Wednesday 20 April 2011

iPhone Location Tracking

The subject of iPhone’s tracking their owners locations has hit the Interwebs again because Pete Warden and Alasdair Allan just pulished a rather nifty application that extracts and maps out the location logs that iOS keeps.

Their application uses the location info that is acquired using cell tower triangulation which is of dubious accuracy (about 500m for me for the most part) and seems to have something weird going on with it’s timestamps in my case, but that might just be something strange about either my iPhone or O2’s network. They get all of this from the CellLocation table within the iOS database that Apple use to manage most of the OS system configs and functions (Consolidated.db). Finding the Database is a minor challenge given the instructions provided. Extracting the data is the work of a few clicks after that.

Interestingly they don’t mention the fact that there is dramatically more and far better GPS derived data in the Location table which has far fewer entries and only seems to log data when you are actively using a GPS app. 

And there is a WiFiLocation database for those times that you have WiFi enabled that has logged about 8 times as much data as I have for Cell towers. That particular table intrigues me because it contains MAC addresses, and there appear to be lots of them (120k entries in that table). Interestingly it only records MAC addresses (along with location data and timestamps) not SSID’s which confirms one of my older assertions that SSID’s are useless for location tracking. I’m going to take a look at that table in much more detail to see whether I’ve been harvesting thousands of MAC address\Location combos silently over the past year.

It would be very interesting to know whether Apple extracts any of this data, and if so what it does with it. Kim Cameron had a lot to say about the risks of this last year when he made some fairly insightful remarks about the massive privacy holes in Apple’s Policy. At that point we were only talking about Apple gathering the user’s own device ID but I am at a loss to explain why Apple would have the phones log all of this location data if they did not intend to harvest it.

Funnily enough all three location tables also have a corresponding “Harvest” table but they are currently empty on my iPhone at least, perhaps they have plans for some future capabilities.

I’m thinking of putting something together that will allow us poor Windows users to get the data poured into a nice Map interface, Pete and Alasdair’s version is OSX only at the moment so I’m making do with Perl and Google Apps to see what data SkyNet has been collecting on me. It’s not very accurate as I noted above but it’s logged all 20 of my international trips over the past couple of months at some level.

No comments: