
Apple is not “recording your moves” - mercurio
http://www.willclarke.net/?p=247
======
angusgr
The conclusion about a "general place at a general time" seems entirely true
when you're on a highway, moving quickly and hopping infrequently to large
distant cell towers. No wifi points anywhere close. Just like the chosen
example.

I bet its entirely different when you're in any kind of built-up area. Wifi
points every few hundred meters, small cell towers every kilometer or two. I
bet in those situations, someone could derive a pretty close record of "your
moves". Even if the individual points jump around, you're presumably hopping
cells and seeing new Wifi APs every few minutes - even when you're just
walking around your house or your office - and that data can be triangulated.

I think the OP is right inasmuch as Apple probably didn't set out to track
users as much as keep track of connected wifi & cell APs. That doesn't mean
the data won't be enough to track movements in urbanised areas.

~~~
mercurio
I'm not the author. But I believe the O'Reilly researchers claim that the co-
ordinates logged are of the device itself. It is not clear at all that this is
true and the author of this post presents some evidence that would suggest
otherwise.

~~~
angusgr
Sure, the article is a reasonable refutation to that part of the O'Reilly
claim, and that is an important fact to clarify.

The article goes further though, and claims it's "not 'recording your moves'"
and is just a "general place at a general time". I don't you can say that
point-blank. As stated, I think that it's going to be entirely location-
dependent as to whether the database can be treated as a "record of your
moves" or not.

~~~
2muchcoffeeman
The author says he was using his phone and the GPS often.

If they wanted to track your moves and you have turned on the GPS, why doesn't
it just, y'know, use the GPS data? Instead Apple tries to track your moves
using cell towers?

Seems like the only way this would be a record of your moves would be by
coincidence.

~~~
dedward
My understanding is hte iPhone doens't actually have a GPS receiver in it at
all. It only uses a fuzzily defined "assisted GPS" which is basically based
completely on 3g towers.

They don't use the GPS satellites at all.

~~~
angusgr
AGPS is GPS satellites assisted by cell towers, and is in the iPhone 3G
onwards. <http://en.wikipedia.org/wiki/Assisted_GPS>

The original iPhone had no GPS and always used cell tower triangulation. This
varied a lot - I remember in Manhattan, NY it could track me almost to the
street number; on the other hand I once turned it on in a moving car in rural
NSW, Australia and it drew a circle approximately 500km in diameter.

------
Pahalial
The piece is specifically positioned as a retort to a somewhat sensationalist
O'Reilly piece, and in that context it's perhaps decent. But this headline
alone on HN is at least as sensationalist - redefining "your phone is tracking
your movements between cell towers with a general accuracy of 2km or less" to
"your phone is not recording your moves" is just newspeak.

Argue that the accuracy makes the data less usable for nefarious purposes, or
argue the (much more pertinent to my mind) point that your carrier already has
high-accuracy historical info and this really just puts similar historical
info in your hands as well, point out that law enforcement can easily get the
carrier info without ever even touching your iDevice, but don't try to claim
that this is not recording location info attached to you.

~~~
thought_alarm
How about this headline: "Your iPhone is caching cell tower coordinates for
faster location lookups".

Is that sensationalist? Or, does it represent the most logical explanation of
this story from a technical and engineering background?

~~~
iang
It's a long time since I worked on mobile phones but in GSM the phone has to
keep an internal of the tower it's connected to and the nearest neighbours in
order to manage handover smoothly (ie. With dropping calls). I suspect 3G is
similar.

In GSM the phone also had to know the distances to each tower +/-500m in order
to adjust the timings for communication with the tower.

(It's 8 years since I did is stuff so memory might be off on the numbers a bit
:-)

------
pudquick
A better statement is: "Apple is not _intentionally_ recording your moves."

What they're instead doing is, when possible, retrieving cell network /
SkyHook (wifi) data about Lat./Long. for towers/APs that your device can see
and when it last saw them.

This is for the Location service that an iOS device offers, so that if you
choose to provide your location information to an app and it can't get a good
GPS lock - this cached information is used to provide a "best guess".

In addition, it's used to provide an accelerated guess as GPS gets a lock
(it's the "+" in GPS+).

The timestamp is to provide "last best location". I'm sure the rest (MACs,
tower IDs, etc.) can be used to triangulate a better fix based on what's
visible and what signal strength to each location is like.

The device caches this information locally because the Lat./Long. of a cell
tower / AP will not change - but the timestamp for the last time your phone
has "seen" it could be updated, without having to re-hit Apple's servers for
the details.

It's being done because: storage is cheap, the amount of data doesn't take
much space for thousands of points, it reduces server talk, and it speeds up
your GPS/location acquisition for apps that you wish to use it with.

Apple's only mistake is that they didn't encrypt this information. Outside of
that, the only other thing they could have done would be to store it purely in
RAM - but RAM is at more of a premium (in MB) than flash storage (in GB).

~~~
dedward
Does the iphone even have real GPS? I believe it uses the cell tower info
only.

~~~
skidooer
The iPhone 3G and later have real GPS.

They use an A-GPS chip. The "A" in A-GPS stands for assisted, which means it
can be assisted by the cell towers to help find the GPS satellites more
quickly. Because of the connection with the cell network, some confuse its
capabilities with plain triangulation. It will continue to function as a plain
GPS device in the absence of cell service, however.

Most of the points on my map correspond exactly with known locations of my
carrier's towers, so the explanation makes sense. However, there are dots in
locations where there are no towers. I don't think it is WiFi locations
because I do not see any of the places I commonly use WiFi.

~~~
pudquick
You don't need to connect to the network for it to be recorded.

The Skyhook-alike ( Apple rolled its own:
[http://blogs.wsj.com/digits/2010/07/30/skyhook-loses-a-
big-f...](http://blogs.wsj.com/digits/2010/07/30/skyhook-loses-a-big-fish-
apple/) ) tech works because your device is able to poll available wireless AP
MACs, even if you don't sign into them or know the password. 802.11 headers
have a MAC frame that's always broadcast in the clear.

------
jws
Interesting analysis that strongly suggests the coordinates are for cell
towers, not the iOS device.[1]

Personally, the fact that the file is in a cache directory path, and that some
people don't have much data, or any, suggests to me that some programmer
forgot to trim his cache or picked a ridiculously large size before he decides
to trim.

"locationd" wants to know the coordinates of the cell towers you communicate
with in order to triangulate your position without turning on the GPS, and it
doesn't want to eat the battery by querying servers all the time. That argues
for a cache of the towers you frequent. It's only one bug or poorly chosen
constant from there to the situation people are reporting.

[1] That still reports your travels in gross terms and is a problem in need of
a fix.

~~~
alain94040
You do realize that the towers themselves have had that information about you
forever, so AT&T (or now Verizon) can plot your every move.

~~~
jws
Does AT&T retain the data for a year? Do they give it to the ass hat that
stole my laptop?

~~~
allwein
The iPhone only maintains the last time a given cell tower was "seen". It does
not have your complete movement data for the entire year.

(Exception would be someone that has been traveling the entire year and has
never been back to the same place twice.)

------
baxter
I'm getting a 509, bandwidth limit exceeded. Here's the Google Cache:
[http://webcache.googleusercontent.com/search?q=cache%3Ahttp%...](http://webcache.googleusercontent.com/search?q=cache%3Ahttp%3A%2F%2Fwww.willclarke.net%2F%3Fp%3D247)

------
neworbit
The only way this could be more hair-splitty is to argue "Apple isn't tracking
you, it's tracking your device". Yes, there are valid reasons for this to
exist. Doesn't change my user perspective that this is an electronic trail I
do not want readily accessible.

~~~
msbarnett
Is it really "readily accessible"? It's on your phone, and in backups on your
computer if you've synced your phone.

So to access it, a person needs access to either your phone or computer. But
if they have access to your phone or computer, is a cache of cell towers
you've connected to really a significant concern compared to the other things
the accessor could get ahold of from either of these devices?

~~~
neworbit
I've had phones stolen enough that I'd say "yes, too accessible" - your
mileage may vary.

Timestamped travel information generally equates to "hey, this guy returns
home between 7 and 8:30 most nights, works in the office five days a week, and
here's where his home is". It's no great stretch to equate that to "he will
not be home during this time frame" and suddenly a lost phone turns into a
much larger burglary.

There's also plenty of larger privacy concerns, but even just the out-and-out-
crook scenarios should be concerning enough.

~~~
allwein
The iPhone is not storing travel history information. It's only storing a
"last seen" timestamp for each cell tower. And again, the most accurate they'd
be able to get was "this guy was within 500 meters of these dozens of cell
towers at 5PM, and with 500 meters of these dozens of other cell towers at
7PM." They'd in no way be able to get your physical address, unless you lived
alone in the countryside.

Please read my previous comment for more details:

<http://news.ycombinator.com/item?id=2467895>

~~~
bxr
>They'd in no way be able to get your physical address, unless you lived alone
in the countryside.

You seem to be using this claim to dismiss the importance of the data, but I
lived in a very secluded area, do I not matter?

~~~
allwein
But the data is not that important, relatively. The assumption is that some
"Bad Guy" has gotten a hold of your phone. Here's a list of other vectors that
this person could use to identify you, your residence, etc.

1) Your cell number is going to be readily available from the device itself.
Using this, he'll be able to look up your address information in the Address
Book.

2) Unless you notice the missing device right away and change your passwords,
this guy also has access to your email accounts. Ever order anything online?
Your address is most likely in your emails.

3) Ever use Google Maps? They can look at your recent searches. "3 different
searches originating at 123 Main St? Might be his home address"

4) Phone app. Recent calls/favorites. With a little social engineering, your
address is known. "Hi, I found this phone on the ground, can you tell me where
they live so I can drop it off?"

5) SMS. Ever text someone your address?

------
scottdw2
There is a bit of a logical fallacy here. He says "the data is not extremely
accurate", "metadata indicates apple intended to store locations of access
points", "therefore the phone is not traking your location".

That's simply false. It is tracking your location, regardless of how
accurately it's doing it, and irrespective of Apple's intentions.

That means someone reading the data can know roughly where you where when, the
direction you where traviling in, and how fast you going.

Does that mean Apple set out to track you? No! But it does mean that your
phone is tracking your position, all the time, everywhere you go, and is
storing that data in a way that is not protected from exploration by any third
party that happens to acquire access to it.

That's a serious bug, and is worth a little sensationalism.

------
angusgr
I actually think my honest opinion on this fiasco is "someone can derive a
user's movements from this database, but how big a deal is it really?"

I still think this should be fixed, Apple should explain it and release an
update that pares it down to the bare minimum data for whatever function it
serves.

However, let's honestly go through the implications of this:

\- The user's cell provider already knows this. [1]

\- If someone "owns" the user's phone then they can get their movement
history. But that's at a point where they can track the user's current
movements anyhow, so that's lose-lose there - the only difference is the
historical angle.

\- If someone steals the user's computer/phone they can get their previous
history up until then. That's bad, but I bet nearly everyone has more
sensitive private information available on their computer hard disk or their
iPhone's internals - stuff that would be more exploitable than historical
location data.

\- Someone could maybe sneak private API calls into a legit app that sent this
database somewhere else. No idea how feasible that is. However, if they can do
that then it's pretty close to the "ownage" scenario described above - they
can probably do anything anyhow.

If it comes out that Apple is sending this data back to Cupertino for some
nefarious purpose then that is very bad as well, but I bet that's not the
case.

[1] [http://www.zeit.de/digital/datenschutz/2011-03/data-
protecti...](http://www.zeit.de/digital/datenschutz/2011-03/data-protection-
malte-spitz)

~~~
justsee
The point I made in another thread on this:
<http://news.ycombinator.com/item?id=2468950>

Basically by having it stored locally, it lowers the barriers to accessing
data, so that it is no longer restricted to law enforcement people seeking
telco data.

That changes a lot of things.

For instance imagine you're a police informant or undercover cop: a
technically savvy mob would be silly not to hoover up the location data of
everyone in their org, which could lead to some interesting discussions.

~~~
angusgr
_For instance imagine you're a police informant or undercover cop: a
technically savvy mob would be silly not to hoover up the location data of
everyone in their org,_

Sure, but if they have root or physical access to the phone (which they need)
they can install a realtime tracking snooper to follow you around instead.

I agree this lowers the barrier, but fundamentally it seems to come down to -
if you don't want people knowing where you are, don't carry around a GPS-
enabled always-on computer in your pocket!

~~~
justsee
The point to be made here is that Apple's provided almost universal,
historical snooping capabilities without any individual actors having to get
James Bond on the situation. Every iOS device has the potential to reveal
someone made a trip to a police station, or spent a lot of time in a suburb
that doesn't match with a particular story.

The fact that people of sufficient technical capability and motivation can
always install traffic snoopers with greater resolution / utility doesn't
change any of the above?

I suppose this situation is a little like the Firesheep release. Things could
already be exploited, but by reducing the effort and skill required it
significantly changed the security / privacy situation.

Your final point is a bit of a false dilemma, because Apple can just fix the
issue to remove that particular security concern. Of course the device is
still tracked by networks, but as discussed the barrier to access that
information is probably high enough for many people.

~~~
allwein
>Every iOS device has the potential to reveal someone made a trip to a police
station, or spent a lot of time in a suburb that doesn't match with a
particular story.

Sure, it has the potential. But only if the idiot was dumb enough to check
into jail from Foursquare (or otherwise use a Location Service).

------
tienshiao
My guess is that this is just an implementation optimization. Probably
analogous to lookupd caching DNS lookups. The developers probably didn't think
anything of it.

Even lookupd caches could be represented in similar light: "Your Mac secretly
records the websites you visit in a hidden file." It's just that we're all
used to (and understand) DNS lookup caches, and locationd and location lookups
are relatively young.

------
wchest
It remains unclear what Apple's motives were in collecting this information
and regardless of how accurate the collected information is, I think the
larger concern is that the database is unencrypted (although it does require
root access) and is uploaded to a users computer upon backup.

------
nosignal
How can the iPhone determine the location of a cell tower (or WiFi access
point) just by receiving its signal?

While it seems obvious from that analysis that it is indeed logging the
locations of the towers rather than the phone, I am more interested in how it
derives the locations for those towers.

It could simply have a lookup table, but that would mean every iPhone has a
lookup table of every cell tower (GSM and CDMA) as well as WiFi point in the
world - with a globally unique identifier and location - as part of the OS.
Which seems pretty implausible.

If it's doing a remote lookup, then it must be polling some service to
determine the location of every CellID it seems. Something like OpenCellID
(<http://www.opencellid.org/>) or Navizon <http://www.navizon.com/>) is what I
mean. If so, it _would_ effectively be broadcasting your location in real-
time. This is equally implausible, as it just seems like the kind of thing
we'd have heard about by now through OS investigation, or even just "why is my
battery draining so quick".

It could conceivably triangulate the tower itself, but that's implausible as
a) the phone's GPS would have to be active (see battery issue above) and b) it
couldn't possibly be accurate unless you were effectively spiralling around
the emitter.

It can't be getting it from the signal itself, as "emitter location" sure
isn't part of the WiFi spec and I'd be amazed if it was in GSM or CDMA.

How else can the iPhone know (or estimate) the GPS coordinate of cell towers?

~~~
skidooer
I'm not entirely familiar with the protocols in use, but I assume the cell
towers publish their GPS coordinates.

When my carrier installed a new tower in my area, Google Maps would start with
my location hundreds of miles away until the GPS locked on. It eventually
corrected itself, but I assumed at the time that they had the wrong GPS
coordinates entered for that cell location.

There are dots on my map for places I have never been, so I don't think it is
coming from the on-board GPS receiver.

------
Shantz
I can't comment on the website itself somehow. But here is my comment.

While you may be correct (and I think you are, because Apple has previously
mentioned that they use such data to map tower locations) but I have a few
counter points to your article (may not refute your main conclusion): 1\. Even
Cell Triangulation can be way off depending on a lot of factors. I use it
regularly on my Android phone with Tasker for some profile purposes and it
gives me worse results most of the times than actually working with exact
tower ID that I am seeing. I've seen it being as off as upto 5 kms

2\. The location data is collected for other countries as well, not just for
the parent network within US. Out of the various articles from various people,
they have seen data from all places where they used cell services, including
abroad like Japan, India, etc. The data only seems to be missing when they
don't have a cell service.

3\. What irks me is that why they need to store this data on the device and
PC? Even if they were building their own cell tower database, it should be
done and done once apple gets the data. Why would they keep a whole history
about it on the phone and PC? Maybe it is an oversight? But I can't find any
reasonable explanation for this.

------
ldayley
An aside: it's independent thought and experimentation like this makes hackers
so important.

------
jamesbkel
I've been playing around with the source today (planning to take a closer look
at the file itself tomorrow). While there are definitely a fair amount of
anomalie, even without removing the intended obfuscation in iPhoneTracker it
still tells a good story. After adjusting the accuracy of the GPS grid and
changing the animation to daily, it was easy to track where I had been.

It would probably be hard to track to any specific address (that's what I am
looking into now) but by matching date with the coordinates it was trivial to
see where I went for: 4th of July, my friends bachelor party and wedding,
Halloween, Thanksgiving and New Year's Eve... among other events.

~~~
X-Istence
I looked at my data, and it didn't know that I had spent a whole lot of time
at the office last week, but it did know the cell towers along the way to my
friends house when I used Google Maps.

It is only updated when you use a location based service. Google Maps, Places
on Facebook, Twitter, Foursquare and the like. I don't use anything besides
Google Maps and only to get information on how to get to certain locations.
Honestly I am not to worried about it.

------
tmcw
I'm going to file this under "come on, are you kidding me, read the FAQ before
you write a blog post."

The FAQ: <http://petewarden.github.com/iPhoneTracker/#9>

The wonders of following links.

------
URSpider94
By the way, this same information is already tracked and stored by the mobile
networks themselves, and can be obtained by the government with a warrant (or
likely by organizations like the NSA or CIA without one, given recent
precedents).

See
[http://nce.fd.org/PDF%20Cellular%20Tower%20Location%20Inform...](http://nce.fd.org/PDF%20Cellular%20Tower%20Location%20Information.pdf)
:

"Cellular service providers generally retain information about phones’
contacts with towers, including which tower(s) each phone contacted during any
given check-in, and which “face” of the tower(s) the phone contacted."

~~~
mattmanser
_with a warrant_ being the three magic words which totally changes the
context. Oversight is important. There is no oversight to this data
collection.

------
credo
It looks like the original O'Reilly post was a bit imprecise.

On one hand, it says _"your iPhone, and your 3G iPad, is regularly recording
the position of your device into a hidden file."_

Later on, it mentions a _"a list of hundreds of thousands of wireless access
points that my iPhone has been in range of"_. This suggests that the list is
one of cell towers (and perhaps Wi-Fi routers ?), but not actual device
locations.

------
vegai
F-secure noticed tha the data gets sent out twice a day... Cannot provide the
link because I'm on my phone which is not an iPhone...

------
moxiemk1
Not many people seem to be noting this, but I think it bears noting that it
seems very much true that _Apple_ isn't tracking anything; your iPhone is.

There are legitimate potential worries about that, but "ZOMG Apple is Big
Brother" is the kind of rhetoric that keeps people confused and afraid about
security to the point that they _do_ screw themselves over.

------
redbluething
I agree. This is the cell tower data you get back from the significant change
API (the low battery use location mechanism).

<http://www.cannonade.net/blog.php?id=1482>

I am not really surprised Apple doesn't throw this data away. I think they
could have been a little more transparent about it though.

------
headShrinker
tl;dr... All it’s showing is cell tower location heatmap, which is anywhere
within a 2 to 3 mile radius. (Basically what city you are in.)

Cue false outrage... Endless CNN coverage.

Trolling rant: Meanwhile, US phone carriers, advertisers, and the government
have known your location within 9 feet, ever since the warrentless wiretapping
scandal. To the point that NSA, has a direct fiber split of all AT&T customer
internet traffic.
[http://webcache.googleusercontent.com/search?q=cache:Rm4GQZm...](http://webcache.googleusercontent.com/search?q=cache:Rm4GQZmj5aAJ:www.eff.org/nsa/hepting+eff+nsa+att&cd=4&hl=en&ct=clnk&gl=us&source=www.google.com)
America, choose your battles and get a grip on reality.

------
thekevan
"Apple is not storing the device’s location, it’s storing the location of the
towers that the device is communicating with."

Oh come on. That's like saying, "I'm not laughing AT you, I'm laughing NEAR
you."

------
patrickc
Secret Apple undercover propaganda blog!

~~~
mario_sandler
and he shameless deactivated the comment-function in his blog.

~~~
willclarke
What an asshole! But seriously, I don't know why it isn't allowing comments.
It used to. I promise I'm not an Apple propagandist though!

------
angusgr
Has anyone looked at the coordinates in the Wifilocation table?

For cell towers, iOS has access to coordinates from the tower's signal itself.
For Wifi, the best approximation would be the GPS location of the device.
Unless it associates Wifi APs with nearby cell towers, or "fuzzes" that
location.

~~~
evan_
iOS uses skyhook (or a workalike) to turn wifi MAC addresses into geospatial
locations.

------
ck2
mirror

[http://google.com/search?strip=1&q=cache:http%3A%2F%2Fww...](http://google.com/search?strip=1&q=cache:http%3A%2F%2Fwww.willclarke.net%2F%3Fp%3D247)

------
rounak
Site down, google cache not available!

~~~
willclarke
Sorry about that. I'm the author. Should be back up now. I'll try to keep it
going as long as I can!

