The media is freaking out over the news that Apple’s iPhones and iPads are secretly tracking their users movements, marking locations with time-stamps and recording it all into a hidden data file. The tracking, which utilizes data gleaned from cellphone towers and WiFi networks that a user encounters in his/her travels, apparently began when Apple updated its mobile operating system a year ago. While the media firestorm was sparked by a recent presentation given by two British programmers at the O’Reilly Where 2.0 conference in California, the ‘revelation’ is not actually new, with several bloggers having made note of the tracking aspect when it was first introduced via iOS 3.2, and Apple itself sent the US Congress a letter detailing its data-collection techniques in July 2010.
The question remains, simply, why? Apple claims that the data collection better enables them to offer location-based services to iPhone/iPad users. Apple also rebuts privacy concerns by noting that the data transmitted back to the Apple ‘mothership’ is randomly anonymized every 12 hours, making identification of any specific user impossible. However, the individual’s device also records this data to a hidden software file (“consolidated.db”) that is not only stored on the device in perpetuity, but is also copied to a user’s home computer when the devices are synced up. This file is not anonymized, nor is it by default encrypted. As such, it is vulnerable to hackers, or simply anyone who has access to your personal computer. Apple users must now confront the fact that if their mobile device is lost or stolen, whoever steals/finds it can work out such details as where the person lives, works, hangs out, etc. We suspect the phrase ‘consolidated.db’ will be appearing in a lot of divorce filings in coming years.
In the meantime, criminal courts seem to have already found the data useful. Alex Levinson, a researcher in New York who makes tools for interrogating mobile devices, noted the following on a recent blog post: “Through my work with various law enforcement agencies, we’ve used [tracking data] on devices older than iOS 4 to harvest geolocational evidence from iOS devices.” CalvinAyre.com recently learned that one of the Black Friday defendants who maintains a residence in Costa Rica was arrested within a day of having arrived back in the US. Did his iPhone lead the feds to his door, leaving him iFucked? And what other info may they have since gleaned from the movements recorded in his consolidated.db file? iConfess…
