Yesterday, “two researchers for O’Reilly media published an article claiming discovery of a hidden tracking system on the iOS 4 operating system,” Alex Levinson blogs. “Using simple techniques, Alasdair Allan and Pete Warden extracted data off of an iOS version 4 device and wrote an open source software utility to effectively graph this data onto a map. As a fellow researcher, I champion their creativity and their development.”
Levinson writes, “As an expert in this field [Lead Engineer for Katana Forensics], I have three points of argument to raise.”
1) Apple is not collecting this data.
2) This hidden file is neither new nor secret, it’s just moved
3) This “discovery” was published months ago
Levinson writes, “I have no problem with what Mr. Warden and Mr. Allan have created or presented on, but I do take issue with them making erroneous claims and not citing previously published work. I’m all for creative development and research, as long as it’s honest.”
Much more in the full article – recommended – here.
[Attribution: Cult of Mac via @Scobleizer. Thanks to MacDailyNews Reader “Jax44” for the heads up.]
Related articles:
‘untrackerd’ jailbreak utility blocks iOS from storing recorded iPhone location data – April 21, 2011
Apple’s iPhone tracks everywhere you go; stores the info in secret file on the device – April 20, 2011
Apple needs to notify media about this.
Oh, the media knows. All the blather mouthed talking heads on all the channels are in self-important indignation about this as of this morning.
The day is young; hopefully something else will come along and distract them. Maybe a shiny mirror and some colorful feathers and yarn.
Mean while the stock is still up.
You mean I have a GPS- and web-enabled device in my pocket that keeps track of where I’ve been?!? Next you’re going to tell me that MotionX is mapping my every move…
Not only is MotionX mapping your every move but it is displaying the results on your iPhone’s screen where anyone can see it.
I hear the iPhone keeps a secret file with a list of all your contacts, too. When will this madness end?!?
Next up: retinal tracking.. Hello Minority Report!
Like I said yesterday it is a non-issue. All these becomes an issues simply because of you brainless trashy whining Americans. Your FCC, Senators, Congressmen are biggest idiots. Read here: http://www.latimes.com/business/la-fi-apple-tracking-20110421,0,4880695.story.
I’m not usually very ‘tinfoily’, but does anyone else think it’s weird that this repackaged news breaks the same day that Apple is set to announce what everyone expects to be monster earnings?
After reading the linked article, the timing is indeed more than a little suspicious…
It’s as regular as the tides.
By the way, the news article is wrong – the researchers didn’t get the file off the iPhone, it came from the backup on the host computer with iTunes. Getting it off the phone would have required defeating its security.
This is such a non-story….
Everybody who watches cop shows on TV knows this.
This looks like Maps app file, for map caching? Blame Google
lol. if this is a Maps app file.. it would be great.
Apple should release a statement, but from what i have seen/read about the “issue” i’m not worried. its not transferred anywhere as far as anyone can tell.
Looks like a history file like a web browser.
Doesn’t handheld GPS or built in car GPS, do the same thing?
I’m sure i could go through my old Garmin GPS files that back up on my computer when its sync’d and probably find the same/similar stuff.
Soon it will tell me where I should be going – predictive mapping.
Pre-earnings announcement FUD.
Some hedge fund manager wants to buy a new porsche.
… Problem with is if you turn out to be some kind of serial killer, and the law knows where to look, they could use this against you.. or could they?? doesnt matter..
also, lets say that that your having an affair, and your spouse restores a backup of your iphone to their phone, he/she can hire these 2 experts to hack into it and confirm or not, the true whereabouts of said sinner!
😉
really.. why the *ck would I care that there is some file like this? I would be more surprised if there wasn’t one?
So, it’s the knowledge of police abuse that’s new? But why would that be a surprise? 😉
Alex Levinson sounds like he’s trying to gain exposure himself by jumping in on the hype.
All three of his points, were mentioned on Pete Warden’s blog.
The data isn’t collected.
It’s not new.
And it was perviously reported and ignored (linking to the original report).
Bravos to Levinson for demystifying the topic and exposing the bogus claims by the two so-called researchers. As usual, Apple haters, bashers, and media whores are out in force wailing accusations.
Al franken, who couldn’t resist some cheap publicity, released a letter demanding an explanation from Jobs yesterday. Could someone please direct the comedian wannabe to Levinson’s website. What a bunch of douche bags.
2:12pm ET, and I just heard Erin Burnett, who hates Apple, of CNBC just say they are going to talk next about Apple tracking your “each..and..every..move!”. Yes, she said it like that. She hates Apple with a passion and whenever she gets to interview someone about Apple she has to ask if Apple is a “bubble stock”.
You’re all on “apple crack”. Keep kidding yourselves.
Thank you, Rodney, for your highly insightful comment. It really extends my knowledge and understanding with a rant like that.
Not.
Truth be told, this hysteria is completely overblown. Would Apple be so stupid as to put a file like this on a phone in an unencrypted form in an easily found location were it not to have a legitimate purpose, such as the Find My iPhone function?
Instead, some idiot know-it-alls think they discovered something new, which they did not, and then made an immediate assumption that the only reason for the file’s existence is the spy on you. This is the equivalent of assuming that all space aliens are evil and want to eat your family for lunch. The truth, I think we will find, is far more innocuous.
But that never stopped political whores like Chuck Schumer or Al Franken from getting TV news time. It’s been said the the most dangerous place on Earth is the distance between Chuck Schumer and the lens of a news TV camera, and I’m afraid I have to add Senator Franken to this description as well.
Ready. Fire. Aim.
I’ll add you to the description above, Rodney.
BS.
Attacking the people who bring an issue to fuller light doesn’t reduce the problem scope.
I have some problems with Alex Levinson’s position.
1) He claims Apple is not collecting the data but has no proof. Instead he uses the weak tactic of twisting the argument around, saying “unless they can show concrete evidence supporting this claim – network traffic analysis of connections to Apple servers – I rebut this claim in full”. I, for one, would be happy to see Apple come clean about whether this or any other personal data was collected (intentionally or inadvertently, directly to Apple or through service providers).
2) Levinson’s explanation that the file is not “new or secret” doesn’t carry weight. Just because the user can block applications from using location data, doesn’t mean it’s acceptable for the device itself to log your every movement without explicitly telling the user _in the documentation that came with the device_ what it’s doing. It’s called breach of trust.
3) Levinson’s experience in datamining iOS and his presentations/publications thereof have not hit mainstream media. Few people read IEEE publications. While Warden and Allen should indeed have uncovered Levinson’s work, it is hardly surprising that the link was not made. Science is filled with stories of parallel independent research.
This doesn’t in any way help explain why Apple creates a device that logs your geographic data EVEN WHEN THE USER HAS DONE EVERYTHING POSSIBLE TO TURN THOSE FEATURES OFF.
Stop making excuses for an Apple mistake. Own up to it, correct the problem with better user preferences&controls, and better user documentation, and move on. If Apple really doesn’t use this log file, then there’s absolutely no need of us to have it on our devices, is there?
If you read the full article he does offer proof. He says in his article that iPads that he forensically monitored showed no indication of sending the data over the network. Those other clowns also got the data from an ITunes backup file not an actual IOS device. The IOS devices also use this data and transmit only to programs like locate my IPhone to locate a lost or stolen device. Granted it can also be used by parents to track their childrens whereabouts, so what your problem again???
Saying you haven’t seen it is not proof of anything. If it was, atheists would have a field day.
@Bobchr – I did read the article. And while you might be comfortable with a statement like “Through my research in this field and all traffic analysis I have performed, not once have I seen this data traverse a network.”, that is inadequate for me. You assume Levinson has been able to thoroughly check every bit of data sent from the phone to the service provider? I think not. Not seeing something is NOT the same thing as scientifically verifying it. I doubt any 3rd party researcher has the time to do this even if they did have the capability. It’s not as simple as looking at log files on the handset.
But to humor you, let’s say Apple doesn’t use the data. Does the service provider? And how does the service provider protect this information if they do use it? How would you, as a user, know when such data is be recorded?
These questions are legitimate and should be answered by the companies that are offering this “service” to customers without disclosing the presence of such logging to the customer.
All the good things that location tracking might be good for does not excuse Apple & service providers from not allowing the customer complete disclosure and control over tracking.
It’s not my problem, it’s Apple’s problem, and i would expect them to step up and come clean. Anything less would be scummy behaviour reminiscent of MS or Google.
If this story is “nothing new” (which is also an MDN take on another thread), then why is MDN devoting so many pages to it?
There’s a lot more incriminating stuff on my iPhone than just location data. My backup has been encrypted since day 1 tho’
Now wait a minute. Levinson quotes California law “No person or entity in this state shall use an electronic tracking device to determine the location or movement of a person” but the controversial data collection is ALREADY doing this. The data doesn’t need to be sent back to Apple in order to be in breach of this sentence in the law. To be helpful, the law should be amended to read “No person or entity in this state shall use an electronic tracking device to determine the location or movement of ANOTHER person”.
Levinson also asserts that the data is not being sent back to Apple and he says this confidently because he has not SEEN this data traverse a network. Pretty hubristic, wouldn’t you say? Oh, there are no comets heading towards earth and I can say this confidently because I have not seen any. Such ego. Such arrogance.
In this article
http://www.guardian.co.uk/technology/2011/apr/20/iphone-tracking-prompts-privacy-fears
the writer points out that, in a recent amendment to the iTunes terms of use, you give Apple permission to collect and receive the data and use it how they want. Maybe Levinson hasn’t seen it sent yet but, if it’s not going to be called for in future when Apple’s data center is operational, why store it permanently on the phone? Why not expire it after a day? Or why collect it in the first place?
To me, the nub is that Apple should’ve (a) told users; and (b) provided a way to turn it off. Anything less makes Apple look like the bad guy that opponents accuse it of being.
What’s more, Levinson plays games with the language. He flatly states “Apple is not collecting this data.” Well, yes it is. It is collecting the data and storing it on someone’s phone. If it’s not Apple doing it, who is doing it? Not the user of the phone who, until today, knew nothing about it.