Hacker News new | comments | show | ask | jobs | submit login

So after doing a quick analysis of the data on my iPhone, I've come to the conclusion that this isn't a huge issue at all.

First, I'll start with the WiFi data (WifiLocation table): Among the information captured is MAC, Timestamp, and Lat/Long. I have a total of 118,640 records in my table. I did a "SELECT DISTINCT MAC FROM WifiLocation", and got... 118,640 records. This tells me that it's not "tracking my every move" via Wifi location since there's a single entry for each MAC. The question might be, is it updating the Timestamp when I'm near a specific Wifi Network? My guess is no. I did the backup and analysis this morning, April 20th. Yet the last entries in my database are from April 16th. This tells me that it's not an always on tracker and that it's not updating timestamps.

Next, I looked at the CallLocation table: The same thing held true with this table. The last entry on my phone was from April 16th. Also, I have 6300 entries in my CellLocation table. I decided to start restricting the precision of the Lat/Long to see if there were duplicates that would indicate "tracking". At 5 decimal points, there were no duplicates. At 4 decimals, there were a handful that had 2 dups. At 3 decimals, there were more dups, with the most being 6. At this point I still had 5672 uniques. At 2 decimals, the most had 89 and I had 2468 uniques. At 1 it really went down, obviously, and I was down to 253 uniques. The other thing I noticed was that there was no regular timing of entries, and that when there were entries, a large number of them had the same timestamp.

So based on my analysis, this isn't a feature that enables detailed tracking of a user. It will allow you to see if a user has been in a certain location the first time, but that's the extent of it. For instance, I could see that I made a trip to Washington DC in late October of last year. But you can't really tell my movements around my home town with any amount of precision. My assumption, like others, is that Apple is using this to enable easier use of Location based services. I assume (which I'm going to test), that whenever a user enables a Location Based app (Google Maps, FourSquare), iOS updates this database with all local cell towers/wifi locations and the Latitude/Longitude. The more comprehensive the local database is, the quicker/easier it is for Location Based Services to help pinpoint a users location. Instead of waiting for GPS to spin up and get a satellite lock, it will be able to get a more accurate lock off of cell tower/wifi triangulation.

Great analysis which is the first I've seen to come up with a reasonable explanation for the existence of this file. Caching this data is a logical method by which to speed up location lookups.

However, there's no reason why this data should not be stored by default under the OS's "Data Protection" encryption as email is by default on devices where a passcode is set:


The problem is this data is being recorded without the user's knowledge or permission. (Unless it's a tiny line in the EULA I'm unaware of.)

If the data is being used to help the performance of Location Based Services, there is no need to keep years worth of data, that persists, and is backed-up every time you sync. Apple could simply keep a log of the last 4 or 5 data points.

Further, the data may not be super accurate, but that's only because the technology isn't good enough. If it were (and it will be eventually) that table would have pinpoint precise data. The precedent is being set right now. Is this ok? Personally I think this sort of behavior is unethical. Location tracking logs should be opt-in. It certainly shouldn't be hidden or a secret.

Unethical? Really? I don't think it is that at all. A mistake it isn't encrypted? Yes.

I think the fact that they're logging my location without my knowledge or permission for their personal interests (whether their exploiting it now or not), is unethical. The lack of encryption is just an implementation oversight on their part.

It is covered in the EULA. You did read the EULA right? The only issue IS the lack of encryption.

Relevant portion: http://pastebin.com/EdFJr6iU

Burying it in the EULA doesn't make it acceptable, it makes it sneaky.

I just ran the additional test I noted above. I went into Google Maps and had it locate my position. Then I did a new backup to look at the data again.

I had 9 additional records, all Timestamped identically, from while I was using Google Maps. However, there were 112 other records where the Timestamp was updated.

So again, it seems to only update the database when you use a Location Based Service. And it does update any existing records with a current timestamp.

Location tracking on iOS devices without GPS (for example an iPod touch) sometimes works without any internet connection (it nearly always works with an internet connection – WLAN access points are used to determine the approximate location), especially in urban environments (with a lot of WLAN access points). I always figured that iOS devices download location info on all the surrounding WLAN access points (maybe even those not in range – it seemed like that in my tests) as soon as you use location services and are connected to the internet.

This database could have something to do with that.

Yes, when you use the location services in, say, a new city then your device will download and cache the WiFi location data for a large radius around that initial lookup the next time it has an internet connection. It's pretty cool, actually.

That database isn't infinitely large, as unused location information will be removed as new location data comes in.

Android achieves this well, too. I guess Apple are just following Google's move (remember when Google recorded all the wireless access points with their streetview vans?)

I seem to remember this being talked about at one last year's WWWDC sessions.

I remember hearing this on reddit but the post is mirrored at http://www.volnation.com/forum/pub/127425-iphone-bug-2.html#...

'Look at the video for session 115, "Using Core Location in iOS". Skip to around 13:45 for the discussion of "Course Cell Positioning" where they discuss the cache in detail.'

Does the iPhone actually have real GPS, or is it just based on 3G towers?

It has A-GPS, which is inferior in some ways to true GPS, but is much more accurate than triangulating from towers (which it will resort to under certain conditions.)


The iPhone (3G, 3GS, and 4) and the 3G iPads have fully functional GPS hardware, and also use A-GPS to acquire a position fix.

If you've ever used a normal standalone GPS in one city and gotten on a plane and flown across the country and tried to use the GPS again, you'll know that it can take 5+ minutes to reacquire a fix that first time off the plane.

Assisted GPS seems to be a very poor choice of name. I have repeatedly met people who wrongly believe that Assisted GPS is not actual GPS.

Some AGPS devices cannot determine their own position from a satellite signal, whereas others can as long as they have received an almanac from a server in the recent past. It depends what you mean by "actual GPS". Some implementations are completely incapable of acting in a standalone capacity.

Here is what the Wikipedia article you linked to says: "Standalone" or "Autonomous" GPS operation use radio signals from satellites alone. A-GPS additionally uses …


I don't see how this contradicts what I said, which is that some AGPS implementations require assistance in order to accurately determine your location. Not every AGPS device can map radio signals to a lat-long; some can only do that with assistance.

It also lists some ways that various implementations require assistance:

Assistance falls into two categories:

Information used to more quickly acquire satellites

It can supply orbital data or almanac for the GPS satellites to the GPS receiver, enabling the GPS receiver to lock to the satellites more rapidly in some cases.

The network can provide precise time.

The device captures a snapshot of the GPS signal, with approximate time, for the server to later process into a position.

Accurate, surveyed coordinates for the cell site towers allow better knowledge of local ionospheric conditions and other conditions affecting the GPS signal than the GPS receiver alone, enabling more precise calculation of position. (See also Wide Area Augmentation System and CellHunter and openBmap.)

Calculation of position by the server using information from the GPS receiver

The assistance server has a good satellite signal, and plentiful computation power, so it can compare fragmentary signals relayed to it

That’s not what the article says. It says that AGPS devices are just like GPS devices. The only difference is that they use additional information to improve startup times.

Assistance is described as something that’s entirely optional. Why do you think that’s not the case? I googled around for a bit and it seems as though every source I can find tells me that AGPS is just like GPS if you have no data connection.

I'm sorry but I don't know how to make it more clear than I already said before: some AGPS implementations are not capable of operating in standalone mode. The Wikipedia A-GPS article states:

A typical A-GPS-enabled receiver will use a data connection (Internet or other) to contact the assistance server for aGPS information. If it also has functioning autonomous GPS, it may use standalone GPS, which is sometimes slower on time to first fix, but does not depend on the network, and therefore can work beyond network range, and without incurring data usage fees.[3] Some aGPS devices do not have the option of falling back to standalone or autonomous GPS.

I've added emphasis. The last point is all I was saying.

And what's your point pertaining to this discussion? Neither iPad nor iPhone are one of those devices.


So first, someone asked whether the iPhone triangulates position from cell towers or uses GPS. I responded that it does AGPS, and that in some ways AGPS is inferior to standalone AGPS.

You objected to this, saying that AGPS is "actual GPS" which, in fact, it is not. If by "actual GPS" you mean standalone GPS, then you are wrong. I correctly pointed out to you that AGPS is not a standard definition, but a name for one of a wide range of techniques which involve assistance from a third party in determining position. You, in fact, were incorrect.

Failing to comprehend the article from Wikipedia which, in fact, enumerates the methods by which an AGPS device may receive assistance, you asserted that AGPS only refers to the technique of optionally downloading an almanac from a network resource instead of an orbitally transmitted signal. Again, you were incorrect.

Now that I've shown that you were incorrect, you want to object to raising irrelevant points? My only point was that the device uses AGPS, and that AGPS is not standalone GPS -- that in some ways it is inferior. I showed those ways because you asked, not because the Apple implementation is encumbered by them.

Ew, mate, you are using the wrong words there. Fair enough, AGPS may be inferior in a few devices but usually it is superior (i.e. has better startup times and is exactly like GPS in every other way).

Apologies if my tone of voice turned you off. I am getting fatigued with this thread. I feel like the distinction being seized here is minor, bordering on pedantic.

Assisted GPS is better than normal GPS.

It uses towers to work out how to find the GPS satellites quicker than normal, and additionally can provide some location information when no GPS is available.

> Assisted GPS is better than normal GPS.

Really? My Garmin device can locate itself without entailing the possibility of communicating my position to a third-party. There is no possibility that my checking my position can enable anyone else to know it as well. That's not true with AGPS.

That is one pretty significant way that standalone is superior.

If that’s important to you, sure. I’m, however, a bit foggy on the actual implementation of AGPS and don’t really know whether it actually sends your location info to a server. Would be nice to get some implementation details about that.

I think it was pretty clear that we were talking about performance – time until and precision of the first lock (which AGPS does improve), overall precision (which AGPS doesn’t improve) and so on.

That is one pretty significant way that standalone is superior.


The majority of people just want to know where they are and the quicker the better.

Inferior in what ways?

My understanding is totally opposite, would you mind explaining a bit more?

It is better. He has no idea what he's talking about.

Actually I do. I answered the question on sibling posts.

This may be "good enough for legal work" if they want to associate you with the location of a crime/event.

Not really, since you have physical access to the file you can edit it. That should immediately disqualify it as evidence. I think this type of data normally is gathered from the phone company when used as evidence, then the involved parties can not tamper with the file.

That's not how law works. They don't require absolute proof like in math. This will be included as evidence - evidence is not proof, it's weaker.

You can claim "I edited it", which then weakens the evidence. Then they will look for other evidence, and try to look at everything as a whole.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | DMCA | Apply to YC | Contact