Hello, Karen and James.
The program you link to, Karen, is a viewer of the data collected by
iOS 4.x. The source code for this program is available. The program I
linked to, and which I suggested that people might wish to be weary
of, is one to destroy the data as it is collected. Its source is not
available. The two programs perform different functions, one being a
viewer and the other a data deleter. If anyone knows of an open source
application which deletes this file in the background, I'd love to
hear of it.
As to the rest of your messages, I find myself in some difficulty. I
think privacy one of the most valuable things available to anyone. I
am particularly saddened by the fact that, in this culture, nobody
seems to care about it. I'm usually just told I'm paranoid and,
believe me, it's great to see people who are upset about this sort of
thing, and don't trot out the usual stupidities, saying that, if you
have nothing to hide, you have nothing to worry about, or that there's
nothing anyone can do, so why worry, or that it's all harmless anyhow.
The facts are that everyone suffers when privacy is eroded, there's a
great deal to do, and information collection is usually either
actually or potentially dangerous.
Having said that, I would still have to say that your conclusions go
a great deal too far for the evidence available. Karen says
As for evidence the file leaves the phone, consider this. Since apple
does not tell you they are creating this file in the first place, why
would they
make the evidence easy to find?
James says
This honestly really ticks me off. Apple needs to be slammed with a
law suit and lose big if they are doing this secretly. Think about it.
Collecting this information to a file and not being forth coming about
doing it or why?
First, I do not see the secrecy here, I'm afraid. It is no secret
that Apple is gathering location-based information. It should be
rather obvious to anyone who has used any location-based service on
the phone and, in any case, it is spelled out in the license agreement
for the iPhone software, among other places, which says
(b) Location Data . Apple and its partners and licensees may provide
certain services through your iPhone that rely upon location
information. To provide and improve these services, where available,
Apple and its partners and licensees may transmit, collect, maintain,
process and use your location data, including the real-time geographic
location of your iPhone, and location search queries. The location
data and queries collected by Apple are collected in a form that does
not personally identify you and may be used by Apple and its partners
and licensees to provide and improve location-based products and
services. By using any location-based services on your iPhone, you
agree and consent to Apple's and its partners' and licensees'
transmission, collection, maintenance, processing and use of your
location data and queries to provide and improve such products and
services. You may withdraw this consent at any time by going to the
Location Services setting on your iPhone and either turning off the
global Location Services setting or turning off the individual
location settings of each location-aware application on your iPhone.
Not using these location features will not impact the non
location-based functionality of your iPhone. When using third party
applications or services on the iPhone that use or provide location
data, you are subject to and should review such third party's terms
and privacy policy on use of location data by such third party
applications or services.
My reading is that this section allows the collection of
location-based information even in the case that no location based
service is being used at any given time so long as the global location
services setting is set to on in the settings app. That is, if you
have that setting enabled in the settings app, Apple can collect
information about your iPhone's location even if you're not using a
service which requires location awareness at the time the location
information is collected. I would also note that Apple specifically
separates the idea of location data and location queries, and it wants
both types of information. Again, it should not be a surprise that
Apple is collecting this information, they said they would in their
license. As I read this language, it means that, if Apple wanted the
information, they could get every single cellular tower you connect
to, and get it as soon as you connect to it. For all I know, this is
precisely what they're doing. The fact that they can do this is
deplorable, but for that, we may blame the folly of people who don't
value their privacy. I would acquit Apple of the charge of secrecy. I
would, however, convict them of stupidity and needlessly putting at
risk the data of their users. This file is a moderate security risk
because anyone with a USB cable and a modicum of brains can access it
in less than ten minutes, usually much less, and the file's
information, while a bit inaccurate, can still be very useful.
As it stands, though, there are a good many questions about this
file. First, is the historical information uploaded, or can it be? So
far, that hasn't been shown, but I'm sure this is being looked at with
traffic analysis and other software. Apple, like everyone else, can
hide what is being communicated but cannot hide the fact that
communication is going on. Secondly, is this information collected
with location services disabled in settings? That, also, is being
looked at, I'm sure. Finally, why is historical data being kept for
such a long time, why is it backed up, and why is it unencrypted and
easily accessible? Android does the same, but it only records the most
recent towers to which it has connected. These questions need answers,
but the quickest way to answer most of them is to kill the file, which
resolves the problem until the evidence comes in.
Finally, as to legal action, I would be very interested to read the
pleadings. It looks like sections 4 A and B of the license offer a
very good defense if they are held to apply, but I don't know enough
about this sort of action to know for sure, and am not sure how happy
the courts will be to enforce the agreement. I am, however, very
pleased to see how things are going, maybe this will get a few more
people interested in their privacy, and maybe a few more people will
read the license agreements before clicking "I agree".
Aman
On 4/22/11, Karen Lewellen <klewel...@shellworld.net> wrote:
> Hi Aman,
> Here is either another program, or one that might include the code.
>
> http://petewarden.github.com/iPhoneTracker/
> My apologies if it is the same, I think not due to the pages looking
> different when I visited.
> As for evidence the file leaves the phone, consider this. Since apple
> does not tell you they are creating this file in the first place, why would
> they make the evidence easy to find?
> Not being paranoid, just wondering.
>
> Karen On Fri, 22 Apr 2011, Aman Singer
> wrote:
>
>> Hi, Karen and all.
>> This has been extensively discussed on the iPhone lists. Here is a
>> message I sent to those lists with some methods to disable the saving
>> of the information. You may want to note a few things. First, there
>> is, as yet, no evidence that this file ever leavves the phone or
>> computer where it's stored. That doesn't mean it isn't being sent out,
>> but it does mean that people have looked and haven't found it being
>> sent out yet. Secondly, the file is stored on both the phone and any
>> computer which the phone has been backed up to. Therefore, encrypting
>> backups on the computer might be worthwhile to avoid anyone with
>> access to the computer being able to obtain the location information.
>> As it stands, and without evidence that the file is actually leaving
>> the phone/PC, this is a moderate security issue, in my view, rather
>> than a large one, or a large privacy breach.
>> HTH.
>> Aman
>>
>>
>> Hi, all.
>> First, as to a quick and dirty solution to this particular problem,
>> there are two. Both require the phone to be jailbroken. The first may
>> be found at
>> http://technicalmusings.blogspot.com/2011/04/ios-consolidateddb-workaround-for.html
>> and is as follows
>> Looks like Apple is tracking iOS devices an recording that info in clear
>> text:
>> http://radar.oreilly.com/2011/04/apple-location-tracking.html
>>
>> Here's a way to ensure this data is not recorded:
>>
>> You must have a hacked iOS device, and either Mobile Terminal or an
>> SSH login. You must also know the root password. You first
>> remove/move this file,
>> and recreate it as a symbolic link to /dev/null like:
>>
>> su
>> cd /System/Library/Frameworks/CoreLocation.framework/Support
>> rm consolidated.db
>> ln -s /dev/null consolidated.db
>>
>> Anything written to this 'file' is sent to /dev/null, so it is not
>> saved on the file system. I've done this on a hacked device, and
>> Location Services
>> continue to work.
>>
>> There is also a program which removes the file at intervals
>> http://www.ijailbreak.com/cydia/untrackerd-tweak-stop-your-iphoneipad-from-tracking-your-location/
>> Thanks to Rose Morales, @chicksdigmacs on Twitter, for the alert. I am
>> not sure about the accessibility of the program, if Rose or anyone
>> else would care to comment, I would be grateful. I cannot find any
>> source code for this program, so it's obvious that one should use at
>> one's own risk. The first method above does not, to my knowledge,
>> produce any insecurities, the commands given are normal. I am not
>> familiar enough with links/symlinks on iOS, however, to be sure that this
>> first method works properly without side-effects. This issue hasn't
>> been out there long enough to judge. At the very least, I suspect that
>> restoring an older backup would stop this method from working. Note
>> that I am not sure what anyone without a jailbroken iPhone can do
>> about this issue, I have seen no solution for non jailbroken phones.
>> Note, also, that this file can be accessed from iPhone backups on the
>> computer, so those should be encrypted or deleted. It can be accessed
>> with any of the usual tools for Jailbroken iPhones, and with most of
>> the forensic tools like
>> http://accessdata.com/products/forensic-investigation/mobile-phone-examiner
>> To spread out a bit, and deal with the problem more generally,
>> people
>> ought to keep in mind, if I may suggest it, that mobile phones are
>> innately traceable. That isn't because anyone has made them that way,
>> it's because the phone company needs to know where to route the
>> information and where it's coming from. This is not something that
>> anyone can really work around, one can encrypt the information as it
>> passes, but cannot obfuscate the fact, to my knowledge at least, that
>> information is passing from and to a specific location. Usually, the
>> only people aware of the location information, however, are the phone
>> company and the companies/agencies to which they sell/give the
>> information. The problem in this case is that this file is stored,
>> unencrypted, on the phone and computer. By accessing the file, anyone
>> can get a history of the location of the phone, which might be useful
>> for many sorts of people, jealous spouses and stalkers who have some
>> sort of non-private access to the victim come to mind as just two
>> categories. I think this is more a security, rather than a privacy,
>> problem just at the moment, nobody has yet detected the sending out of
>> this file to anyone else, but that isn't conclusive simply because I
>> have yet to see a decent network sniffer for iOS. If anyone knows of
>> one, I'd love to hear of it. Anyhow, as it stands, when it comes to
>> privacy, this is just another reminder, in case one is needed, that
>> mobile phones are innately public, at least in their location data and
>> sometimes in everything else, too. If you dislike being tracked at
>> all, don't carry anything with a chip that can talk to the outside
>> world, or disable that chip by cutting its power.
>> Aman
>>
>> On 4/22/11, Karen Lewellen <klewel...@shellworld.net> wrote:
>>> We talked about the pop up ad possibility a while back, now it seems
>>> apple
>>> is gathering data on your whereabouts?
>>> here is the story.
>>> TVBizwire
>>>
>>>
>>> Researchers Say Apple Is Tracking Locations of Mobile Device
>>> Users betanews
>>>
>>> A team of researchers says Apple is secretly obtaining the
>>> locations of iOS4 users and recording them in a hidden file,
>>> according to a betanews.com report.
>>>
>>> Two of the researchers, Alasdair Allan and Peter Warden of
>>> O'Reilly Media, presented their findings today at the Where 2.0
>>> conference in Santa Clara, Calif.
>>>
>>> According to the story, the revelation raises "obvious privacy
>>> concerns and questions as to why Apple would be storing such
>>> information. The researchers believe it is intentional, as the
>>> file is restored after backups and even when the user switches to
>>> a new device."
>>>
>>> The group says the functionality is apparently new to iOS4, the
>>> mobile operating system that runs the latest iPad, iPhone and
>>> iPod touch. The researchers have reportedly tried to contact
>>> Apple's security team but had yet to hear back from the company.
>>> The story reports: "Allan says that the existence of the file on
>>> on your computer is a security risk, as it is both unprotected
>>> and un encrypted. `It can also be easily accessed on the device
>>> itself if it falls into the wrong hands,' he wrote in a blog
>>> post. `Anybody with access to this file knows where you've been
>>> over the last year, since iOS4 was released.'"
>>>
>>>
>>>
>>> http://www.tvweek.com/blogs/tvbizwire/2011/04/researchers-say-apple-is-track.php
>>>
>>> http://api.recaptcha.net/noscript?k=6Lcb_78SAAAAAHmtN74lHVK-IOutZhLRidl4tCzl
>>>
>>> --
>>> You received this message because you are subscribed to the Google Groups
>>> "MacVisionaries" group.
>>> To post to this group, send email to macvisionaries@googlegroups.com.
>>> To unsubscribe from this group, send email to
>>> macvisionaries+unsubscr...@googlegroups.com.
>>> For more options, visit this group at
>>> http://groups.google.com/group/macvisionaries?hl=en.
>>>
>>>
>>
>> --
>> You received this message because you are subscribed to the Google Groups
>> "MacVisionaries" group.
>> To post to this group, send email to macvisionaries@googlegroups.com.
>> To unsubscribe from this group, send email to
>> macvisionaries+unsubscr...@googlegroups.com.
>> For more options, visit this group at
>> http://groups.google.com/group/macvisionaries?hl=en.
>>
>>
>
> --
> You received this message because you are subscribed to the Google Groups
> "MacVisionaries" group.
> To post to this group, send email to macvisionaries@googlegroups.com.
> To unsubscribe from this group, send email to
> macvisionaries+unsubscr...@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/macvisionaries?hl=en.
>
>
--
You received this message because you are subscribed to the Google Groups
"MacVisionaries" group.
To post to this group, send email to macvisionaries@googlegroups.com.
To unsubscribe from this group, send email to
macvisionaries+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/macvisionaries?hl=en.
