Thursday, April 21, 2011

So long, iPhone

I ordered one of these:

I've put up with not being able to manage it (i.e. load music on it) because I run Linux, and The Steve® doesn't want me to.  I've put up with Al Gore's Intarwebz not working because there's no Flash (because The Steve®) doesn't want it.

But it's not cool when you spy on me:

Security researchers have discovered that Apple's iPhone keeps track of where you go – and saves every detail of it to a secret file on the device which is then copied to the owner's computer when the two are synchronised.

The file contains the latitude and longitude of the phone's recorded coordinates along with a timestamp, meaning that anyone who stole the phone or the computer could discover details about the owner's movements using a simple program.
There's a program you can download to see where your iPhone has recorded you going.  The biggest concern is that apps that you run on your phone could access the data.  Apple has (so far) refused to comment.

Note that this information is derived from triangulating cell tower location, so turning GPS off won't make a shred of difference.

And guess what?  The EULA terms and conditions contain this gem, buried in the 15,000 words:
Apple and our partners and licensees may collect, use, and share precise location data, including the real-time geographic location of your Apple computer or device. This location data is collected anonymously in a form that does not personally identify you and is used by Apple and our partners and licensees to provide and improve location-based products and services. For example, we may share geographic location with application providers when you opt in to their location services.
Screw you, Apple.  You think that you can slip some Lark's Vomit into the chocolate collection, and that it's OK because you list the ingredient at the end after Monosodium Glutimate, you're idiots.  Trust is hard to establish, and easy to blow away, and with your attitude, you're not getting it back.

And all you iPad fanbois, it's keeping track of you, too.

19 comments:

JD said...

I love my droid phone. . . Never did trust Apple. Steve is a control freak I guess. . . good luck with the new phone.

Kodiak said...

"there should be a label WARNING LARKS VOMIT!!"

Matt said...

My iPhone contract is done in either July or August. I will give it up. I won't have a phone where I can't remove the battery and completely kill the GPS features and tracking software if and when I feel the need.

Anonymous said...

Not sure if you read this article, but these files were discovered by the forensics community quite a while ago. The current hype seems a bit shrill. Seems like a significant vulnerability, but I don't see any evidence that it is an intentional collection of data for Apple's purposes and I think it will be rectified relatively soon. Given that all this data is available on the isp side of the equation and, if it is not now, soon will be likely stored indefinitely, it seems that anyone who expects privacy in regard to location of a mobile device is exercising some serious wishful thinking.

https://alexlevinson.wordpress.com/2011/04/21/3-major-issues-with-the-latest-iphone-tracking-discovery/

Borepatch said...

Anonymous, my concern is that J. Random iPhone App can get the data.

Quite frankly, Apple has a long history of ignoring security issues. It may be likely that this was an inadvertent design flaw on their part, rather than an intentional intrusion into their customers privacy.

HOWEVER, it's quite disturbing that nobody thought to protect the data, and the iPhone EULA makes me quite suspicious indeed.

Net/net, I very much doubt that this will be "rectified" anytime soon. It may be patched, but we'll have to see if there will be an actual fix.

Given the prevalence of targeted attacks, this one gives me the willies.

Dwight Brown said...

I hate to seem like an iPhone defender (my current phone is an HTC Evo 4G), but:

Has anyone verified that similar data files do or do not exist on the Android phones?

I'm genuinely curious about this.

Alan said...

Android tracks your location too. All phones do it and even if they didn't the cell phone company does it too.

If you use a cell phone it's gonna get tracked. Only way to avoid it is to not use a cell phone.

Gordon R. Durand said...

There's tracking and there's tracking. The cellular network can locate you somewhere within a ten mile radius; it needs to in order to route incoming calls. Your phone's GPS can locate you within a few meters, but that's nobody's business but yours. Neither service needs to save yesterday's locations, much less last year's.

wolfwalker said...

The cell-tower network can get you considerably closer than that. I believe it's something like half a mile, and even closer when there are multiple towers to use for triangulation. There's also the fact that four or five years ago, the federal fungusoids started requiring that all cellphones have GPS reception capability, which 'emergency personnel' can use to find you as long as the phone is on.

Myself, I have been considering a smartphone (current cellphone is a flip-phone as basic as it was possible to get), but the iPhone is now definitely off the list.

Anonymous said...

The tracking in these files is the cell tower based location, not the gps data.

I think the concernshould indeed be more about 3rd party apps as opposed to apple itself. As for the government, they're going to get the data if they want it, eier from the isp or directly from the phone as the michigan state police are.

Anonymous said...

Lark's Vomit

Oh I see what you did there.

Jim

Bob said...

It doesn't look as if the Android is really any better.

ASM826 said...

Android phones are no better. The idea of a fully featured smartphone comes with the idea of tracking. If it can tell you where you are, it can tell someone else, too.

http://www.newser.com/story/116981/android-is-tracking-you-too.html

Dwight Brown said...

Following up to myself, Alan, Bob, and ASM826:

This tool claims to be able to read and parse the location information from Android phones. I have not verified this for myself yet.

The author (and other reports I've seen) state that only a limited amount of data is stored, but, again, I have not verified this for myself.

notDilbert said...

The Iphone GPS is not Differential GPS and is not that accurate. Under ideal conditions it good to about 100 meters, but more likely the accuracy is 1000 meters.

Thats why if you use the TomTom Nav app they recommend thier winshield holder which incorporates a much better GPS reciever that can pass a 6 decimal place fix to the App ( good for 1.1 meters)

prasad said...

We need not to surprise now a days because today's technology is very advanced so we need to develop our technology with a rapid speed then all of us can enjoy with so many other features like this.

Anonymous said...

Speaking of androids...

Jim

Anonymous said...

I thought you'd be smarter than this...

You: iPhone where am I?
iPhone: You are here Borepatch...
You: Sweet.
(Later)
You: Gah! iPhone knowz wherz I am?

How else would the "Find my iPhone" service work it it didn't know where it was?

Last place it was connected to the "net" was here... but we can't tell you where here is because we can't "track" it?

You've never written software that needed a cache?

Cell Phone: hmm - signal to tower A is weak, tower B weaker, tower C strong so I figure I'm here (911 service works on them old school ones too). Lets continue to look that up every few minutes just cause it's fun and we have plenty of battery life...

Or did I just miss the FUD from the lame stream media again?

Borepatch said...

Anonymous, it doesn't work like that. It's like this:

iPhone: Do you want to use "Find my phone"?

Borepatch: No, thanks.

(Later)

Borepatch: Gah! The iPhone has been uploading my position to Apple!

No opt-in. No opt-out. No asking, or even telling me that they're doing this, unless you say that 4000 words into a legal mumbo-jumbo doc is "telling me".

I don't.

Sure the phone needs to now where it is, but the uploading/tracking/backing up to J. Random Computer is complete and utter security/privacy FAIL.