This is a guest blog entry from Karin Gerber.
In the wake of the current news about Apple’s iPhones, iPads, and Android phones being able to track and time stamp your locations, I could see this causing somewhat of a commotion. Not necessarily because they track you, but because it seems to be a “secret” and you can’t disable this without disrupting your smartphone features. And not only that, the log file is also unencrypted making it available for all to potentially see.
So why make the log file unencrypted and unknown to the user? Especially in this day and age with theft and Internet crimes, people want as much security as possible. I suppose many people wouldn’t be so upset about it if that log file was encrypted for security and not available for all to possibly view.
Cell-phone providers collect similar data almost inevitably as part of their operations, but it’s kept behind their firewall. It normally requires a court order to gain access to it, whereas this is available to anyone who can get their hands on your phone or computer.
By passively logging your location without your permission, Apple have made it possible for anyone from a jealous spouse to a private investigator to get a detailed picture of your movements. (via Pete Warden and Alasdair Allan)
Don’t get me wrong, I enjoy Foursquare and the Facebook Check In features, but those are features I choose to use. I didn’t choose Apple and Android to collect all of my whereabouts.
Apple devices running iOS 4 keep a log file on your device and computer called “consolidated.db”. A similar log file called “cache.cell” is used to store your coordinates and time stamped location data used for Android phones. The data is obtained by cellphone tower locations and not by specific GPS locations.
Here is a sample set of data from the cache.cell file that records cellular locations in the Android file system. You can see that it contains a set of entries that record a latitude and longitude as well as a time stamp. (via The Next Web)
240:5:15:983885 1186 75 57.704031 11.910801 04/11/11 20:03:14 +0200
240:5:15:983882 883 75 57.706322 11.911692 04/13/11 01:41:29 +0200
240:5:75:4915956 678 75 57.700175 11.976824 04/13/11 11:52:16 +0200
Although Apple does say in its Terms and Conditions that it may collect and transmit non-personal information in order to provide and improve location-based products and services.
We may collect information such as occupation, language, zip code, area code, unique device identifier, location, and the time zone where an Apple product is used so that we can better understand customer behavior and improve our products, services, and advertising. (via Engadget)
In a letter to Apple’s Steve Jobs from Senator Al Franken, the senator suggested that hackers might end up creating viruses to access this particular file from people’s iPhones, iPads, and computers. Senator Franken also suggests that this data could be used for anything from sending out spam to actually robbing your house when you’re not there. You have to keep in mind that any type of identifying information stored can be used against you by hackers.
The best way to protect yourself against unauthorized use of the “consolidated.db” file would be to encrypt your iPhone and iPad backups when you synchronize them with iTunes on your computer. You can do this by clicking on your device within iTunes and then check “Encrypt iPhone Backup” under the “Options” area. Unfortunately, if you just delete that data file, it would just end up recreating itself. The best way to protect yourself would be to turn off all GPS-enabled features on your iOS and Android smartphones. Unfortunately, that also disrupts a lot of the mobile applications that we find useful to us, like mapping programs, for example.
So, is this tracking info something to worry about? Well, that depends on how you look at it. I would think if someone got a hold of your computer and/or mobile device, you’d have more to worry about than the crooks looking at your tracking data. I think in this day and age with tracking options and advertising schemes, companies would want to know your whereabouts so they know better what to specifically advertise. I mean, we do live in a capitalistic country where making money is key. On the other hand, I don’t like companies grabbing my information without me knowing about it, even if the legal garb is posted in a company’s super-lengthy Terms and Conditions. I still find it sneaky. The key for us consumers is making sure our personal information is protected as much as possible.