Google Can Track Your iPhone, iPad Or MacBook To Your Physical Address [LocationGate]



Remember back in April, when Steve Jobs replied to the overblown iPhone LocationGate mini-scandal by saying that it was Google who was tracking users, not Apple? As he often is, looks like Steve is right.

CNet is reporting today that Google Maps can be used to see the approximate location of iPhones, iPads and MacBooks (along with any other connected device) which are connected to a WiFi network.

CNet says that unique hardware IDs, or MAC addresses, are periodically sent back to Google when you are using Google Maps. This is all done as part of a mission to create a more intelligent mapping service which could theoretically serve up even greater coverage with finer granularity to end users.

None of this is really a problem… except that now, Google and Skyhook Wireless are making their location databases publicly accessible. That means that if someone knows your device’s MAC address, they can use Google Maps to track every location you’ve ever been with a margin of error between 100 and 200 feet.

According to Cnet, the problem’s pretty wide scale: they found that they can correspond approximately 10% of all laptops and mobile phones to physical addresses. All it takes is knowing your device’s unique hardware ID.

Apple’s so-called iPhone LocationGate was a bug that just left a record of where you’d been with your iPhone on your own computer, if your device backups weren’t encrypted. This seems to be a lot more serious, though: it seems as if Google is actually storing the physical addresses of millions of iPhones and MacBooks across the country.

What do you think? Security threat, or overblown? Let us know in the comments.

  • jimlat

    It’s this kind of thing that made me never even consider an Android phone…what else is Google able to tie together with it’s massive search databases….

  • jimlat

    It’s this kind of thing that made me never even consider an Android phone…what else is Google able to tie together with it’s massive search databases….

  • God

    The link you provided to the original article from Cnet is 404’d.

  • Ted Morgan

    MACs from client devices are not stored in our system unless you broadcast it as an access point and we have never made our database publicly available.  Not sure why CNET decided to twist things around like that.  We map access points, if you turn your laptop or phone into an access point, then you are an access point and there is no way for any other system to tell the difference.  We are glad to answer any questions on how our system works.  

    Ted Morgan
    CEO, Skyhook

  • Guest

    Well at least Google bluntly says what they are doing and are honest about it, unlike someone /else/ (not mentioning any names)  ;)

  • prof_peabody

    If the data is being used for the purposes they say it’s being used for then it needs a unique identifier but it should be an anonymised one.  Google is just being typically ‘lazy” here in that they don’t think it’s a big deal so they aren’t bothering to take the extra step to preserve users privacy.  

    A further problem though is that even if they anonymised the MAC, if you already know a users home address (not hard to find), you can still track total strangers around with it.  

  • Felfac

    ITS PUBLIC?!!?GOOGLES MAD in fairness though it would be a task and half to find out someones UDID or MAC address if you weren’t there friend

  • itm9

    Is Google crazy?! Do they not realize that this world isn’t perfect and is filed with deleterious people who CAN and WILL stalk someone?! I, personally, hope someone puts an end to this ‘LocationGate,’ or at least before something even more careless happens.

  • TheBasicMind

    your kidding. No it’s not. Finding out the Mac address is as easy as waiting for their device to handshake with your Wi-Fi. Anyone with a small amount of technical nous can sniff the MAC address of everyone they come in contact with who has Wi-Fi switched on and searching for available hotspots.

  • Guest

    Why do you map access points in the first place? With “LocationGate” becoming more of an issue publicly, wouldn’t you want to proactively find a way to differentiate access points from a mobile device like an iPhone that can show my actual location to that of a business/personal router? Perhaps I’m not gathering this correctly but if you claim you have never made your database publicly available then how can we use Google Maps to view this information in the first place? Are you claiming that it is only Google allowing this and if so, how did your company even come up in the article?

    Sorry for all the questions but I’m curious about how this all works and would like further elaboration..


  • Moridin

    Why can you query it then via this page:… ?

  • Guest

    Looks to be powered by Google Skyhook… I just located my MAC at this website.

    not publicly available my ass………….

  • Laz

    Typical CEO response; denial.

    Next is Acceptance, then come the apologies.

  • Hitchkock

    this is not suprising it’s common practice for most ad firms to track your on-line behaviour this is only the next evolution. Now what mac does Shakira have … *joke*

    Prev anonymous coward

  • C45

    Just because someone says the day before they are going to go around punching unaware people in the face doesn’t make it good, reasonable, or acceptable behavior.

  • Wirehedd

    According to the page you linked to my MAC address is located in Cologne, Germany. Which is a little off the mark as I’m in Canada. :)

    Tried it a second time though and voila! There’s my house right there on the screen. Not sure I like this.

    One note is that the address was available only through the Google location but NOT from Skyhook so maybe Mr. Morgan is telling the truth there and this IS a Google thing only.

  • Jose Rodriguez

    Google only shares personal information with other companies or individuals outside of Google in the following limited circumstances:

    We have your consent. We require opt-in consent for the sharing of any sensitive personal information.
    We provide such information to our subsidiaries, affiliated companies or other trusted businesses or persons for the purpose of processing personal information on our behalf. We require that these parties agree to process such information based on our instructions and in compliance with this Privacy Policy and any other appropriate confidentiality and security measures.
    We have a good faith belief that access, use, preservation or disclosure of such information is reasonably necessary to (a) satisfy any applicable law, regulation, legal process or enforceable governmental request, (b) enforce applicable Terms of Service, including investigation of potential violations thereof, (c) detect, prevent, or otherwise address fraud, security or technical issues, or (d) protect against harm to the rights, property or safety of Google, its users or the public as required or permitted by law.
    If Google becomes involved in a merger, acquisition, or any form of sale of some or all of its assets, we will ensure the confidentiality of any personal information involved in such transactions and provide notice before personal information is transferred and becomes subject to a different privacy policy.
    vs Apple’s policy on 3rd party disclosure

    Disclosure to Third PartiesAt times Apple may make certain personal information available to strategic partners that work with Apple to provide products and services, or that help Apple market to customers. For example, when you purchase and activate your iPhone, you authorize Apple and its carrier to exchange the information you provide during the activation process to carry out service. If you are approved for service, your account will be governed by Apple and its carrier’s respective privacy policies. Personal information will only be shared by Apple to provide or improve our products, services and advertising; it will not be shared with third parties for their marketing purposes.Service ProvidersApple shares personal information with companies who provide services such as information processing, extending credit, fulfilling customer orders, delivering products to you, managing and enhancing customer data, providing customer service, assessing your interest in our products and services, and conducting customer research or satisfaction surveys. These companies are obligated to protect your information and may be located wherever Apple operates.OthersIt may be necessary ? by law, legal process, litigation, and/or requests from public and governmental authorities within or outside your country of residence ? for Apple to disclose your personal information. We may also disclose information about you if we determine that for purposes of national security, law enforcement, or other issues of public importance, disclosure is necessary or appropriate.We may also disclose information about you if we determine that disclosure is reasonably necessary to enforce our terms and conditions or protect our operations or users. Additionally, in the event of a reorganization, merger, or sale we may transfer any and all personal information we collect to the relevant third party.

  • djrobsd

    Doesn’t work for my devices, I tried them all and they all show up in Cologne, Germany which appears to be the default location. ;)  Thank god… 

  • Wirehedd

    The MAC from my router is not broadcast at all and I keep it that way for my own security. The information did bring up a Google map which pointed directly AT my house. This information is obviously NOT available by being broadcast as mine isn’t so there is more to this than is being relayed. I will concede that the info only came up with a Google based search but did not show when your own service was used but never the less, it was there and should not be.

  • Moridin

    My router is spot on unfortunately.

  • Moridin

    My router is where I live on the map. I haven’t tested my iPhone yet.

  • Nicholas

    Except that this tool is useless in those circumstances. You’ll have the MAC address of someone, and you’ll know a tiny bit about where they are.. In your vicinity. Which you knew anyway, by virtue of being close enough to get their MAC address. 
    The only MAC addresses that will be broadcast often near homes would be the wifi routers inside a home.. But you already know where that home is, if you’re close enough to get its BSSID. This whole situation is completely and utterly overblow.

  • snogglenews

    Too much power in the hands of too few people. This is very, very awkward. And we need to change it.

  • CharliK

    Yes okay. but you still didn’t ask me if it was okay to store my info. Which is the real point. So what if you aren’t making your info publicly available, you have it and didn’t ask me if that was okay

  • TheBasicMind

    Except that’s nonsense Nicholas you clearly don’t understand the difference between private secure information and public insecure information. The MAC address is by definition public and insecure. You are foolish to even attempt to suggest that provides anything like protection. When people visit your house, your cafe or wherever, they switch on their machine, voila, you see a new mac address. They leave, voila, the mac address goes away. You can even get a low powered Wi-Fi solution which enables you to confirm it by walking up close to someone. I’ve frequently used the approach of looking at which Mac address appears for adding friends devices to my Wi-Fi network with more than sufficient certainty I am adding the right Mac address and I’ve been right every time (if I were wrong I would simply remove that Mac address from the “allowed” list – but the point is so far, every time I have been right)

  • mukul

    Get Iphone for FREE! No Registration, No Contest, No Bidding Just a Unique Unleashed Trick ;) Visit

  • sami5001

    Pin points my EXACT location to less than 10m! I just freaked out now checking the website!!

    Good bye, Google.

  • Just a regular guy

    Let me spell it our for you Nicholas, you sit down beside some guy at a Starbucks and get his address from is i-phone, now you can track him. You track him home, now you know where he lives. 3 days later you check him out and he’s 40 miles away from home, so you go rob his house. And thats just the tip of the iceberg.  Overblown???   I don’t think so.

  • baby_Twitty

    seems like skyhook has been doing this for years. How else do you guys expect aGPS to work when they try to locate you via nearest WIFI access points?
    read this

  • baby_Twitty

    seems like skyhook has been doing this for years. How else do you guys expect aGPS to work when they try to locate you via nearest WIFI access points?
    read this

  • baby_Twitty

    ok i don’t know if these MAC adress database is a good thing or not but… seems like skyhook has been doing this for years. How else do you guys expect aGPS to work when they try to locate you via nearest WIFI access points?
    read this

  • Jie Xiang

    I like this. I am really looking forward to it. Then I can find my lost macbook pro by the MAC address.

  • Startelelogic

    Google can do anything with your phone and other devices,
    As we are software development company and we had worked for various software project to our client that all are location and GPS based apps for Android,iPhone.
    So we care from Google and other companies as they are keep working on it.

    we, the StarTele Logic create victorious and expert solutions in the realms of mobile application. Our highly experienced and results driven team comes from a diverse background and works to help your company grow by stimulating the development phase and maintaining IT mobility.