We reported yesterday on the iPhone location tracking bug that has been buzzing around the internet for the last 48 hours. It’s been making headlines from tech sites to blogs of privacy advocate groups, like Epic (Electronic Privacy Information Center).

For those that haven’t heard: A hidden file in iOS versions 4.0 and above has been found that actually records the user’s location fairly frequently. I’m not talking about Facebook requesting your location, I mean it records your GPS coordinates with a time stamp to a secret file. Was this in the EULA (End-User License Agreement)?

Actually yes, yes it was. BGR quoted the part of Apple’s iPhone Terms of Service that talks about location-based services in iOS, in an article yesterday. Sure enough, it’s in there:

“Apple and its partners and licensees may transmit, collect, maintain, process and use your location data, including real-time geographic location of your iPhone, and location search queries…”

Although many folks are aware of the GPS tracking, they’re still left wondering why the hidden file exists. Why is Apple tracking our locations? Is it for an upcoming feature in iOS 5? Is it for world domination? According to John Gruber, of Daring Fireball, it’s probably just a mistake.

“The best at least somewhat-informedtheory I’ve heard is that consolidated.db (the secret file everyone is upset about) acts as a cache for location data, and that historical data should be getting culled, but isn’t, either due to a bug or, more likely, an oversight. I.e someone wrote the code to cache location data but never wrote code to cull non-recent entries from the cache, so that a database that’s meant to serve as a cache of your recent location data is instead a persistent log of your location history.”

Gruber then goes on to say that he suspects this problem will get fixed in the next iOS update. I’m wondering if Apple will make a public statement regarding the file. Surely they’ve got to do something to silence the critics. I’m also not too thrilled about the idea of another firmware update. We haven’t even gotten iOS 4.3.2 completely figured out yet.

What do you think?

  • sylvan

    @Sebastian ,
    i wake up today with a message on my iphone from att saying that: did u know tethering your smartphone to a computer requires a data plan ? plz call 1877-446-5250 forn details or what do u recommend that i do? please advice , thanks !

  • sylvan

    ok , thanks

  • Smitty

    The GPS data mining is being done intentionally and is being sent to Apple. It’s not just a glitch.
    The Wallstreet Journal has the story.
    Apple, Google Receive Phone Users’ Locations


  • sylvan

    i just called att piece of shit and they said that starting april 30th , they are going to crack down through their systems on who is tethering through a system that they got that can tell if you transfering data to another device , is that true that they can really track down shit like that , please someone advice me on that ?

  • Ras

    Fuck apple and illuminati.they are doing this shit. !!!!!! Wake up people

  • gabeapp

    just a suggestion to throw out here, it could be for the mobileme find my iPhone/iPod/iPad service? cause it needs to know where u r does it not? and dont reply negativly its just a “suggestion” for all those pissed off grumpy people!

    • Telejeesus

      Why is that file also need to be copied to all computers you sync your phone with, if it is only for MobileMe?

      • gabeapp

        true i just read a bit more on it with the new one just posted and i agree with on that why does it need to be saved and backedup? good point

      • The backup system in the iPhone actually backs up the entire user partition, and this file just happens to be located there. Other stuff in the user partition: Your contacts, email, messages… Basically, all the personal information, all the apps, etc. The backup is a complete backup, basically, and contains all your personal information. The encryption feature for backups isn’t in iTunes for no reason.

    • XepptizZ

      It might have a relation between eachother, but no where does that service need to know where you “have” been since you bought he phone. This does fall nicely into the fluke suggestion

  • JustSomeGuy

    It’s a bunch of conspiracy nuts worrying about nothing. These phones have been collecting this data for some time and the helicopters haven’t come yet. And they’re not going to.

    This is stupid. Everyone remain calm.

    • Smitty

      You can’t say it’s a conspiracy if it’s true. There are a many stories out with different facts. The WSJ story, if true, is pretty damning. We will be hearing more about this soon and will have a better clarification.
      For now just install ‘locationd blocker’
      or untrackerd from cydia to disable.

  • Glitch

    A glitch is a short-lived fault in a system. It is often used to describe a transient fault that corrects itself, and is therefore difficult to troubleshoot. The term is particularly common in the computing and electronics industries, and in circuit bending, as well as among players of video games, although it is applied to all types of systems including human organizations and nature.

    And we should believe everything Apple says, (right)

  • numbnuts

    proof yet again of another knee-jerk mass hysteria reporting. why do people fall for this shit, it wasn’t a hidden file it had been moved from another location in the firmware to avoid system conflicts. folk have known about it’s existence, from august last year planetbeing’s Signal app stands a chance of using the file to extract cell tower info so it could be plotted on a map. jeez !! 😐

  • r

    gruber is an apple shill and apologist. hes also a cowboys and yankees fan and isnt from either place, aka frontrunner personified and the lowest form of fan, if they even deserve the title of fan.

    anyway, is it really gps data or just the cell towers you hit?

    • It is only cell tower information.

      They moved this location database to the user partition in the iOS 4 update, because they added the Background Location functionality.

      See, the Background Location functionality allows an app to be notified of location changes in the background. A good example of this is Google’s Latitude app. If you turn on background updating, it can update your location automatically, without being the active application.

      The way this works is that the cell tower location information is saved in this database. Cell tower location info is something that is gotten anyway, since the cell system uses this sort of location info to adjust power levels on the phone. So by storing it, this is a really low power way to get a decent fix on location for the background location system. The last several cell-tower based location fixes can be averaged out to get a better idea of your actual location, within a certain margin of error, and that can be passed to the background location requesting apps without using a whole lot of battery. Google Latitude, for example, notices when you change cell tower zones and updates your location at that time, because it’s getting the information from this app.

      To do this, they do need a database to store past location. But it doesn’t need to be for months. The last couple hours is probably good enough. It’s most probable that no process was ever made to clean old data out. Generally no reason to, really. This data is small.

      Anyway, that is the whole story. This isn’t hidden information, really. These two guys who “broke” it to the world didn’t discover anything new. The data is stored on the phone as part of the Background Location feature introduced in iOS 4. If you disable the Location services, it stops storing the data. The data isn’t sent to anywhere over the network. And it’s backed up on the computer only as a side effect since the backup backs up everything.

      Regarding the WSJ’s story about Apple and Google getting location information over the network: That is true, but unrelated to this particular file. The Google Maps applications on both iPhones and Androids send back location information (which you probably knew) and information about local WiFi signals (which you probably didn’t). Google in particular is known to have used the GPS location along with the WiFi signal information to build a database that allows them to improve their location systems. In other words, using the local WiFi signals that your device can see, they can tell where you are more accurately than GPS in some cases (GPS doesn’t work very well indoors, for example). Google Maps on Android also transmits back location and speed information when you’re using it for navigation, which is used to allow them to tell other drivers about traffic conditions. You can see the traffic information on Google Maps for iPhones, but it doesn’t have the ability to send that speed info back on the iPhone.

      Again, this has all been known for a long time. The information is out there and well documented, it’s just not been sensationalized until now.

  • Stfudvs

    +1 Otto

    Well said

  • Hope its just a glith