# The SBHonline Community Daily > Digerati Discussions! >  >  Apple logs your location

## Petri

http://petewarden.github.com/iPhoneTracker/

Seems to work quite fine.  I ran the software on the Mac that I use for iDevices and it shows e.g. all the places where my iPad went on our xmas trip to UAE.

I'm not a privacy-crazy person but I'm not sure I like this.

----------


## BBT

That is how it knows "Photo Places"

----------


## BBT

What is interesting is that I have had my iPhone since day 2 last June. I have used it all over the US and overseas and it has no locations outside my home town.  It also says iPad not iPhone. The iPad2 locations are more accurate

----------


## Voosh

If ya think that's bad --- 


http://www.thenewspaper.com/news/34/3458.asp 



*"*Michigan: Police Search Cell Phones During Traffic Stops
ACLU seeks information on Michigan program that allows cops to download information from smart phones belonging to stopped motorists.

CelleBriteThe Michigan State Police have a high-tech mobile forensics device that can be used to extract information from cell phones belonging to motorists stopped for minor traffic violations. The American Civil Liberties Union (ACLU) of Michigan last Wednesday demanded that state officials stop stonewalling freedom of information requests for information on the program.

ACLU learned that the police had acquired the cell phone scanning devices and in August 2008 filed an official request for records on the program, including logs of how the devices were used. The state police responded by saying they would provide the information only in return for a payment of $544,680. The ACLU found the charge outrageous.

"Law enforcement officers are known, on occasion, to encourage citizens to cooperate if they have nothing to hide," ACLU staff attorney Mark P. Fancher wrote. "No less should be expected of law enforcement, and the Michigan State Police should be willing to assuage concerns that these powerful extraction devices are being used illegally by honoring our requests for cooperation and disclosure."

A US Department of Justice test of the CelleBrite UFED used by Michigan police found the device could grab all of the photos and video off of an iPhone within one-and-a-half minutes. The device works with 3000 different phone models and can even defeat password protections.

"Complete extraction of existing, hidden, and deleted phone data, including call history, text messages, contacts, images, and geotags," a CelleBrite brochure explains regarding the device's capabilities. "The Physical Analyzer allows visualization of both existing and deleted locations on Google Earth. In addition, location information from GPS devices and image geotags can be mapped on Google Maps."

The ACLU is concerned that these powerful capabilities are being quietly used to bypass Fourth Amendment protections against unreasonable searches.

"With certain exceptions that do not apply here, a search cannot occur without a warrant in which a judicial officer determines that there is probable cause to believe that the search will yield evidence of criminal activity," Fancher wrote. "A device that allows immediate, surreptitious intrusion into private data creates enormous risks that troopers will ignore these requirements to the detriment of the constitutional rights of persons whose cell phones are searched."

The national ACLU is currently suing the Department of Homeland Security for its policy of warrantless electronic searches of laptops and cell phones belonging to people entering the country who are not suspected of committing any crime.*"* 



Also --- 


http://news.cnet.com/8301-17938_105-20055431-1.html

----------


## Petri

> That is how it knows "Photo Places"



There's no camera on the iPad 1..

It didn't show a few travels within the country last summer but the information for the UAE trip was surprisingly accurate, even included the couple of days in the middle the desert.

I haven't had an iPhone since last July so it's showing just the iPad.

----------


## JEK

There is a GPS.

----------


## Voosh

And OnStar, sat radio, "private" GPS/sat locators and... 



Just because you're called paranoid, doesn't mean that they're not watching.   :Wink:   :crazy: 


And... Modern cars have over 30 "computers" in them. Favorite forensic tools are your airbag system, ABS, transmission, "online gear" and ECU. If you have an accident, speeding or mishap, all of that is readily available on your car, usually with a small nod from a knowing judge, if car is impounded. As far as I know, grabbing your smartphone or plugging into your OBD-II connector is a violation of 4th ammendement rights, unless there is a compelling case on site. They can always check with your phone company or "onstar" provider and get the info really fast. Just saying.

----------


## Petri

> There is a GPS.



http://gizmodo.com/#!5793925/your-iphone-is-secretly-tracking-everywhere-youve-been

Looks like it's logging your location based on tower triangulation so the GPS settings won't make a difference.

Also it seems that iOS is logging other data as well..  I think there's a few hundred security experts looking into this right now  :Big Grin:

----------


## Voosh

Petri, 

I added to my post above. 

True, you don't need an onboard GPS. Triangultiaon can be very sophisticated, as well as sat signal capture (comm and IR.)

----------


## JEK



----------


## JEK

This is cool -- Tradewind flight over to TFFJ

----------


## BBT

> Originally Posted by BBT
> 
> That is how it knows "Photo Places"
> 
> 
> 
> There's no camera on the iPad 1..
> 
> It didn't show a few travels within the country last summer but the information for the UAE trip was surprisingly accurate, even included the couple of days in the middle of the dessert.



It did not have my UAE trip for either iPad or iPhone. I believe for some reason my iPhone is not recording or whatever is last backed up is recorded since it only has my iPad 2 locations. I backed them both up yesterday to get Monday's update but I did iPad 2 second

----------


## Petri

As it arrived with iOS 4, no wonder I can't get any details for my iPhone's and that the iPad has only the UAE trip.  It didn't have iOS 4 last summer yet.

The iPhone Tracker app doesn't show all the data -- the data in the database is more precise and there are a lot of location points.  Cell and WiFi locations in different tables.  On the video they have 28,000 cellular location stamps and 220,000 (less accurate) WiFi location stamps in the database.

Not sure what the folks in countries where even a simple unique ID for each citizen is considered an privacy issue think about this tracking data.  Interesting to see Apple's response as this type of tracking may even be illegal in some countries.

As people spend most of their time at home and work, you can easily get the location for both of them from data.


 

_Location data is stored to a file called "consolidated.db," which includes latitude and longitude coordinates and a timestamp. The researchers said that while the coordinates are not "always exact," they are "Pretty detailed."

"There can be tens of thousands of data points in this file, and it appears the collection started with iOS 4, so there's typically about a year's worth of information at this point," Allan wrote. "Our best guess is that the location is determined by cell-tower triangulation, and the timing of the recording is erratic, with a widely varying frequency of updates that may be triggered by traveling between cells or activity on the phone itself."_

http://www.appleinsider.com/articles...les_ios_4.html

----------


## JEK

The program reads the device last synced.

----------


## BBT

Or the program only reads the most current file the other file may be there or maybe overwritten. I am sure someone will create a program that reads both if there. I am going to synch my iPhone and see if it now shows all my travels.

----------


## JEK

It will. The first time I ran the app it found my boring iPad V2. I synced the iPhone and everything on it appeared from the day I got it until now.

----------


## Petri

http://www.9to5mac.com/63066/senator...to-steve-jobs/

_Anyone who gains access to this single file could likely determine the location of the users home, the businesses he frequents, the doctors he visits, the schools his children attend, and the trips he has taken over the past months or even a year.
_


http://gigaom.com/2011/04/21/researc...-used-by-cops/

_The truth is that there may be more important things to consider than the issue of who discovered what. Levinsons revelations are more important than that, because he explains that the location data is already being put to use. In his blog post he says (my emphasis):






			
				This hidden file is nether new nor secret. Its just moved. Location services have been available to the Apple device for some time. Understand what this file is  log generated by the various radios and sensors located within the device. This file is utilized by several operations on the device that actually is what makes this device pretty smart.

Through my work with various law enforcement agencies, weve used h-cells.plist on devices older than iOS 4 to harvest geolocational evidence from iOS devices.
			
		


Thats very interesting. Its not that the location data was only already known about in some circles, but its actively being used by law enforcement agencies as part of their investigations. Levinson declined to divulge the names of those agencies, but told me that he had worked with multiple state and federal agencies both in the U.S. and internationally.
_

https://alexlevinson.wordpress.com/2...ing-discovery/

----------


## Voosh

Buyer beware. IMHO. 

*"*Cellebrite's mobile forensics products enable extraction and analysis of invaluable evidentiary data including deleted and hidden data for military, law enforcement, governments, and intelligence agencies across the world.*"* 

I'm gonna be ducking now. 



http://www.cellebrite.com/  :crazy:   :Frown:

----------


## BBT

I guess to all of this my answer is DO I CARE. Heck they may even find out I go to SBH every year.

----------


## BBT

> It will. The first time I ran the app it found my boring iPad V2. I synced the iPhone and everything on it appeared from the day I got it until now.



Yep same exdperience here

----------


## Petri

> I guess to all of this my answer is DO I CARE. Heck they may even find out I go to SBH every year.



Just one more trace to all the ordinary phone usage, credit cards, what nots..  The amount of trace we people left is just amazing.

----------


## JEK

Steve Jobs on iOS Location Issue: 'We Don't Track Anyone'
Monday April 25, 2011 09:47 AM EST; Category: iPhone
Written by Eric Slivka

There has obviously been a lot of discussion about last week's disclosure that iOS devices are maintaining an easily-accessible database tracking the movements of users dating back to the introduction of iOS 4 a year ago. The issue has garnered the attention of U.S. elected officials and has played fairly heavily in the mainstream press.

One MacRumors reader emailed Apple CEO Steve Jobs asking for clarification on the issue while hinting about a switch to Android if adequate explanations are not forthcoming. Jobs reportedly responded, turning the tables by claiming both that Apple does not track users and that Android does while referring to the information about iOS shared in the media as "false".
Q: Steve,

Could you please explain the necessity of the passive location-tracking tool embedded in my iPhone? It's kind of unnerving knowing that my exact location is being recorded at all times. Maybe you could shed some light on this for me before I switch to a Droid. They don't track me.

*A: Oh yes they do. We don't track anyone. The info circulating around is false.* 

Sent from my iPhone

As is Jobs' usual style, his brief comments provide little detail or information to support his claims, and his vagueness leaves things rather open to interpretation.

Android has been shown to also gather location information, but the database is limited to a much smaller list of entries and is regularly wiped by the system. Jobs' email seems to explicitly claim, however, that Google's location information is used to track users while Apple's is not.

Apple responded to some questions about location tracking and privacy last July, noting that users have the ability to turn off location services entirely and that all location features require explicit authorization from the user. The Wall Street Journal has found, however, that this newly-publicized database is constructed even when location services are turned off entirely.
The Journal tested the collection of data on an iPhone 4 that had been restored to factory settings and was running the latest version of Apple's iOS operating system.

The Journal disabled location services (which are on by default) and immediately recorded the data that had initially been gathered by the phone. The Journal then carried the phone to new locations and observed the data. Over the span of several hours as the phone was moved, it continued to collect location data from new places.

As many observers have noted, the iOS location database does not record exact GPS data, instead seeking to pinpoint the locations of Wi-Fi access points and cell towers that the device comes within range of, although the database does offer a clear general track of a user's movements.

In the meantime, government agencies in a number of countries have launched investigations into the situation, seeking explanations from Apple and details on how users can protect their privacy.

----------


## Petri

Steve and WSJ seem to have different opinion :-)


I wonder what's the case legally when the iPhone users have agreed to T&C's that give them the option to disable location services but in fact the user can't do it.

Steve may not care but Apple's legal department may have some work to do when a few dozen government agencies are nocking the door.  Privacy is a difficult topic in many places.

----------


## Petri

Friend has been playing with the data from his phone.  With SQLite Manager it's easy to extract the data and Google fusion tables has nice tools to e.g. graph the data on top of Google Maps.  You can color the dots by rules, e.g. how accurate the data is (Confidence-field).

He noticed that there was a lot of locations where he had never been.  Errors perhaps?

 

For example the place in the middle of the ocean is 0,0.  That's quite obvious but looking at the data a bit closer he noticed that a lot of data was for places he hasn't quite been to.  For example they drove on a motorway during the Eastern but the WiFi data was showing that they would have actually driven through a local town, some 20-30 km away.  There was no way the phone could have heard those WiFi networks.

 
(He was never in this town)

All the WiFi locations are by the local town roads where people live and they most probably have WiFi networks in their houses.  In other words the phone had acquired somehow locations that look like they are very real but he was never very close to those locations.

Looking at the timestamps he noticed that frequently the phone had acquired a lot of locations in just a few seconds, usually in the same geographical area.

 
(The moment this data was acquired, he was driving on the lower right corner of the map, below the "65")

What seems to be happening is that the phone will frequently send the location data it acquires to Apple and it will receive a batch of other locations in the same area.  This data is very useful when the phone needs to locate itself, just triangulate with the data it has receive and fix the exact position when GPS gets a fix.

He was in Oslo, Norway, a few weeks ago and had mobile data disabled (roaming charges).  Not much data in the tables for the trip except for the moments when the phone was connected through WiFi.  And for each of those WiFi locations the phone had "instantly" acquired a lot of cell positions within a small radius.

It's like croudsourced location service.  You give your data and you receive 10x more data from Apple (or in fact all the other folks who have been in the same area).

Now that this was figured out, I asked if there was any indication where each entry was coming from and he noticed there are two other tables; CellLocationHarvest and WifiLocationHarvest..


Nor me or he are concerned about the privacy issues here but just curious how the system works.  And we'd be much happier if Apple would just document and publish how this works..  There are folks who chew whatever is put into their mouth, and folks who prefer to know what they are chewing..

----------


## Petri

> It's like croudsourced location service.  You give your data and you receive 10x more data from Apple (or in fact all the other folks who have been in the same area).







> 3. Why is my iPhone logging my location?
> ...
> These calculations are performed live on the iPhone using a crowd-sourced database of Wi-Fi hotspot and cell tower data that is generated by tens of millions of iPhones sending the geo-tagged locations of nearby Wi-Fi hotspots and cell towers in an anonymous and encrypted form to Apple.
> 
> 4. Is this crowd-sourced database stored on the iPhone?
> The entire crowd-sourced database is too big to store on an iPhone, so we download an appropriate subset (cache) onto each iPhone. This cache is protected but not encrypted, and is backed up in iTunes whenever you back up your iPhone. The backup is encrypted or not, depending on the user settings in iTunes. The location data that researchers are seeing on the iPhone is not the past or present location of the iPhone, but rather the locations of Wi-Fi hotspots and cell towers surrounding the iPhones location, which can be more than one hundred miles away from the iPhone. We plan to cease backing up this cache in a software update coming soon (see Software Update section below).




Missed the w in the word crowd, though  :Big Grin:

----------

