iPhone Tracking Is All A Big Mistake, Says Researcher

By

southofengland

The iPhone tracking issue that’s causing a big privacy stink isn’t new and isn’t really tracking users, says an iOS forensics researcher.

It’s actually a data file that is used internally by the iPhone to do things like geo-tag photos, and it’s been in iOS for a long time (in a different form).

What’s new is a nifty extraction tool called iPhoneTracker that pulls the data off your hard drive and makes a striking map out of it. iPhoneTracker was released this week at O’Reilly’s Where 2.0 conference, causing a huge outcry about privacy and prompting U.S. Senator Al Franken to write to Steve Jobs.

In addition, the file has become more accessible than it used to be because it’s now used by third-party apps that require location data.

“It is not secret, malicious, or hidden,” writes Alex Levinson, an iOS forensics researcher.

iOS forensics expert Alex Levinson

Levinson is a senior engineer for Katana Forensics, which publishes Lantern, an iOS forensic application.

According to Levinson, the offending file, consolidated.db, is a database of radio logs that includes geolocational data.

The file used to be known as h-cells.plist, and was hidden away from users and applications inside the inaccessible Library folder (Levinson said he used to access this file forensically for police looking for location evidence).

But when Apple added multitasking to iOS 4 last year, this file was made accessible to third-party apps to operate in the background. It moved out of the hard-to-access Library folder and became part of iOS’s Multitasking and Background Location Services.

“Because of these new APIs and the sandbox design of 3rd party applications, Apple had to move access to this data,” Levinson writes.

He notes that on the iPhone or 3G iPad, users still have full control of their location data. They are able to turn location on and off for individual apps using the Settings menu on their device. “That does not stop the generation of these logs, however, it simply prevents applications from utilizing the APIs to access the data.”

Levinson, notes that Apple isn’t collecting the data. It sits on the user’s machine in a file that is still pretty inaccessible. He’s checked with networking sniffing tools — the data goes nowhere.

It is still unclear, however, why the iPhone stores so much data and never expires it. In many cases, users are able to access almost a year’s worth of data stretching all the way back to the date when iOS 4 was installed on their device.

Via Scobelizer and Parth Dhebar.