Last Thursday I took the 4:00 PM Megabus from Boston to New York. I knew where I was going as did a few of my friends. AT&T has a record of the cell towers I accessed along the way, but they're not allowed to disclose that information without a court order. However, thanks to a tracking file stored on my iPhone and a recently released piece of software, anyone with access to my phone or my computer can find out exactly where I've been.
Tracking software was able to follow me from Boston to New York. The software can zoom in for far more detail
The presence of this tracking file was discovered by researchers Alasdair Allan and Pete Warden who disclosed their findings on the O'Reilly Radar blog and presented them at the Where 2.0 Conference in San Francisco (scroll down for a video of their presentation)
The pair had been working on data visualization projects including creating a map of radiation levels in Japan and were looking into ways to visualize mobile data when they discovered the file. Allan said that he was looking for data on contact information and "I started poking around backups on the Mac and I stumbled across a directory named location d." He looked around and found a file called "consolidated.db" which was full of latitudes and longitudes and time stamps and cell IDs. "The file," added Warden "was a plain SQI file" that was not encrypted."
Allan said that the phone contained "a year's worth of data for every cell that we've been through since we upgraded to IOS 4." And the data persists even if you change phones assuming you follow Apple's recommendation to backup and restore your phone to a computer via iTunes.
Free OS X software lets iPhone users create their own maps
To enable iPhone users to visualize their location data, the researchers created a Mac OS X application called iPhone Tracker that quickly displays your location based on the data from your iPhone backup. Before you download and run the application, you should backup your iPhone via iTunes.
As you can see from my map, there are gaps in the data and there are also data points that are not accurate, but there is enough accurate information to get a good picture of where I've been with my phone. Clicking on the map provides additional detail.
It is not clear why Apple is storing this data on the phone. The two researchers don't know but "one guess might be that they have new features in mind that require a history of your location, but that's pure speculation." As long as we're speculating, perhaps Apple is doing this for quality control or perhaps it was put there by a rogue engineer. Whatever the reason, the only way we're going to find out is if Apple discloses it. So far, Apple has said nothing about the controversy.
Senator has questions
In a podcast Interview for CBS News and CNET, Electronic Privacy Information Clearinghouse President Marc Rotenberg questioned whether "Apple might have crossed the line and violated Federal communications law."
I'm also anxious to find out and urge Apple to hold a press conference to fully disclose the details behind this mysterious tracking file.
Update: Nate Anderson at Ars Technica pointed out that Apple answered questions about location data collection in a July, 2010 letter (PDF) to Rep. Edward Markey (D-MA) but I didn't see anything in that letter about an unencrypted file that could provide user information to anyone who found (or stole) an iPhone user's phone or computer. It did say that "Apple maintains a secure database containing information regarding known locations of cell towers and Wi-Fi access points. The information is stored in a database accessible only by Apple and does not reveal personal information about any customer." That may be true with data uploaded to Apple but obviously, the data on the phone and the user's computer is not secure.
In the following video, Allan and Warden explain their findings and demonstrate their software.