iPhone lists. Here is a > message I sent to those lists with some methods to disable the saving > of the information. You may want to note a few things. First, there > is, as yet, no evidence that this file ever leavves the phone or > computer where it's stored. That doesn't mean it isn't being sent out, > but it does mean that people have looked and haven't found it being > sent out yet. Secondly, the file is stored on both the phone and any > computer which the phone has been backed up to. Therefore, encrypting > backups on the computer might be worthwhile to avoid anyone with > access to the computer being able to obtain the location information. > As it stands, and without evidence that the file is actually leaving > the phone/PC, this is a moderate security issue, in my view, rather > than a large one, or a large privacy breach. > HTH. > Aman > > > Hi, all. > First, as to a quick and dirty solution to this particular problem, > there are two. Both require the phone to be jailbroken. The first may > be found at > http://technicalmusings.blogspot.com/2011/04/ios-consolidateddb-workaround-for.html > and is as follows > Looks like Apple is tracking iOS devices an recording that info in clear > text: > http://radar.oreilly.com/2011/04/apple-location-tracking.html > > Here's a way to ensure this data is not recorded: > > You must have a hacked iOS device, and either Mobile Terminal or an > SSH login. You must also know the root password. You first > remove/move this file, > and recreate it as a symbolic link to /dev/null like: > > su > cd /System/Library/Frameworks/CoreLocation.framework/Support > rm consolidated.db > ln -s /dev/null consolidated.db > > Anything written to this 'file' is sent to /dev/null, so it is not > saved on the file system. I've done this on a hacked device, and > Location Services > continue to work. > > There is also a program which removes the file at intervals > http://www.ijailbreak.com/cydia/untrackerd-tweak-stop-your-iphoneipad-from-tracking-your-location/ > Thanks to Rose Morales, @chicksdigmacs on Twitter, for the alert. I am > not sure about the accessibility of the program, if Rose or anyone > else would care to comment, I would be grateful. I cannot find any > source code for this program, so it's obvious that one should use at > one's own risk. The first method above does not, to my knowledge, > produce any insecurities, the commands given are normal. I am not > familiar enough with links/symlinks on iOS, however, to be sure that this > first method works properly without side-effects. This issue hasn't > been out there long enough to judge. At the very least, I suspect that > restoring an older backup would stop this method from working. Note > that I am not sure what anyone without a jailbroken iPhone can do > about this issue, I have seen no solution for non jailbroken phones. > Note, also, that this file can be accessed from iPhone backups on the > computer, so those should be encrypted or deleted. It can be accessed > with any of the usual tools for Jailbroken iPhones, and with most of > the forensic tools like > http://accessdata.com/products/forensic-investigation/mobile-phone-examiner > To spread out a bit, and deal with the problem more generally, people > ought to keep in mind, if I may suggest it, that mobile phones are > innately traceable. That isn't because anyone has made them that way, > it's because the phone company needs to know where to route the > information and where it's coming from. This is not something that > anyone can really work around, one can encrypt the information as it > passes, but cannot obfuscate the fact, to my knowledge at least, that > information is passing from and to a specific location. Usually, the > only people aware of the location information, however, are the phone > company and the companies/agencies to which they sell/give the > information. The problem in this case is that this file is stored, > unencrypted, on the phone and computer. By accessing the file, anyone > can get a history of the location of the phone, which might be useful > for many sorts of people, jealous spouses and stalkers who have some > sort of non-private access to the victim come to mind as just two > categories. I think this is more a security, rather than a privacy, > problem just at the moment, nobody has yet detected the sending out of > this file to anyone else, but that isn't conclusive simply because I > have yet to see a decent network sniffer for iOS. If anyone knows of > one, I'd love to hear of it. Anyhow, as it stands, when it comes to > privacy, this is just another reminder, in case one is needed, that > mobile phones are innately public, at least in their location data and > sometimes in everything else, too. If you dislike being tracked at > all, don't carry anything with a chip that can talk to the outside > world, or disable that chip by cutting its power. > Aman > > On 4/22/11, Karen Lewellen <klewel...@shellworld.net> wrote: >> We talked about the pop up ad possibility a while back, now it seems apple >> is gathering data on your whereabouts? >> here is the story. >> TVBizwire >> >> >> Researchers Say Apple Is Tracking Locations of Mobile Device >> Users betanews >> >> A team of researchers says Apple is secretly obtaining the >> locations of iOS4 users and recording them in a hidden file, >> according to a betanews.com report. >> >> Two of the researchers, Alasdair Allan and Peter Warden of >> O'Reilly Media, presented their findings today at the Where 2.0 >> conference in Santa Clara, Calif. >> >> According to the story, the revelation raises "obvious privacy >> concerns and questions as to why Apple would be storing such >> information. The researchers believe it is intentional, as the >> file is restored after backups and even when the user switches to >> a new device." >> >> The group says the functionality is apparently new to iOS4, the >> mobile operating system that runs the latest iPad, iPhone and >> iPod touch. The researchers have reportedly tried to contact >> Apple's security team but had yet to hear back from the company. >> The story reports: "Allan says that the existence of the file on >> on your computer is a security risk, as it is both unprotected >> and un encrypted. `It can also be easily accessed on the device >> itself if it falls into the wrong hands,' he wrote in a blog >> post. `Anybody with access to this file knows where you've been >> over the last year, since iOS4 was released.'" >> >> >> >> http://www.tvweek.com/blogs/tvbizwire/2011/04/researchers-say-apple-is-track.php >> >> http://api.recaptcha.net/noscript?k=6Lcb_78SAAAAAHmtN74lHVK-IOutZhLRidl4tCzl >> >> -- >> You received this message because you are subscribed to the Google Groups >> "MacVisionaries" group. >> To post to this group, send email to macvisionaries@googlegroups.com. >> To unsubscribe from this group, send email to >> macvisionaries+unsubscr...@googlegroups.com. >> For more options, visit this group at >> http://groups.google.com/group/macvisionaries?hl=en. >> >> > > -- > You received this message because you are subscribed to the Google Groups > "MacVisionaries" group. > To post to this group, send email to macvisionaries@googlegroups.com. > To unsubscribe from this group, send email to > macvisionaries+unsubscr...@googlegroups.com. > For more options, visit this group at > http://groups.google.com/group/macvisionaries?hl=en. > > -- You received this message because you are subscribed to the Google Groups "MacVisionaries" group. To post to this group, send email to macvisionaries@googlegroups.com. To unsubscribe from this group, send email to macvisionaries+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/macvisionaries?hl=en.
