Today on Blogcritics
Home » No Immediate Threat Seen in Apple iPhone Location Tracking File

No Immediate Threat Seen in Apple iPhone Location Tracking File

The location tracking file in question was described in a presentation at the Where 2.0 Conference in San Francisco on Wednesday, April 20, 2011. The presentation was made by two researchers, Pete Warden, who worked for Apple for five years and left the company three years ago, and Alasdair Allan, a researcher at Exeter University in the UK. O’REILLY© Media posted a YouTube Video discussion by the researchers on the subject. The directory of files was discovered by accident while working on a mobile data visualization project. The file is present in iPhones with iOS 4 and up.

The tracking function records the phone’s movements, including cell phone towers, latitude, longitude and all the Wi-Fi hotspots it connects to. The file is in the SQL format and is called “consolidated.db”. It is static and thus never leaves your phone. The database file is unencrypted and will end up stored also in your computer based back-up and in any machine you have synchronized with, including your iPad. There is no present known use for the file. By jail breaking your iOS device, a hacker can access the file. One way to protect your phone back-up stored in your PC is to use the encrypted mode in the backup application.

At the request of Senators Eduard Markey and Joe Barton, on July 12, 2010, Apple had addressed a similar issue in a public response for information regarding Apple’s Privacy Policy and Location Based Services. In the letter, Apple said that they do send non user defined encrypted location based data to Google and Skyhook Wireless for location based mapping services. We believe that the mapping technology application needs the data to do its job and as long as no user specific identifiable data is being sent, everything is fine.

The possibility of Apple issuing a warning or an opt-in option for this specific file use is remote. To begin with, Apple does not use the file. Apple iPhone users can be assured that somewhere, either in the cellular provider contract or in the ‘Terms of Use” of such mapping services applications; they are authorizing Apple to transfer and handle the data. That is the only way that the technology will work. Other cellular phone providers also rely on similar techniques. There is no compromise of user data unless the phone lands in the hands of an experienced hacker. In the event of that happening, users can rely on one of the many applications that disable the phone, one more reason to consider such a service. Most cell phones providers offer you such an application for free, or you can purchase a third party option. The fact that the file is unencrypted remains an open issue, but instead of claiming that “Apple is recording users’ moves”, it might be better to say that “Users are recording their own moves, on their own phone.”

About Cesar

Cesar Ortiz is married and lives with his wife in the USA. His expertise has been in Information Security, Forensic IT and related areas. Mr. Ortiz has worked in the government, military and private scenarios for more than twenty five years.