Thursday, April 21, 2011

ZOMG iOS 4 records all your travels!

(to be more specific iOS that carries a cellular signal - iPhone and iPad 3G)

So some researchers discovered that iOS 4 records every location is been at. It records in this database file: /private/var/root/Library/Caches/locationd (you'll have to jailbreak it to get ssh access into it and then copy the file to your computer to open it).

So why does this file exist?
It has to do with how location services work in iOS. There is two ways to get a location. First is using the standard GPS signal from the satelites - similar to many GPS recievers. It gets a really accurate reading but the problem is that is uses too much battery power. It's not a problem if you're using it as an in-car GPS because you get cigarette lighter power but what if you want to update your location on twitter or facebook? Well then there is A-GPS which uses cell towers instead.

A-GPS uses the strength of its connections to cell towers to judge the distances away from them and then goes online to find the lat/long position of those towers using a unique identifier. It's fast, accurate enough to post on facebook and doesn't take up too much battery. Because cell towers don't move a lot it would be a waste to look up its location every time so this data is cached on the device.

So over time as you travel and move around with the device it keeps a general location of where it goes. This is a privacy issue - so much so that Sen. Al Franken (D-MN) wants an explanation. If one could obtain this file one could see where the owner's place of residence, work, study, etc. But also more sensitive locations such as strip clubs, abortion clinics, hospitals, etc etc etc.

But how does one even access this file? First it needs to be jailbroken. Right now this means taking the physical device and connecting it to a computer and running the jailbreak software on it. Then its a simple matter of copying the /private/var/root/Library/Caches/locationd file .

Now why would Apple allow this. Firstly don't attribute to malevolence to what could be a mere oversight. The file is so small compared to the storage capacity of the iPhone that the developers might not have paid much attention to it. They thought it would be better for it to just be left alone and didn't consider the privacy implications.

Videos:
http://www.youtube.com/watch?v=GynEFV4hsA0
http://vimeo.com/22608787
http://vimeo.com/22610355

8 comments:

  1. damn son, that's pretty freaky, esp. after seeing some ad for a movie, now if i could just find it again...

    ReplyDelete
  2. Idk, the file is small but it seems really vital to operations, so someone should've been all "uhhh creepy" at this

    ReplyDelete
  3. I keep thinking about jailbreaking my iphone, but am too worried i'll mess something up

    ReplyDelete
  4. Whoa. I have been enlightened!

    ReplyDelete
  5. Incompetent, or malicious?

    ReplyDelete
  6. i was hearing about this on the news, what i dont understand is why industries really care about this information, why risk it?

    ReplyDelete