Your iPhone’s Stalking You

The breaking news that has come out of left field today is that all Apple devices running iOS4 are actually creating a log file of all there users movements. The Apple stalking story comes via O’Reilly Radar by Alasdair Allan and Pete Warden.

The iOS4 tracking feature does make sense seeing how Microsoft has integrated Live into their device, but the issue is that it appears to be a hidden feature slipped into iOS4 and not something users made a proactive decision to enable. What has raised concerns is that Apple database is being restored across device backups, and even device migrations between different computers.

To further compound the issue it appears that the location data is unencrypted and unprotected and will be available on any machine you synced your iOS4 device with.

How to find the file?
The file name is consolidated.db and while apparently not always accurate long and lat coordinates it’s fairly detailed due to timestamp data.

How is the data gathered?

It seems the frequency of log updates is split between activity on the device likely due to apps requesting user location and movement between cell-tower locations.

How can I see how much data Apple has captured?

You can download the free open source iPhone Tracker application, which allows you to read the hidden data Apple is storing on your computer.

What about WindowsPhone7?

The interesting point is that while the new WindowsPhone7 allows for a similar functionality to track your phone via it has to be manually enabled and does not appear to log your past year’s movements. The data is also recorded via it’s Window’s Live platform and does appear that unlike the iPhone log it does not appear to be store data on any computer that you connect your device to.

Why would I enable WP7 find my phone?

  • Map It – see your phone’s approximate location on Bing maps
  • Ring It – ring your phone for one minute using a special ringtone even if you have set it to vibrate or silent
  • Lock It – lock down your phone so nobody can use it but you can also add a “please return me” not on your screen
  • Erase It – remove all your information stored on your phone and reset it to factory settings.

What is required to see WP7 data?

To protect user privacy your data is protected and requires you to login to your Windows Live account, which seems a logical place to store such sensitive information. Your phone will periodically save your location for better mapping result but if you travel alot or lose a lot of phones you get enable get results faster.  The downside is that this may use more battery so you might just enable this when travelling.

What happens if I can’t locate my WP7?
If you can’t reach your phone right now. This might be because your phone is turned off, out of battery power, or out of range. To make things easier there is an option to send an email if the phone location is found.

How does location services work?

Platforms such as WP7 include a randomly generated unique ID number that is stored on your phone to ensure no personal information can be used to identify you.  The unique ID is stored by the Microsoft location service for a limited time , you can also disable your phone’s location by all applications.

Why be concerned?

The issue since it’s a log file it’s possible for anyone to download the file and get an understanding of your movements. If you sync or charge your device by connecting to your work PC, it’s possible for your boss to download the file and track your movements to see if that sick day was not just an excuse to go for a job interview or the beach.

What is next?

It’s likely that all phones will come under scrutiny over the next few months as it’s possible that both Blackberry and Android devices might have a similar functionality just hopefully they took more care with user data and encrypted it.