iPhone 4 track user whereabouts silently

Posted by Alex Zaah filed under Cell phone tracking

Two security researchers Pete Warden and Alasdair Allan recently discovered that iOS 4 devices include iPhone and iPad are watching users secretly and silently. I also read somewhere that this happened to some iPhone 3GS and iPad as well, but it’s not confirmed.

The two researchers found that iPhone and iPad running iOS 4 and later record users’ location information include latitude and longitude in a file called consolidated.db with timestamps even if users do not use location based services. This has all been done without users’ permission and notice in advance. When you sync your iPhone with iTunes, the file will be transferred to your PC. What’s worse is that the file is not encrypted and unprotected at all. So anyone with access to your handset or PC will be able to read the file and show your locations on a map. If your iOS device was lost or stolen, the thief will know where you are working, where you eat, and where you have been.

According to the recorded data, iPhone 4 has been recording the GPS coordinates since iOS 4 was released last July. If you buy an iPhone 4 at the time or upgraded to iOS 4 or later, it recorded your whereabouts over the past year.

It’s still unclear why Apple was doing this; some speculated that Apple was testing some new features that may be added to iPhone 5. But since Apple did not upload the file into their own server, I do not see how this information will turn useful to Apple. They need to analyze the data first in order to take advantages of users’ location data. Meanwhile, Apple’s location service Find My iPhone can be used to achieve this goal easily as well.

It’s unknown how iPhone or iPad record the location data, either via GPS or cell  towers. So we do not know how to disable it at the moment. However, since the GPS coordinates are recorded, it indicates Apple was able to use GPS or other location database to determine the location. If they use cell towers, there is nothing we can do unless you turn off your mobile device.

Apple declined to comment on this matter so far.

If you are concerned about your privacy, there was an open source app called iPhone tracker made by Pete and Allan can help you to detect and locate the location file. You can download the app here; they also have a tutorial about how to use it and other information.

As I do not own an iOS device, I am not able to test it myself. But it’s said Android device have the same issue, and they upload your data to Google servers, which is really worrisome.

Update, Senator Al Franken and Representative Ed Markey have sent letters to Steve Jobs asking to explain the matter.

Update, iOS 4.3.3 was released to fix the “bug”. The new iOS will not sync the location file to iTunes and the size is reduced as well. What’s more important is that the file will be removed when the location service is turned off.

Copyright © 2009 Profone Tracking by Alex Zaah. All Rights Reserved.