Wednesday, April 20, 2011

Local iPhone location tracking database discovered

Alasdair Allan and Pete Warden, two security researchers have announced that since the release of iOS 4 every device with a SIM (iPhone,iPad) tracks the location of the device on a ongoing basis determined through cell-tower triangulation and stores it in a local database. The position is not determined through GPS which hints that this data is used to improve the network quality. The data is only on your local device and is not transfered to Apple or any 3rd party so you wont need to worry about being tracked. The only problem i see on this matter is that this file is unencrypted available on your device and local backups so if someone steals your phone or Mac they can create pretty scary movement log. Also this gives a little insight on the tracking abilities of the phone companies and the government.

The database is stored in a hidden file called "consolidated.db". The stored data includes a timestamp together withlatitude and longitude for each tracked point. The timing seems to be pretty random at first sight, but a local test indicates that the data will be saved (at least) on a cell-tower switch or incoming calls/messages.

Pet Warden released a open source tool to visualize this data which is available at http://petewarden.github.com/iPhoneTracker/.

Quick facts:
  • The data is only stored locally and is not transfered to anyone
  • The data is not determined through GPS so its more a mere guess than an exact location.
Apple should encrypt the data in future firmwares to make sure it doesn't fall into the wrong hands.

Update
I made a GoogleMaps based implementation based on this application check it out
MyPhoneTracker

18 comments:

amBored said...

great this might be useful

princy gupta said...

nice post!!!!

Alphabeta said...

I tend to grab for my tin-foil hat when I hear things like this.

Insider33 said...

Hah, tough luck, Apple.

Jazz bazooka said...

and there you go. next will be "brain control" app, for politicians

Mostly Irrelephant said...

Well, we have the remote wipe in case of theft but then again, what good is a movement map for a thief that does not know me personally?

Stu said...

Wow! Cool! And a little scary.

BTN Hip Hop said...

man its crazy, we have lost so much privacy with advancing tech

GADAFINY said...

great post

Moobeat said...

good to hear

metaphysicalfarms said...

This is not good! That's why I turn off my gps (that and to save battery) on my android.

Stare Dad said...

google has something of this kind. when i make a search on google in my phone it says whats near me.

Red13 said...

this is kinda cool... but I'm not sure if I like it

Malkavian said...

Damn that is a cool app but damn dangerous if a weirdo or creep steals my phone he can have a map of my most visited spots and locations good thing i dont own this kid of phones.

mac-and-me said...

@Malkavian how do you know your phone doesn't do the same?
@metaphysicalfarms its not determined via gps

ed said...

cool, looks like a good way to find the nearest starbucks location

Jessica Thompson said...

Man this is kinda weird not sure I'm too fond of it!

Rabidmoose said...

Tin foil hat time!