Your iphone knows where you are!

mike65

Did you know that if you own a 3 or 4th generation iphone its tracking its own movements? So if you are playing away just something to remember.

http://www.tomsguide.com/us/iphone-location-tracking-iios4-ipad,news-10910.html

https://www.youtube.com/watch?v=GynEFV4hsA0

danniemcq

what are the odds that they'll get sued and broken up the way every other company who put a steep wrong do.

The steve job fan club or igits probable think that this is Steves way to make sure they are all ok like a big family.

sooner people realise apple is rotten to the core (ba dum dum tish) the better.


below is a text version of the story for people at work or on mobiles

Is Apple tracking your every move via the iPhone and iPad? A Wednesday blog post published on O'Reilly Radar claims that devices running iOS 4 are gathering location and storing it in an unencrypted manner.

"What makes this issue worse is that the file is unencrypted and unprotected, and it's on any machine you've synched with your iOS device. It can also be easily accessed on the device itself if it falls into the wrong hands. Anybody with access to this file knows where you've been over the last year, since iOS 4 was released," wrote Pete Warden, founder of the Data Science Toolkit, and Alasdair Allan, a senior research fellow at the University of Exeter.

The data is being stored to a file known as "consolidated.db," which includes latitude-longitude coordinates and a timestamp.

"The coordinates aren't always exact, but they are pretty detailed. There can be tens of thousands of data points in this file, and it appears the collection started with iOS 4, so there's typically around a year's worth of information at this point," Warden and Allan wrote.

The duo speculated that the data collection is erratic. Update times vary and might be triggered by traveling between cells or activity on the phone itself.

But while this data is being stored on your phones and iOS devices, Warden and Allan acknowledge that there is no "evidence to suggest this data is leaving your custody"—aka, being sent to Apple. There is also "no immediate harm that would seem to come from the availability of this data."

"But why this data is stored and how Apple intends to use it—or not—are important questions that need to be explored," they wrote. "The cell phone companies have always had this data, but it takes a court order to access it. Now this information is sitting in plain view, unprotected from the world. Beyond this, there is even more data that we have yet to look at in depth."

As one commenter on the blog post pointed out, this data collection was first discussed last year. Digital forensic specialist Christopher Vance wrote on his blog that the location data is used as part of iAds, in addition to apps that require location-based data. In a later blog post, however, Vance said "these points are being used not in direct connection with iAds but on your device itself."

Apple did not immediately respond to a request for comment, but another commenter pointed to a July 2010 letter that Apple penned to House lawmakers about its location-based services.

Apple insisted that its location-based services exist only to enhance the user experience and that the company does not activate these services until it has received express consent from users. It collects data "anonymously in a form that does not personally identify you and is used by Apple and our partners and licensees to provide and improve location-based products and services," Bruce Sewell, general counsel and senior vice president of legal and government affairs at Apple, wrote in a letter to Reps. Edward Markey and Joe Barton.

"Apple is committed to giving our customers clear notice and control over their information, and we believe our products do this in a simple and elegant way," he said.

The inquiry occured after Apple updated its privacy policy to say that it could "collect, use, and share precise location data, including real-time geographic location of your Apple computer or device."

In the letter, Apple said four Apple devices collected geographic location data: the iPhone 3G, the iPhone 3GS, the iPhone 4, and the iPad Wi-Fi + 3G. To a lesser extent, older iPhone models, the iPad Wi-Fi, the iPod touch, Mac computers with Snow Leopard, and Safari 5 also collect similar information.

Apple started collecting location-based data and Wi-Fi information in January 2008.

"Apple has always provided its customers with the ability to control the location-based service capabilities of their devices," Sewell said. "In fact, Apple now provides customers even greater control over such capabilities for devices running the current version of Apple's mobile operating system, iOS 4."

With iOS 4, customers can pick and choose the apps with which they do not want to share location information, even if the global, location-based capabilities on their device are turned on, Apple said. An arrow icon, meanwhile, alerts iOS 4 users if an app is using or has recently used location-based information.

Warden and Allan seemed to take issue with the fact that the data collected was easily accessible. They built an app that helps you look at your own data, and suggested that concerned users encrypt their backups via iTunes. To do so, click on your device within iTunes and then check "Encrypt iPhone Backup" under the "Options" area.

A more detailed look at Warden and Allan's investigation is in the video below.

The news is also interesting in light of a case out of Michigan where police officers have been accused of secretly extracting data from peoples' cell phones during routine stops. The American Civil Liberties Union of Michigan has urged the Michigan State Police (MSP) to release information about the alleged practice.

Editor's Note: This story was updated at 2:30pm Eastern with additional info from Vance.

For more from Chloe, follow her on Twitter @ChloeAlbanesius.

http://www.pcmag.com/article2/0,2817,2383865,00.asp

spank_inferno

So does your Samsung... So does your HTC.

Just stay calm and keep spending money!

conorhal

I hate to break it to you, but so do mobile providers in Ireland. Check your contract and you'll probably find in the small print that they can collect data on you for marketing purposes, and yes, they do sell that data to commercial enterprises.
For example, say you're a perfume manufacturer and you want to market a particular new scent to 18-25 yr old women. The mobile companies can tell you where best to buy advertising based on the routes that demographic drive to work or the places that they congregate.

Data profiling is big business. Companies like Amazon and O2 have programs that track and analyze your movements your browsing and purchases to build a complete picture of you as a consumer.
It’s actually quite scary what they know about you. A mobile company can, tracking your movements tell, for example, when you have had a baby because the time you leave for work on has changed and the normal route you used to take there now diverts via a crèche. I saw recently an article about how your Visa card can predict with pretty stunning accuracy the likelihood that you are going to get divorced.
Personally I disagree with the level of intrusion these companies have into our lives. If the state did this people would go mad (they are already deeply into this kind of thing in China), compared to the benign census that you just filled out, the amount of information that private firms data mine on individuals is quite frightening.

danniemcq

spank_inferno wrote: »

So does your Samsung... So does your HTC.

Just stay calm and keep spending money!

prove it, also its the fact that this data is kept uncrypted and fairly easily accesable is the man problem

conorhal wrote: »

I hate to break it to you, but so do mobile providers in Ireland. Check your contract and you'll probably find in the small print that they can collect data on you for marketing purposes, and yes, they do sell that data to commercial enterprises.
For example, say you're a perfume manufacturer and you want to market a particular new scent to 18-25 yr old women. The mobile companies can tell you where best to buy advertising based on the routes that demographic drive to work or the places that they congregate.

Data profiling is big business. Companies like Amazon and O2 have programs that track and analyze your movements your browsing and purchases to build a complete picture of you as a consumer.
It’s actually quite scary what they know about you. A mobile company can, tracking your movements tell, for example, when you have had a baby because the time you leave for work on has changed and the normal route you used to take there now diverts via a crèche. I saw recently an article about how your Visa card can predict with pretty stunning accuracy the likelihood that you are going to get divorced.
Personally I disagree with the level of intrusion these companies have into our lives. If the state did this people would go mad (they are already deeply into this kind of thing in China), compared to the benign census that you just filled out, the amount of information that private firms data mine on individuals is quite frightening.

the difference again is that if your data is part of a greater database, this is you and you only. your routes your positions etc not average person or data about some person for marketing purposes.

its kind of a given that data is used that way (facebook, web searches etc) its the fact that this is so personal to each user and not encrypted in any way is just pointless

But becuase its apple they'll be forgiven and it'll be called a little mistake. just like their inability to cope with leap years, new years, daylight savings, alarms, the way people hold phones, etc etc etc.

ShamoBuc

not really bothered to tell you the truth - does it really make a difference?

danniemcq

ShamoBuc wrote: »

not really bothered to tell you the truth - does it really make a difference?

probably not! Its just a case that people have to be extrra careful with GPS functions especially with cameras if they take pics in their house and upload them say to Facebook and then update the status saying off on holidays to spain. Just find the gps data on the pic and you have a house to rob.

what angers me is the fact (and i keep saying this) but apple is ALWAYS forgiven

Azureus

I dont do anything interesting enough to care to be honest.

When I start doing **** I should be worried about, Ill make sure to leave my iphone at home.

danniemcq

Azureus wrote: »

I dont do anything interesting enough to care to be honest.

When I start doing **** I should be worried about, Ill make sure to leave my iphone at home.

But nobody leaves the house nowadays without a phone, you'll feel like you are missing a limb

123balltv

so they can check all they like
I know some who would freak bout this but hey their life story is
on facebook they gave up rights to their privacy years ago

ShamoBuc

danniemcq wrote: »

probably not! Its just a case that people have to be extrra careful with GPS functions especially with cameras if they take pics in their house and upload them say to Facebook and then update the status saying off on holidays to spain. Just find the gps data on the pic and you have a house to rob.

I see your point, but with no cars in the driveway, all the windows closed on a sunny day and no one answers the door - that's enough for them to know you are not at home I would imagine. Also they break in at night time aswell - when you might even be in bed..... will they really facebook you etc to find out... I wouldn't think so. Either way.... not too bothered myself.

alexa5x5

So its true, Skynet is becoming aware :eek:

danniemcq

ShamoBuc wrote: »

I see your point, but with no cars in the driveway, all the windows closed on a sunny day and no one answers the door - that's enough for them to know you are not at home I would imagine. Also they break in at night time aswell - when you might even be in bed..... will they really facebook you etc to find out... I wouldn't think so. Either way.... not too bothered myself.

I see your point but still never good to make things easier than they should be!

Azureus

danniemcq wrote: »

But nobody leaves the house nowadays without a phone, you'll feel like you are missing a limb

Some of my favourite days out are when I turn that damn thing off and leave it at home. Ah, the sweet freedom of the days before mobiles

That civil servant should have left hers at home when she was going to the National Gallery...maybe then she wouldnt be moaning bout stalking!

orourkeda

Might be handy to consider the next time an owner of one gets sh1tters

HeisenbergBB

This doesnt bother me personally to be honest because I dont have anything to hide. But I still dont think its right to track peoples movements. This information could potentially be dangerous if in the wrong hands. The first thing that comes to mind is if somebody was having an affair. It wouldnt take much for a suspicious partner to jailbreak an iphone and track their other half's wearabouts at a particular time.

All I know is I used to work in the iphone call centre in Apple in Cork and I know how the UK customers in particular get worked up about these things. I just feel sorry for the advisor that will have to put up with the rants over the coming days/weeks!

upandcumming

danniemcq wrote: »

probably not! Its just a case that people have to be extrra careful with GPS functions especially with cameras if they take pics in their house and upload them say to Facebook and then update the status saying off on holidays to spain. Just find the gps data on the pic and you have a house to rob.

It is far easier to rob a house than that.

Dudess

http://www.youtube.com/watch?v=OYecfV3ubP8

PeakOutput

It is good to see that, just as I suspected, the privacy nuts are just a vocal minority, if you are careful and not an ignorant idiot this is not a big deal in the slightest

danniemcq

upandcumming wrote: »

It is far easier to rob a house than that.

oh i know, i've locked myself out of the house way to many times now and most houses have the windows fitted wrong so that makes it even easier.

the point i was trying to make is that it makes it easy to spot empty houses abd to scope it out, pics of a houseparty at your house say may show a HUGE TV, computer, xbox etc etc. you know if its worth the hassle really. window shopping in a way!

PeakOutput

danniemcq wrote: »

oh i know, i've locked myself out of the house way to many times now and most houses have the windows fitted wrong so that makes it even easier.

the point i was trying to make is that it makes it easy to spot empty houses abd to scope it out, pics of a houseparty at your house say may show a HUGE TV, computer, xbox etc etc. you know if its worth the hassle really. window shopping in a way!

there is no way to get meta data from a picture on facebook number 1 and number 2 the latest compact cameras also tag your pictures with location data, its becoming a ubiquitous techology its nothing to do with apple

Saila

I can see it now...

A womans son is kid-napped, she is sent on a wild goose chase with another guy who has bomb material delivered to his house for no reason and lots of $$$ put into his account, and the two of them go off on a crazy adventure set out by the computer to save the president

I should really sell this idea to hollywood

biko

Capturing location data without the user actively starting this service is an intrusion on privacy, that's my point of view anyway.

Hookah

biko wrote: »

Capturing location data without the user actively starting this service is an intrusion on privacy, that's my point of view anyway.

It's in the terms and conditions, probably.

danniemcq

PeakOutput wrote: »

there is no way to get meta data from a picture on facebook number 1 and number 2 the latest compact cameras also tag your pictures with location data, its becoming a ubiquitous techology its nothing to do with apple

wasn't having a go at apple (for a change) in that last post just on about the dangers of GPS technologys.

and are you sure you can't get the data off facebook pics? if you look really deep?

oh and for anyone that is up to no good the article below is from geek.com

As we told you earlier, if you own an iPhone or iPad, you’re being tracked. An alarming bit of information was released today by two security researchers who discovered that since this summer’s iOS 4 release, all iPhones are keeping a long list of the locations you’ve been to, complete with time stamps. Understandably, a lot of people are not happy with this privacy breach.

The data is stored both on your phone and on any computer you sync it to. More bad news: it’s easily available to anyone who gets their hands on the phone or your computer as the data is unencrypted. The devices seem to be logging your location to a file called “consolidated.db,” which contains longitude-latitude coordinates as well as the timestamp.

Accessing the data from your device requires an easy jailbreak. You can get the information even easier off of your computer, thanks to an open-source software that Allan and Warden have made available for download. The data seems to rely on tower triangulation instead of GPS, which means you can’t go off the grid by just turning off your GPS.

There’s no fix as of yet, but here’s what you can do to deal with your iPhone tracking you:

Wipe Your Files:
If you really want to get rid of it on your computer, the only option is wiping all of your backup files. The problem is, every time you sync your phone, it will create a new file, so you’ll have to delete the backup files each time you sync your phone. Plus, by deleting your backup files, you’ll lose those files needed to restore your phone if it ever gets lost.
Encrypt Your Files:
You can also encrypt your backups, which will prevent other people or programs from seeing the data on your machine. However, there’s still the problem of the copy on your phone. Although the file will remain on your computer, it’s at least safely encrypted. Here’s how to do that:
Plug your phone into your Mac’s USB port and launch iTunes, just as you normally would do while syncing your phone.
Under “Devices” in iTunes, select your phone (or your iPad)
Go to the bottom of the summary page. You’ll see an option to “Encrypt iPhone backup.” Check the box.
Create a password for your backups.
If you actually want to download your personal tracking data, Allan and Warden have created an app that will scan through your OS X machine’s backup files and will look for the hidden file. The application doesn’t share any of your information, and your data stays on your machine.

Here’s how to download the app, or just open the file without downloading the app:

Running the app on an OS X machine
Visit PeteWarden.github.com
Download the source code in either zip or tar format
Open file. The app will display the location history on a map once it finds the hidden file contain your location.
Look at your data without running the app
It’s a little more complicated, but Allan and Warden walk you through it step by step here.
The video below shows a trip from Washington D.C., to New York via Amtrak between July 24 and July 29, 2010. Below that is a video of Allan and Warden discussing how they discovered the data.

Visit PeteWarden.github.com for more info and to download the app.

http://www.geek.com/articles/apple/how-to-deal-with-your-iphone-tracking-you-20110420/

dvpower

mike65 wrote: »

Did you know that if you own a 3 or 4th generation iphone its tracking its own movements? So if you are playing away just something to remember.

My iPhone and I have an understanding.

ScumLord

I'd be completely and utterly shocked my phone did that if it wasn't written on the features list as a selling point.

I've a windows phone and it makes a big deal about the fact it knows where you are and what's around you. You can always go into settings and turn it off.

PeakOutput

danniemcq wrote: »

wasn't having a go at apple (for a change) in that last post just on about the dangers of GPS technologys.

and are you sure you can't get the data off facebook pics? if you look really deep?

with the new album system they make it awkward to download pictures from profiles anyway its not impossible or hard but it des require a bit of a workaround. when you do figure that out and right click save the file you get a new jpeg with the picture in it as far as i know you dont download the original jpeg that the picture owner uploaded so there is no meta data with it. i am open to correction but i am pretty sure thats how it works

HeisenbergBB

ScumLord wrote: »

You can always go into settings and turn it off.

The iphone is tracking people by triangulation, which does not work off the GPS feature. It works off the mobile signal. So to turn this off you would lose you data connection i.e. no calls, no texts, no internet.

PeakOutput

http://www.engadget.com/2011/04/21/the-iphone-tracking-fiasco-and-what-you-can-do-about-it/

Naikon

Closed codebase includes backdoors, news at 10. Any software that does not have source code included in the terms should be marked as "suspect" on your list. Common sense imo.

Naikon

PeakOutput wrote: »

http://www.engadget.com/2011/04/21/the-iphone-tracking-fiasco-and-what-you-can-do-about-it/

Just man up and install an embedded Linux/BSD on your phone is my advice. Scrape the entire source tree and take out anything you don't like. You are welcome. Of course, my solution won't prevent the data being mishandled by your provider.

starlit

Scary....wouldn't ever want an Iphone no matter how snazzy it is! Don't like the thoughts of it that has breaches of security and data.

Trevor451

Another reason not to buy apple products

Nevermind_

spank_inferno wrote: »

So does your Samsung... So does your HTC.

Just stay calm and keep spending money!

just out of curiosity do you have a source for that? as far as i'm aware android phones don't do this, at least not in the way apple do.
Some individual apps might but the phone itself does not keep a location log for samsung/htc

PeakOutput

snuggles285 wrote: »

Don't like the thoughts of it that has breaches of security and data.

as long as you realize that is all they are though, there are no breaches of security, data or privacy. If you dont agree with their t+c's that is one thing but there are no 'breaches' of anything

red menace

Full Michigan story

http://www.networkworld.com/community/blog/state-police-can-suck-data-out-cell-phones-un?source=nww_rss

You don't want to be pulled over by the police in Michigan. When law enforcement wants half a million dollars to produce documents for a FOIA request, something is not right. And since the high-tech mobile forensic device in question can grab data in one-and-a-half minutes off more than 3,000 different cell phone models, it could be used during minor traffic violations to conduct suspicionless and warrantless searches without the phone owner having any idea that all their phone data was now in the hands of authorities.
The Universal Forensic Extraction Device (UFED) made by Cellebrite can extract data off 95% of cell phones on the market. It can also grab GPS information from units in most vehicles. According the company's profile [PDF], the UFED is stand-alone gadget designed for "recovery and analysis" used by law enforcement, intelligence agencies, military and governments across the world in 60 different countries.
The ACLU of Michigan has been trying to get more information to determine if the Michigan State Police (MSP) are using these gadgets to "violate Fourth Amendment protections against unreasonable searches if a warrant is not issued." Back in 2008, after the ACLU filed the first FOIA request for logs, reports and records of use, the MSP said Okay but it will cost $544,680 to retrieve and assemble the documents to disclose how five of the devices were being used. The MSP wanted $272,340 deposit before showing the ACLU documents. After sending 70 different FOIA requests in November, narrowing the time period and the UFED models, the ACLU was told no documents existed with that criteria. It's like a endlessly expensive and unfruitful fishing expedition for information.
There are many different UFED models, but most can access current or past phone lock codes, access any deleted data, or as stated on the company's website for the UFED Physical Analyzer 2.0, it can decode chat, email, instant messages, call logs, text messages, web bookmarks and history, Facebook contacts, Skype contacts/calls/chats, photos, videos . . . pretty much whatever you have on your phone. Besides those forensic features, the UFED Ruggedized model can also clone a SIM Card when it is PIN locked or when "SIM is not available."
The ACLU of Michigan sent this letter [PDF] to the MSP which included the statements, "Law enforcement officers are known, on occasion, to encourage citizens to cooperate if they have nothing to hide. No less should be expected of law enforcement, and the Michigan State Police should be willing to assuage concerns that these powerful extraction devices are being used illegally by honoring our requests for cooperation and disclosure."
The smarter and more powerful our technology gets, the more intelligence agencies will want ways to exploit it. Such mobile forensic devices could be utilized by thieves who might get their hands on lost or stolen phones. A smart phone is like a little laptop packed full of personal details. If those details are being extracted just to see if the person is suspicious of anything, then that violates our Fourth Amendment rights. If UFED can basically scrape all the data in under a couple minutes, then it may be tempting to authorities with voyeuristic tendencies.
Some feds are predisposed to voyeurism. For example, the FBI gathered evidence of insider trading by intercepting more than 1,000 phone calls of former Galleon Group trader Craig Drimal. New York District Judge Sullivan "scolded" FBI investigators for "voyeuristic intrusion" while eavesdropping on private, intimate calls between Drimal and his wife, reported the Galveston County Daily News. The FBI should have stopped listening and hung up once it was clear that the phone calls were not related to their investigation. Despite the 10-page ruling which criticized the government for failing to stop listening during privileged, non-pertinent calls, the judge did not allow the wiretap evidence to be suppressed. "Given the wiretap's scope and the substantial manpower needed to sustain it, the Court concludes that, on the whole, the wiretap was professionally conducted and generally well-executed," Sullivan wrote.
PogoWasRight's Dissent makes an excellent point that also crossed my mind. The "judge may be troubled by it, but there really doesn't seem to be an adverse consequences to the prosecution."

Gunsfortoys

Levinson concludes, however, that the data is never transmitted to Apple, and is used exclusively by built-in iOS apps like Maps and Camer

That is if the good people of AH can be arsed to read the article.

Also

Lastly, if your device is jailbroken, you can install the free Untrackerd app to continuously clean the consolidated.db file. That should keep you busy while we wait for Apple to respond

Don't break out the tinfoil just yet, there are ways of stopping it.