Evil Apple track my every move by GPS

UPDATE 2011-04-27: Apple have released a press release about this.

Ok, a correction to the headline: They don’t track me, they track my iPhone’s GPS. Sorry, another correction, they don’t use the GPS, they use GSM. Oh, again, mea culpa, Apple don’t collect this data, it’s just cached on my phone. Bugger, so is Evil the only accurate part of my headline? No? Not even that?

Europe

Well-travelled Eurotrash. I'm Jason Bourne, me.

Here’s what we do know: Your iPhone stores GSM tower information to help with Assisted GPS. It logs this information to a database on the phone that’s backed up to your computer whenever you sync your phone. This information isn’t sent anywhere as far as anyone can tell, and when I say anyone, I’m talking about the forensic researchers that uncovered this database; both of the groups. This is then getting confused with the fact that anonymised GPS/SSID data is being sent back to Apple every 12 hours if you have Location Services turned on on your iPhone.

World

Look at me! I went to LA!

Let’s apply some clever guy’s razor to it and figure some stuff out. Which is more likely, Apple is acting illegally and collecting your location data and sneaking it back to Apple HQ and not encrypting it in the DB or that they don’t purge the cache? Even if this is less data than your cell phone company has on you (data that they turn over to law enforcement without a warrant, by the way) I still believe that Apple are not collecting this data on you, but I will miss it when they fix the caching.

What I see is people who really, really want to believe they are secretly being monitored by Apple. They so much want this one to be an evil conspiracy and Apple’s legendary stoic silence is just stoking their fires.

Jared Earle is a writer, photographer and systems administrator. You can find him on Twitter most of the time.

Posted in geek Tagged with: , ,
  • Pingback: aaron()

  • Pingback: Dave Bishop♗()

  • Pingback: Dan()

  • Pingback: Stephen Coltrane()

  • Pingback: Shaun Austin()

  • Pingback: Ruffles And Pearls()

  • Few things:

    1. The doc you link to, Apple explicitly says they do NOT collect SSID’s only AP MAC addresses, signal strength & speed. See bottom of pg 6.

    2. I’m confused by your argument. Are you saying the consolidated.db is or is NOT part of Apple’s documented method of mapping WiFi AP’s to location as a means to replace/augment the data they were receiving from Skyhook?

    3. Actually, based on your evidence, we know Apple is collecting your location information on the phone and sending it back to HQ. The real question is this information identifiable to an individual on the Apple servers (they only claim anonymously when sending the data to their partners) and why the database isn’t ever purged of old records. Note that no where does Apple say they keep this information forever on your phone, only that it’s sent every 12 hours or so.

    4. There are real privacy issues with this information being stored on the phone in this manner: http://abcnews.go.com/Technology/michigan-police-cellphone-data-extraction-devices-aclu-objects/story?id=13428178

    5. The reality about the “secretly monitored by Apple” bit boils down to two parts:
    1. 99% of iPhone users weren’t aware this was happening.
    2. Even after being told they didn’t understand until the data was visualized for them. That’s when they understood the privacy impacts of this.

    • I am expilcitly saying that the data used to make the maps above is not sent to Apple. The GPS/SSID data being sent to Apple is different data and it’s anonymised.

      The consolidated.db file is a … um consolidated database of lots of things, one of which is the GSM data. The GSM data is not used to link Wifi to GPS.

      The “secretly monitored by Apple” bit hinges on Apple reading this data, which they don’t, simply because the GSM data isn’t sent to them.

      Is that now clear?

      • “The GPS/SSID data being sent to Apple is different data and it’s anonymised.” I missed that from the doc you linked do. Page/paragraph or are you just guessing? All I read was that Apple sends anonymized data to it’s partners- not that Apple receives it that way.

        Page 6, paragraph 2 speaks of “secure database” and “Apple does not reveal personal identification”. Hence, it sounds like to me that Apple stores it (securely) and promises not to share it with others. Of course, Apple could choose to change their mind and Apple could get hacked. Wouldn’t be the first time a company claimed “we encrypt all your data” and “you can trust us” only to later admit they lied (Dropbox for example).

        There are plenty of other unique identifiers which link who I am in my iPhone (Apple ID for example)- the GSM data is only one of them.

        You keep saying what Apple does and doesn’t do, please tell me page & paragraph since that PDF isn’t searchable.

        • Here’s what Apple state they do in their T&C, and this is unrelated to the GSM data:

          “Apple and our partners and licensees may collect, use, and share precise location data, including the real-time geographic location of your Apple computer or device. This location data is collected anonymously in a form that does not personally identify you and is used by Apple and our partners and licensees to provide and improve location-based products and services. For example, we may share geographic location with application providers when you opt in to their location services.”

          Does that clarify it? The key sentence is “This location data is collected anonymously”.

          • Thanks for the quote. Should that be good enough? It should. Is it? Dunno… companies have a history of claiming one thing in their privacy policy and then admitting they lied about it when confronted with evidence later. Google with their sniffing packets while driving around, Dropbox’s statement that they can’t decrypt your files, etc to name a few and none of these companies appear to be any more/less trust worthy then Apple. I would be less concerned about the whole thing if my entire history wasn’t stored on my phone & backed up via iTunes. The doc also says, “latitude and longitude coordinates are not kept or otherwise associated with an individual.” and yet here we have proof that isn’t true.

            Simply put, Apple is a big enough organization that I don’t trust that their left hand knows what the right hand is doing 100% of the time.

            Either way, what I don’t like is that this data is stored on my phone. You claimed that its easier for the gov’t to call up AT&T/Verizon and get the data, but that doesn’t work when I’m roaming internationally and not to mention this potentially opens up this data to more people then just law enforcement.

            I’m not saying Apple has malicious intent, but it’s still very poorly thought out from a privacy standpoint.

  • (threading severed to stop it breaking the HTML)

    The doc also says, “latitude and longitude coordinates are not kept or otherwise associated with an individual.” and yet here we have proof that isn’t true.

    Seeing as nobody but you has that information, your claim makes no sense. Apple doesn’t have this data, therefore they cannot associate it with you. You realise when we say backed up it means to your computer, not to Apple or “the cloud”, right?

    • Sorry, but it’s an Apple designed iPhone running Apple’s iOS software which does this. Apple is collecting it it on my phone (thus making the lat/long clearly associated with me). Apple may or may not be receiving a copy of the data in this identifiable manner, but that’s no consolation to all the people who are having the data taken off their phone without a warrant, etc.

      Honestly, if Apple had only kept the last 12 hours of data (or whatever data since the last push to the mother ship) rather then a complete history, this wouldn’t be such a big deal. But the fact that it easily can contain months worth of data makes you wonder WTF they were thinking.

      Side note: 749 is a much better track bike then the 748- and I own a 748. On the street I can see how people might prefer the 748 since it’s less top heavy. If you ever get some lighter wheels then those Brembo boat anchors you’ll be amazed how much easier the 748 is to ride.

    • Oh, and I just realized that it would be trivial for Apple to get the “anonymized” lat/long data and then map that with amazing accuracy to individuals. All Apple would have to do is take their database of credit card billing addresses from iTunes and get the lat/long’s for those and then compare people’s geo data and see who spends a lot of time at those addresses- especially during the evening hours when people are sleeping.

      Sure it wouldn’t work if you have a PO Box as your billing address, but most people- at least here in the US use their home address for that.

      Oh, and now they also know the MAC address, speed & signal strength of your home WiFi AP if you have one. Or put another way, someone steals your iPhone from you and now they can use the database on your phone + a little war driving to figure out where you live.

      Now I’m not saying Apple is doing that, but I don’t see anything in the document which precludes them from doing it either.

  • paula loyd

    i do know for a fact that people can track your every move if you have your cell phone. i was going to sue my former employer but they’re lawyer found out every where i went, they tracked every move i made even a year and a half later. So anyone can find out your every move.