Description: Just woke up today morning to find the internet abuzz with news about how the iPhone is keeping track of our move by storing the GPS based Longitude / Latitude permanently. For a minute I was shocked, not because Apple was doing this, but rather because this was old news! All of sudden the media created this hype about how "Apple was tracking you"!! :) All the time! :)
Anyways, this video is my take on the matter and a quick demo of the Consolidated.db and the WifiLocation and CellLocation tables, and their "worrisome" contents! :)
Couple of links regarding the story:
http://radar.oreilly.com/2011/04/apple-location-tracking.html
http://www.forensicfocus.com/index.php?name=Forums&file=viewtopic&t=6758
http://blog.csvance.com/?p=136
Tags: iphone , ipad , consolidated.db , hacking , security , location tracking , apple ,
Nice overview - great to see someone actually take a look from a reasonably impartial standpoint instead of just spamming the retweet button because everyone else is. I understand the privacy concerns to be honest; there doesn't seem to be much preventing someone from accessing the logs (no encryption), so whats to stop someone from accessing them using malware and dumping your current location? More of these kinds of video's please!
You say that location data doesn't go anywhere. F-Secure says it does: http://www.f-secure.com/weblog/archives/00002145.html
The other worrying thing is that it seems that backups of that db is stored with world-readable access attributes by default on your Mac.
@numeric Thanks! well the privacy concern is definitely important.
@buherator_ I stand corrected then. I did not research on whether the transmission of the data happens or not. I was merely quoting various reports I read from multiple sources on the web.
More info here: http://www.betabeat.com/2011/04/21/everyone-can-shut-up-about-apple-tracking-you-on-the-iphone-now/ would seem to contradict a lot of other information floating around at the moment.
@numeric I think there are 2 different issues here:
1. Why does the file exist? seems to be for API access for location aware applications
2. Why does it store the location data permanently on the phone? This is more difficult to answer. Even if applications were using this from time, it would be a good idea to wipe old data out periodically.
This problem is akin to the history in our web browsers. Would you really be comfortable having your entire web history (since you installed the browser) to be just sitting on the hard drive, without you knowing it?
yeah, I agree. I was pretty surprised at the sheer amount of data collected by the phone in your video - seems very hard to justify preserving such a large data set on every phone, especially without providing a way to remove it easily.
It's humorous that some people will claim to be concerned about privacy and then go on to post every little detail about their life on myface and elsewhere. Privacy is dead. Sad but true.
I would say that most probably every phone OS write a lots of data to the internal/external memory. You're searching for *.db files but it can also be a file without any extension or even in an encrypted format file that is only known by the OS provider. That is a common approach with lots of applications - cache everything to use it later for better performance and user best experience. Bad things starts to happen when all the data goes out of the phone. Especially very bad when it goes over an unencrypted channel.