It appears that unlike Apple, this isn't unlimited:
// Cache sizes
private static final int MAX_CELL_RECORDS = 50;
private static final int MAX_WIFI_RECORDS = 200;
Edit: Seems like another very important difference is that the Android cache only keeps track of your last timestamp at a given tower. Even if this cache was unlimited it couldn't be used to plot someones position over time.
The unlimited size of Apple's cache is probably just a mistake. It makes no sense to store it on the device for tracking purposes. I assume they log this info when the device requests the info from Skyhook (or whatever location provider they have now) anyway.
I can confirm that the Android cache.cell and cache.wifi lists are very limited. I just checked mine using your parse.py, and was only able to see 50/200 total records respectively. My cell data only went as far back as 13 days ago.
"The unlimited size of Apple's cache is probably just a mistake."
I think this is what concerns people most. This "mistake" has your triangulated location based on cell towers tracked for years and years, across multiple devices, when there really is no recognizable need to store/cache this much location data for this long. It seems, judging by the above linked source-code, that Android has it right on this one.
I ran the program and looked at my iPhone dump, and it is not that exact and I live in NYC. It truly appears to just tag position of towers. Where it shows the dots for me is not exact or even close positions most of the time, and even locations that I've never been to but the nearest tower I must've connected to.
Which is helpful for me since I've long suspected AT&T has a dearth of towers in my section of the UES, maybe I can get a microcell out of this, haha.
Also iOS no longer uses Skyhook as of iOS 3.2. Plus Skyhook is for Wifi access point location data, not cell-tower location data. Apple uses its own database for that now which you consent to update with your location data. http://www.f-secure.com/weblog/archives/00002145.html
"OMG APPLE TRACKS US!!" thing going on is overblown
It isn't -- consumers should be aware that these services represent a net loss for their privacy on the long term.
If a device tells you that it is tracking you; eventually giving you the possibility of opting out, deleting all tracks of you on request, then it's fine by me. But otherwise it isn't, and this practice should really stop.
And here I was a couple of months ago, thinking about how cool / evil would be to make an app that tracks someone's route for spying purposes (like your girlfriend for example). Apparently iPhones give it away for free, no extra work required ;-)
Not only jealous boyfriends -- give your employees iPhones, and they'll surely synchronize it at least once a month on your company's computers ;)
Phones with GPS incorporated can be mindbogglingly evil -- just think about the costs involved in hiring a private eye to track the daily route of someone, day after day, for a whole month. People don't do it because of the costs involved and because an incompetent can blow away his cover.
iPhones are equipped with GPS, and that data is there, waiting for you to retrieve it. You don't have to do anything special about it -- you just have to gain access to that iPhone somehow.
I'm not accusing Apple of anything, I really think it was just a minor slip-up on their part. But these things are dangerous ;)
Except, if the employee never uses any location services on the phone, none of the data is ever created/stored in the first place ... at that point you still have gained nothing.
The only records I have for example are from when I explicitly had Google Maps open, no other program on my iPhone has my permission to use the location based services, and as such it didn't track where I was going at all.
The latest entry in any of the tables on my phone (and I've been out of my usual locations for a while now) (CellLocation, WifiLocation) are from almost 4 days ago, which is the last time that I used Google Maps to get directions to chines buffet I was meeting a co-worker at.
If this was being tracked even when using non-location services wouldn't that be updated every time I pass by a new cell tower? Wouldn't it know about the trip I made with a co-worker to a town I've never been to before?
Can you point me where in the tables there is data (based on timestamps) that is updated more often and kept around?
You don't necessarily even need their phone, you could use your own phone as the tracking device and have the person willingly, but unwittingly deliver the data. Just "forget" your phone in their car before you suspect something and after a the suspected event, ask for it to be returned.
It makes no sense to store it on the device for tracking purposes.
It would make sense to store this information on a server, so why aren't they? Is it a mistake, or are there laws that preclude this? Maybe it's track now, figure out what to do with it later. The data is extremely valuable.
Isn't it possible to plot someone's position over time, no matter what phone you have? I mean the carriers know which towers you've connected to and when, they have all the info you need to track someone, even across multiple phones.
and only your wireless carrier. Now anyone who you lend your phone to while you take a bite to eat can read your location data. Or Apple. Perhaps if it's not encrypted, and there's an iOS vulnerability, anyone could read the data. Not just your wireless carrier.
That's why this is a big deal. Why store this data? If it most be stored, why has no effort been put in to keeping it safe? Just because one company could read it before doesn't mean that it's okay others can too. We naturally assume (and rightly so) that our wireless carriers can and do track our every move. But we "trust" them; we sure as hell don't trust anyone else.
Edit: And it's even creepier that this was secret. It's not like we're getting mad at official Apple TOS or policy; they didn't tell us they were tracking our location and storing the data forever and ever. Fuck that, that's scary and unpleasant.
The FBI has my FBI file and only the FBI file. By this logic, I shouldn't FOIA for my FBI file because someone could break into my house and steal it.
Also, I carry a lot more sensitive information on my phone than the cellphone towers it talks to-- I suspect this is the same for most people. Anybody that's installed, say "Mint" on their iphone, has used the "email" application, or sent the occasional drunken SMS message probably has a lot more to worry about than the location data stored on their phone.
I guarantee you I protect the data on my phone a lot more than Apple does. Apple sells it. Here's an opportunity for me to sell it too.
the problem i have with this is given the recent michigan ruling saying police can dump, retain, and peruse data from a cell phone during a traffic stop, this gives access to far more data than should be possible without a warrant, without "physical possession of the phone" in the sense of actual seizure.
I don't think anyones concerned that it tracks you with cached data (47 entries in github example, date spread would imply ~ 1 month) -- the concern w/r/t apple is that there seems to be no limit to the amount of logging retained.
I won't get into paranoia mode, or conspiracy theories, _but_ I am fine with either phone being aware of my location, and even my recent movements (subject to disclosure) -- I am NOT fine with that log being undisclosed and perpetual
Except it's not tracking your location, it's tracking cell towers. I'm sure a lot of cell phones do this, to a different degree of "log length". The issue I have with a perpetual log of cell towers is not a privacy one, it's a space one (how long will the log be in a couple of years).
But hey, I'm not stopping anyone from hopping into the most recent episode of the iPhone hating bandwagon. It's what makes the internet go round (any hate bandwagon for that matter)
I thought normal users (who haven't rooted their phones) wouldn't have easy access to the root filesystem. I just looked on my phone (just by plugging it into my computer and putting it in filesystem mode), and looked, and I don't see the folder he's talking about.
Because I can grab your phone, plug it in and have all of your history. If you grabbed my phone running 2.3.3 on the Nexus S... it would be impossible to get to that data without going through the entire bootloader unlock process which is obviously invasive.
Imagine scenarios where people are reading your location data. Authorities, governments, espionage... all of them would be largely foiled due to the fact that root access is required and gaining that root access would leave trails.
Do I really have to explain the difference between data easily accessed via usb and data that is stored in protected areas of the rom on an Android device? Spot on with your comment voting there HN. Thanks as usual.
It's a cell phone. Much easier to misplace, lose, have fall out of your pocket, etc than any other computing device.
Again, it's not in the same realm considering that it's protected inside the ROM of the phone. Even if you HAD my Android phone, it's not game over. Please, go buy a Droid X, upgrade to the latest OTA rom for which there is no root exploit.
Then try to get into the (already very limited) timestamp/tower data on my phone. You won't be able to. That's my point. On the other hand, with your iPhone, like I said, "I've already got your phone" and it's game over for your location data.
How about just girlfriends, bosses, etc? Anyone with a usb cable and another mobile phone or laptop knows (roughly) exactly where you've been going for months.
I'd argue that is it neither, but is instead so that both Apple and Google can eventually offer localized and personalized marketing dependent on the area that your phone is reporting that you are in or have been in fairly frequently. An example would be giving you a discount code for that restaurant that you have passed by 4 times in the last 2 weeks at around dinner time. This is part of my theory about why apple is building the enormous data center in NC.
I may be wrong but looking at the code and example data it seems that the Android cache only keeps track of the latest time stamp at a given cell tower so it wouldn't know the frequency of visits in an area. This is definitely a possibility for the iOS cache but I can't imagine this would bode well for the privacy-conscious folks.
I agree, but at the end of the day anyone that is that concerned about their privacy and even remotely tech savvy will be able to find a way to opt out. A friend sent me the below article about a utility for jail broken phones that can be used to get rid of the tracking data. In regards to the Google data, does it appear to you that the latest timestamps are transmitted anywhere? The way Google rolls I would speculate that they would use timestamps and location with their amazing maps resources and cloud storage to independently store all of the metrics.