So after doing a quick analysis of the data on my iPhone, I've come to the conclusion that this isn't a huge issue at all.
First, I'll start with the WiFi data (WifiLocation table):
Among the information captured is MAC, Timestamp, and Lat/Long. I have a total of 118,640 records in my table. I did a "SELECT DISTINCT MAC FROM WifiLocation", and got... 118,640 records. This tells me that it's not "tracking my every move" via Wifi location since there's a single entry for each MAC. The question might be, is it updating the Timestamp when I'm near a specific Wifi Network? My guess is no. I did the backup and analysis this morning, April 20th. Yet the last entries in my database are from April 16th. This tells me that it's not an always on tracker and that it's not updating timestamps.
Next, I looked at the CallLocation table:
The same thing held true with this table. The last entry on my phone was from April 16th. Also, I have 6300 entries in my CellLocation table. I decided to start restricting the precision of the Lat/Long to see if there were duplicates that would indicate "tracking". At 5 decimal points, there were no duplicates. At 4 decimals, there were a handful that had 2 dups. At 3 decimals, there were more dups, with the most being 6. At this point I still had 5672 uniques. At 2 decimals, the most had 89 and I had 2468 uniques. At 1 it really went down, obviously, and I was down to 253 uniques. The other thing I noticed was that there was no regular timing of entries, and that when there were entries, a large number of them had the same timestamp.
So based on my analysis, this isn't a feature that enables detailed tracking of a user. It will allow you to see if a user has been in a certain location the first time, but that's the extent of it. For instance, I could see that I made a trip to Washington DC in late October of last year. But you can't really tell my movements around my home town with any amount of precision. My assumption, like others, is that Apple is using this to enable easier use of Location based services. I assume (which I'm going to test), that whenever a user enables a Location Based app (Google Maps, FourSquare), iOS updates this database with all local cell towers/wifi locations and the Latitude/Longitude. The more comprehensive the local database is, the quicker/easier it is for Location Based Services to help pinpoint a users location. Instead of waiting for GPS to spin up and get a satellite lock, it will be able to get a more accurate lock off of cell tower/wifi triangulation.
The problem is this data is being recorded without the user's knowledge or permission. (Unless it's a tiny line in the EULA I'm unaware of.)
If the data is being used to help the performance of Location Based Services, there is no need to keep years worth of data, that persists, and is backed-up every time you sync. Apple could simply keep a log of the last 4 or 5 data points.
Further, the data may not be super accurate, but that's only because the technology isn't good enough. If it were (and it will be eventually) that table would have pinpoint precise data. The precedent is being set right now. Is this ok? Personally I think this sort of behavior is unethical. Location tracking logs should be opt-in. It certainly shouldn't be hidden or a secret.
I think the fact that they're logging my location without my knowledge or permission for their personal interests (whether their exploiting it now or not), is unethical. The lack of encryption is just an implementation oversight on their part.
Location tracking on iOS devices without GPS (for example an iPod touch) sometimes works without any internet connection (it nearly always works with an internet connection – WLAN access points are used to determine the approximate location), especially in urban environments (with a lot of WLAN access points). I always figured that iOS devices download location info on all the surrounding WLAN access points (maybe even those not in range – it seemed like that in my tests) as soon as you use location services and are connected to the internet.
This database could have something to do with that.
Yes, when you use the location services in, say, a new city then your device will download and cache the WiFi location data for a large radius around that initial lookup the next time it has an internet connection. It's pretty cool, actually.
That database isn't infinitely large, as unused location information will be removed as new location data comes in.
The iPhone (3G, 3GS, and 4) and the 3G iPads have fully functional GPS hardware, and also use A-GPS to acquire a position fix.
If you've ever used a normal standalone GPS in one city and gotten on a plane and flown across the country and tried to use the GPS again, you'll know that it can take 5+ minutes to reacquire a fix that first time off the plane.
Some AGPS devices cannot determine their own position from a satellite signal, whereas others can as long as they have received an almanac from a server in the recent past. It depends what you mean by "actual GPS". Some implementations are completely incapable of acting in a standalone capacity.
I don't see how this contradicts what I said, which is that some AGPS implementations require assistance in order to accurately determine your location. Not every AGPS device can map radio signals to a lat-long; some can only do that with assistance.
It also lists some ways that various implementations require assistance:
Assistance falls into two categories:
Information used to more quickly acquire satellites
It can supply orbital data or almanac for the GPS satellites to the GPS receiver, enabling the GPS receiver to lock to the satellites more rapidly in some cases.
The network can provide precise time.
The device captures a snapshot of the GPS signal, with approximate time, for the server to later process into a position.
Accurate, surveyed coordinates for the cell site towers allow better knowledge of local ionospheric conditions and other conditions affecting the GPS signal than the GPS receiver alone, enabling more precise calculation of position. (See also Wide Area Augmentation System and CellHunter and openBmap.)
Calculation of position by the server using information from the GPS receiver
The assistance server has a good satellite signal, and plentiful computation power, so it can compare fragmentary signals relayed to it
That’s not what the article says. It says that AGPS devices are just like GPS devices. The only difference is that they use additional information to improve startup times.
Assistance is described as something that’s entirely optional. Why do you think that’s not the case? I googled around for a bit and it seems as though every source I can find tells me that AGPS is just like GPS if you have no data connection.
I'm sorry but I don't know how to make it more clear than I already said before: some AGPS implementations are not capable of operating in standalone mode. The Wikipedia A-GPS article states:
A typical A-GPS-enabled receiver will use a data connection (Internet or other) to contact the assistance server for aGPS information. If it also has functioning autonomous GPS, it may use standalone GPS, which is sometimes slower on time to first fix, but does not depend on the network, and therefore can work beyond network range, and without incurring data usage fees. Some aGPS devices do not have the option of falling back to standalone or autonomous GPS.
I've added emphasis. The last point is all I was saying.
So first, someone asked whether the iPhone triangulates position from cell towers or uses GPS. I responded that it does AGPS, and that in some ways AGPS is inferior to standalone AGPS.
You objected to this, saying that AGPS is "actual GPS" which, in fact, it is not. If by "actual GPS" you mean standalone GPS, then you are wrong. I correctly pointed out to you that AGPS is not a standard definition, but a name for one of a wide range of techniques which involve assistance from a third party in determining position. You, in fact, were incorrect.
Failing to comprehend the article from Wikipedia which, in fact, enumerates the methods by which an AGPS device may receive assistance, you asserted that AGPS only refers to the technique of optionally downloading an almanac from a network resource instead of an orbitally transmitted signal. Again, you were incorrect.
Now that I've shown that you were incorrect, you want to object to raising irrelevant points? My only point was that the device uses AGPS, and that AGPS is not standalone GPS -- that in some ways it is inferior. I showed those ways because you asked, not because the Apple implementation is encumbered by them.
Really? My Garmin device can locate itself without entailing the possibility of communicating my position to a third-party. There is no possibility that my checking my position can enable anyone else to know it as well. That's not true with AGPS.
That is one pretty significant way that standalone is superior.
If that’s important to you, sure. I’m, however, a bit foggy on the actual implementation of AGPS and don’t really know whether it actually sends your location info to a server. Would be nice to get some implementation details about that.
I think it was pretty clear that we were talking about performance – time until and precision of the first lock (which AGPS does improve), overall precision (which AGPS doesn’t improve) and so on.
Not really, since you have physical access to the file you can edit it. That should immediately disqualify it as evidence. I think this type of data normally is gathered from the phone company when used as evidence, then the involved parties can not tamper with the file.