Location tracking on the iPhone
Our iPhone location data research -- and how to use it
"We know where you live!" At least that's the claim that Apple can make following the discovery that their latest iOS 4 for iPhone & iPad has a tracking mechanism that continually records details of where an iPhone is located so long as the phone is left switched on. As well as being stored on the phone itself, this information is also automatically included in the backups made when you sync your iPhone using iTunes.
Although it's been known in the digital forensics world for a few months, the news broke to the general public after a report by security researchers Pete Warden and Alasdair Allan, and has sparked a furore on the Internet, with blog posts and tweets reacting to the news that your anonymity just got that little bit smaller. But is the news really that serious? How concerned should the average iPhone user be?
What location data is being tracked by your iPhone or iPad?
We've done some research into the issue and our conclusion is that the location data exposed in iTunes backup files is enough to cause some concern in certain circumstances. We analysed a phone which has about a year's worth of location data. In general terms it's possible to use this data to see broadly where the phone user was on any given day. For example, when the user went on holiday to the Maldives earlier in the year, you can see the phone location points jump from London to the Maldives. However, it's not as easy to drill down into much more specific locations.
Since the data appears to be derived from mobile phone base stations ("cell phone towers" for our American friends) the accuracy of the location points varies considerably. Within cities (or other areas where there are lots of mobile phone base stations) you can generally track a user to within a few hundred metres. In the countryside it's a different picture. In one example a user was in Portsmouth for a day, but the location plots showed the user during that day as variously being in Portsmouth, Southampton and the Isle of Wight! Moreover, it would appear that Apple chose for some reason not to store this data in real time. Instead, the location information is batched up and recorded on the phone typically once or twice a day.
This can mean that a user appears to be in several places at once, as three or four different locations can be recorded, but all with the same date / time. However, it's clear that there is enough data to provide a general picture of what a user has been doing. The police and security services could find the data invaluable in proving or disproving an alibi without having to go to the considerable expense of issuing a subpoena to the mobile networks for more accurate location data.
If you own an iPhone and are curious what information the phone shows about you, then we have updated iPhone Backup Extractor to extract location data into either CSV format (suitable for viewing in Excel) or KML format (which you can view on a map by using the free Google Earth software).
Since we recognise this is an issue that is causing many people concern, we've decided to incorporate this feature -- without restriction -- in the free version of our software. You can download the software from our site.
consolidated.db
: tracking location data
On iOS, the consolidated.db
file stores your phone, GPS and Wi-Fi location data. Allowing users to know what is being stored on a device isn't such a bad idea, and is an important principle to us, and bringing this to light is no bad thing.
Apple store a bit more than just latitude-longitude coordinates and a time-stamp in the device and backup. Below is a quick summary of what each table in that contains:
CellLocation
(orCdmaCellLocation
): timestamp (time and date), Latitude, Longitude, Horizontal accuracy, altitude (not set), vertical accuracy (not set), speed (not set)CellLocationHarvest
: phone operator (Orange, T-Mobile, O2, Vodafone), time-stamp (time and date), latitude, longitude, horizontal accuracy, altitude, vertical accuracy, speed, course (direction), confidence (accuracy percentage)LocationHarvest
: tripID, timestamp (time and date), latitude, longitude, horizontal accuracy, altitude, vertical accuracy, speed, course (direction), confidence (accuracy percentage)WifiLocation
: MAC address of Wi-Fi, time / date, latitude, longitude, horizontal accuracy, altitude, vertical accuracy, speed (not set), direction (not set), confidence (accuracy percentage)
There is some interesting stuff in this database, and not just the phone locations that are stored. The data stored isn't specifically related to the phone and signal. 3G and Wi-Fi locations are prevalent, and using GPS also logs location data. For example using 3G, BT OpenZone, or a similar Wi-Fi source on your travels will activate GPS usage on apps if switched, and will therefore store your location. Details about the Wi-Fi routers you connected to are also stored in the consolidation.db
file.
The accuracy of this data is only as good as the triangulation from the phone masts and GPS sources. Looking at the data stored on my iPhone I'd say the triangulation of my iPhone's location on the move isn't very accurate, but still within a mile or so of my location. GPS locations seem to be within metres -- if not spot on -- so it can be a bit hit and miss unless you decipher the differences in data. Accuracy will always make a big difference depending on how remote the location. The more built-up an area is, the greater the concentration of masts is, and therefore these readings are more accurate.
Where is the consolidated.db
file that stores location data, and how can I view it's contents?
Finding the consolidated.db
is simple using iPhone Backup Extractor:
The consolidated.db
database file is stored in /Library/Caches/locationd
, in the backup and on the iPhone. Apple use hex-encoded SHA1
hashes to store backup files after synchronising with iTunes, so the easiest way to access the file is using "Expert mode". This can be done like so:
- Open iPhone Backup Extractor
- Click the "Expert mode" button
- Navigate to the following folder
Library
→Caches
→locationd
- Tick the box next to the
consolidation.db
file - Click the "Extract selected" button and choose a location to save the file
- The consolidation.db file will be saved in this location in the following folder
\Library\Caches\locationd
If you wish to view the database file you'll need to use one of the following applications. Both applications are free, and by viewing the tables mentioned above you should be able to see location data with little technical knowledge.
Once you find any location reference points in the database, you can use Google Maps to plot the locations. Search using "Latitude, Longitude" and you'll find the locations entered.