" />

Calm Down, Everyone; Your iPhone Is Not Enabling Stalkers Or Big Brother [Updated]

Gizmodo and Boy Genius Report (amongst others) are reporting today that a certain file stored in your iPhone (and thus on your iPhone’s backups, located on your computer) contains “a record of everywhere you’ve been since June”.   Masses have gathered at One Infinite Loop with pitchforks, ready to turn Steve Jobs into Swiss Cheese (OK, I made that part up, but that’s what the mood seems like).   However, as an IT security professional, I’ve taken a look at the data from my own phone, and my conclusion is: Much ado about nothing.   Here’s why:

1.  The data is expectedly inaccurate.

Most of the lat/long pairs I evaluated were not even close to where I actually was at the time – and I mean off by miles.   This is to be expected with cell triangulation, which is relying on signal strength from the received towers to estimate position.   Remember back in the days of the original iPhone when your Google Maps location was often wildly off (or in a huge, blue circle that encompassed a few square miles?  Yeah, that’s what we’re talking about here.    Put your phone to your ear and you’ve got one signal strength value.   Put it back in your pocket and you’ve got another.   Each will be interpreted as a different location.

Here’s one point that I sampled.   I was changing planes at Charlotte Airport.  I never left the terminal.  It’s roughly 3.5 miles off.

clt

(click on the image for a larger version)

As it happens, I had a very hard time finding a data point that DID show me exactly where I was – to the degree that someone who didn’t know me could determine where I had been.    It never once successfully identified my home, work, or any other location that I frequent.   At best, this could be used to show that I was in a given neighborhood – maybe. 

 

2.  It’s not capturing that much data anyway.

The “security researchers” (to quote Gizmodo) who found the data loudly trumpeted the fact that they had tens of thousands of data points in the table.   Yes, I did too.   However, a further analysis showed that the vast majority were duplicates from a time perspective – meaning that there were multiple lat/longs for the same time (down to the second).   When the time duplicates were removed, suddenly there were only 499 unique data points instead of 23,687.   Some days had hundreds of entries.  Some had dozens.   Some had less than 3.   Some had none at all.   After the date duplicates were also removed, there were 140 points left.   There were 247 days between the first date and the last date of the remaining data points, which means that on nearly half of the days on which data could have been captured, none was.

My iPad, which had only half the amount of time logged (in months), had a mere fraction of data versus the iPhone; only 4528 total records.   Interestingly, the iPad’s last data point, when plotted, was the same at the iPhone’s.   I should have expected that, but didn’t. (And they were both in a town I’ve never been to!)

 

3. The data is junk.

One particular time point (8/24/2010, 14:00:00 UTC), chosen at random, had 111 entries, and – here’s the kicker – they each had different lat/longs.  

NYC

These are the 111 data points mentioned above.   I landed at LaGuardia Airport that day (but you wouldn’t know it, since it never says I was there), and had an interview and breakfast at a hotel just off the airport (on the northwest corner of the concentration of plot points).   However, the data erroneously has me in Manhattan, in the middle of Meadow Lake, and at various other places that I didn’t go to at all.    Put frankly, you cannot, by looking at this data, tell conclusively where I was and where I wasn’t at that date and time.   Scientifically speaking, you can only truly determine that I was in the NYC area that day. 

I should also point out that despite my having spent quite a lot of time at home over the past several months, not one of the 23,687 points was on my home.  None.   The closest one was a half mile away.   The next was 1.5 miles away.   Neither were any of the points even close to the office I’ve been working on a project in, nor the hotel I’ve been staying at – and am writing this article from.    The same goes for last week, when I attended a conference in San Jose – nothing at the conference site, and nothing at the hotel.

The closest the data came to being of any use for tracking purposes centered around a trip I took from MacDill Air Force Base in Tampa, FL to Tyndall Air Force Base in Panama City, FL for a week-long activity.   However, this still wasn’t close as I am never seen on MacDill during the entire trip at all, and am only placed at Tyndall once.   In fact, in all of the data, I am only shown at MacDill once, and I’ve been there several times over the past several months.  

It is difficult to escape the obvious conclusion: for tracking purposes, this data is utterly worthless.

4. The data stays under your control

No one – no one – is alleging at this point that this data ever escapes your control.   It is on your iPhone/iPad and on your computer in the form of backups, and there have been no allegations that it is transmitted in any way to anyone.   If no one else has it, then there’s nothing to worry about.

5. It appears to serve another purpose.

As the “researchers” freely admit, the database includes column headers indicative of common GSM cellular terminology: MCC (Mobile Country Code), MNC (Mobile Network Code), LAC (Local Area Code) and CI (Cell Information).   There are also comparable fields in the CDMA-specific tables.   I checked the MCC and MNC fields with the relevant ITU publications and found that they did indeed identify the US and AT&T, as expected.    While I could certainly concoct nefarious uses for this data, it seems much more likely that this is for troubleshooting purposes – likely for Apple, but perhaps for the carrier as well.   

6.  Compass calibration.

One of the other tables in the database appears to serve some function with compass calibration.   It has X/Y/Z magnetic values and the like.   If this database is for nefarious purposes, then what evil plan does this play a part in?

 

So, in summary, we have:

  • Very limited data
  • Totally useless for any meaningful tracking purposes
  • Which never leaves your control
  • And appears to have some valid reason for existing

That being said, there is a table named LocationHarvest that had very accurate data of my whereabouts – likely derived from GPS – but only for a 6 minute period.   After some time had passed (with the phone in the same location), I backed it up again, and the data had disappeared, leaving an empty table.  

From a security perspective, I just don’t see anything here to be concerned about.

UPDATE:  Apple has officially responded to this issue, my analysis is here.

Continue reading:

TAGS:




  • Michael Brennan

    Well done for providing such an mature and smart analysis of this data. Rather than wildly speculate on the probability of some mad conspiracy plot, you presented a well thought out argument as to the validity of this data. It would be interesting to see if other mobile OS such as Android do the same. Hats of to you.

  • “4. The data stays under your control”

    For every software to access, also accidental viruses, spyware, adware, etc.

    • Joe Tomasone

      True, but you have the option of encrypted backups.

  • Branislav Vartik

    Nice sum-up. Thanks.

  • Peter Jansen

    You’re missing the point:
    1. People have been convicted upon proving that they: “have been in the area”
    2. The data stays NOT under my control, in case the police reads out my device while circumventing my password ( see iPhoneDownloadblog) on Michigan state police
    3. Users should have been made aware if this process

  • Joe Tomasone

    @Peter:
    1. True, but I highly doubt that data as subjective as this would be of any use in a court proceeding. Again, to take the example of my trip to New York, my phone asserts that I was in 111 different places at the exact same second. What judge would permit this as evidence?

    2. I was referring to “sneaky” attempts to extract the data without your knowledge by Apple (or whomever), as the articles all seem to be implying that Apple is doing something nefarious. However, on the subject of Law Enforcement, they could also grab Google Maps history (or that of any GPS app you have), results from Yelp or other location-aware apps, etc. If I were to perform a through forensic analysis of your iPhone, I’m sure I could paint a reasonable picture of your activities even if the consolidated.db file didn’t exist.

    3. I disagree. While I admittedly do not know what the data is actually used for, I’m not sure that Apple (or any manufacturer) needs to explain every last part of a product’s operation (especially technical aspects) to all of its customers on the basis that they someone might object. Quite frankly, I’m willing to bet that lots of heads in Cupertino are shaking in disbelief that this whole thing is even being treated as an issue by anyone, let alone making the rounds of the media as some dire threat to your privacy.

  • stontuna

    So.. according to an amateur analysis of a single phone’s data posted on an Apple fan site, everything is fine. Nevermind the professional security researchers who clearly state that this is a violation of privacy and demonstrated that it can be quite accurate in their own tests. Nevermind that the real issue isn’t whether the iPhone does a good job of tracking you, but that it was programmed to do such a thing in the first place.

    Sure….

  • Joe Tomasone

    @stontuna: OK, let me turn this around on you:

    So… According to two researchers who tested only their own phones and didn’t perform any analysis of the data besides plotting all of the lat/longs in an attempt to validate their conclusions, there is a giant conspiracy on Apple’s part to track you for potentially nefarious purposes?

    Sure…

    As an aside, I’ve been in the information security space for well over 10 years, and while I do not normally publish my findings, they have been published, as a decent Google search would uncover. I’m far from an amateur. But hey – thanks for taking the time to assume that I was!

  • Pingback: Analysis: Apple’s Explanation Of Why Consolidated.db Stores What It Stores | iSource()

  • Pingback: iOS 4.3.3 Released – Fixes Location Database Bugs | iSource()

  • Pingback: iOS 4.3.3 Firmware Update Out – Addresses Location Database ‘Bugs’ — iPad Insight()

  • Pingback: iOS 4.3.3 Firmware Update Out – Addresses Location Database ‘Bugs’ | The Bob Clark()

  • Pingback: Apple and Google Testify to U.S. Senate Subcommittee | iSource()

  • Pingback: Surprise, Surprise! Apple Called to Second Senate Hearing Regarding Privacy | iSource()

  • Pingback: Sen. Franken Requests that Apple and Google Make Privacy Policies More Clear for Apps | iSource()