

Android location service cache dumper. - packetlss
https://github.com/packetlss/android-locdump

======
watty
[http://netmite.com/android/mydroid/frameworks/base/location/...](http://netmite.com/android/mydroid/frameworks/base/location/java/com/android/internal/location/LocationCache.java)

It appears that unlike Apple, this isn't unlimited:

    
    
        // Cache sizes
        private static final int MAX_CELL_RECORDS = 50;
        private static final int MAX_WIFI_RECORDS = 200;
    

Edit: Seems like another very important difference is that the Android cache
only keeps track of your last timestamp at a given tower. Even if this cache
was unlimited it couldn't be used to plot someones position over time.

~~~
packetlss
The unlimited size of Apple's cache is probably just a mistake. It makes no
sense to store it on the device for tracking purposes. I assume they log this
info when the device requests the info from Skyhook (or whatever location
provider they have now) anyway.

~~~
kefs
I can confirm that the Android cache.cell and cache.wifi lists are very
limited. I just checked mine using your parse.py, and was only able to see
50/200 total records respectively. My cell data only went as far back as 13
days ago.

"The unlimited size of Apple's cache is probably just a mistake."

I think this is what concerns people most. This "mistake" has your
triangulated location based on cell towers tracked for years and years, across
multiple devices, when there really is no recognizable need to store/cache
this much location data for this long. It seems, judging by the above linked
source-code, that Android has it right on this one.

~~~
dailyrorschach
I ran the program and looked at my iPhone dump, and it is not that exact and I
live in NYC. It truly appears to just tag position of towers. Where it shows
the dots for me is not exact or even close positions most of the time, and
even locations that I've never been to but the nearest tower I must've
connected to.

Which is helpful for me since I've long suspected AT&T has a dearth of towers
in my section of the UES, maybe I can get a microcell out of this, haha.

------
cjoh
I don't understand the outrage on this-- your wireless carrier probably has an
identical file somewhere as well. At least you have a copy of it.

My suggestion: for the next YC application, invent a way for people to sell
this data back to marketeers. I'll sell my data for a lot less than what
Apple's or AT&T are charging.

~~~
cryptoz
> your wireless carrier

and _only_ your wireless carrier. Now anyone who you lend your phone to while
you take a bite to eat can read your location data. Or Apple. Perhaps if it's
not encrypted, and there's an iOS vulnerability, _anyone_ could read the data.
Not just your wireless carrier.

That's why this is a big deal. Why store this data? If it most be stored, why
has _no_ effort been put in to keeping it safe? Just because one company could
read it before doesn't mean that it's okay others can too. We naturally assume
(and rightly so) that our wireless carriers can and do track our every move.
But we "trust" them; we sure as hell don't trust anyone else.

Edit: And it's even creepier that this was secret. It's not like we're getting
mad at official Apple TOS or policy; they _didn't tell us_ they were tracking
our location and storing the data forever and ever. Fuck that, that's scary
and unpleasant.

~~~
cjoh
The FBI has my FBI file and only the FBI file. By this logic, I shouldn't FOIA
for my FBI file because someone could break into my house and steal it.

Also, I carry a lot more sensitive information on my phone than the cellphone
towers it talks to-- I suspect this is the same for most people. Anybody
that's installed, say "Mint" on their iphone, has used the "email"
application, or sent the occasional drunken SMS message probably has a lot
more to worry about than the location data stored on their phone.

I guarantee you I protect the data on my phone a lot more than Apple does.
Apple sells it. Here's an opportunity for me to sell it too.

------
darrikmazey
the problem i have with this is given the recent michigan ruling saying police
can dump, retain, and peruse data from a cell phone during a traffic stop,
this gives access to far more data than should be possible without a warrant,
without "physical possession of the phone" in the sense of actual seizure.

------
abofh
I don't think anyones concerned that it tracks you with cached data (47
entries in github example, date spread would imply ~ 1 month) -- the concern
w/r/t apple is that there seems to be no limit to the amount of logging
retained.

I won't get into paranoia mode, or conspiracy theories, _but_ I am fine with
either phone being aware of my location, and even my recent movements (subject
to disclosure) -- I am NOT fine with that log being undisclosed and perpetual

~~~
benbeltran
Except it's not tracking your location, it's tracking cell towers. I'm sure a
lot of cell phones do this, to a different degree of "log length". The issue I
have with a perpetual log of cell towers is not a privacy one, it's a space
one (how long will the log be in a couple of years).

But hey, I'm not stopping anyone from hopping into the most recent episode of
the iPhone hating bandwagon. It's what makes the internet go round (any hate
bandwagon for that matter)

~~~
skoob
> Except it's not tracking your location, it's tracking cell towers.

That's true in the sense that mercury thermometers do not measure temperature
-- they measure the height of a column of mercury.

------
fedd
during the cold war the secret police job was at least somehow interesting and
romantic

now it's all about a pair of sql queries or regexps.

------
drivebyacct2
"You will need root access to the device to read this directory."

It's not even in the same realm.

~~~
ceejayoz
Why? You need the user's iPhone or their computer in your physical possession
to read the iOS location cache.

~~~
drivebyacct2
Because I can grab your phone, plug it in and have all of your history. If you
grabbed my phone running 2.3.3 on the Nexus S... it would be impossible to get
to that data without going through the entire bootloader unlock process which
is obviously invasive.

Imagine scenarios where people are reading your location data. Authorities,
governments, espionage... all of them would be largely foiled due to the fact
that root access is required and gaining that root access would leave trails.

Do I really have to explain the difference between data easily accessed via
usb and data that is stored in protected areas of the rom on an Android
device? Spot on with your comment voting there HN. Thanks as usual.

~~~
ceejayoz
> Because I can grab your phone, plug it in and have all of your history

OK, but you've already _got my phone_!

Authorities and governments aren't foiled, they just got to AT&T and get the
data from its source (where, incidentally, I can't have tampered with it).

As for espionage, I rather suspect the CIA and its foreign counterparts can
figure out a way to root my phone quietly.

~~~
drivebyacct2
It's a cell phone. Much easier to misplace, lose, have fall out of your
pocket, etc than any other computing device.

Again, it's not in the same realm considering that it's protected inside the
ROM of the phone. Even if you HAD my Android phone, it's not game over.
Please, go buy a Droid X, upgrade to the latest OTA rom for which there is no
root exploit.

Then try to get into the (already very limited) timestamp/tower data on my
phone. You won't be able to. That's my point. On the other hand, with your
iPhone, like I said, "I've already got your phone" and it's game over for your
location data.

How about just girlfriends, bosses, etc? Anyone with a usb cable and another
mobile phone or laptop knows (roughly) exactly where you've been going for
months.

------
bediger
As the owner and user of an Android phone, great, just great.

Let's ask the so-far unasked question: Why? Both Google and Apple built in
location-caching. Seems mighty suggestive of something, maybe something like
the color printer Mysterious Yellow Ink dots
([http://www.instructables.com/id/Yellow-Dots-of-Mystery-Is-
Yo...](http://www.instructables.com/id/Yellow-Dots-of-Mystery-Is-Your-Printer-
Spying-on-/)).

~~~
watty
I'm assuming caching cell towers and wifi improves performance. An unlimted
cache is a bad thing, a limited cache is a good thing.

~~~
Calabane
I'd argue that is it neither, but is instead so that both Apple and Google can
eventually offer localized and personalized marketing dependent on the area
that your phone is reporting that you are in or have been in fairly
frequently. An example would be giving you a discount code for that restaurant
that you have passed by 4 times in the last 2 weeks at around dinner time.
This is part of my theory about why apple is building the enormous data center
in NC.

~~~
watty
I may be wrong but looking at the code and example data it seems that the
Android cache only keeps track of the latest time stamp at a given cell tower
so it wouldn't know the frequency of visits in an area. This is definitely a
possibility for the iOS cache but I can't imagine this would bode well for the
privacy-conscious folks.

~~~
Calabane
I agree, but at the end of the day anyone that is that concerned about their
privacy and even remotely tech savvy will be able to find a way to opt out. A
friend sent me the below article about a utility for jail broken phones that
can be used to get rid of the tracking data. In regards to the Google data,
does it appear to you that the latest timestamps are transmitted anywhere? The
way Google rolls I would speculate that they would use timestamps and location
with their amazing maps resources and cloud storage to independently store all
of the metrics.

[http://thenextweb.com/apple/2011/04/21/worried-about-
iphone-...](http://thenextweb.com/apple/2011/04/21/worried-about-iphone-
tracking-jailbreak-utility-untrackerd-will-fix-that-for-you/)

