Much Ado About Nothing: The iPhone Tracking Scandal

22 April, 2011 06:29AM · 3 minute read

Every now and then something comes up for the mass-media to try and get some more pageviews/shock headlines and feed that fear, uncertainty and doubt whilst trying to clip off the tall poppies out there. Yesterday the tall poppy once again was Apple and their target: “consolidated.db”

This file is a log of all the cell towers the iPhone has used to get its location from for the last few months. The log file existed in iOS 3 on the mobile device only but in iOS 4 was moved into a directory that was backed up when your iPhone/iPad synchronises with iTunes which then put a copy on your local hard drive. From there two enterprising programmers [Alasdair Allan and Pete Warden] wrote the iPhoneTracker and the media storm began. It’s interesting to note the file was first described by Alex Levinson late last year. It’s not clear if Alasdair and Pete discovered this file themselves, unaware of Alex’s work or whether it was uncredited.

The two key points to me are: A) [To quote Alasdair/Pete] “There’s no evidence that it’s (the consolidated.db file) being transmitted beyond your device and any machines you sync it with."; and B) [again quoting the boys] “…location is determined by triangulating against the nearest cell-phone towers. This isn’t as accurate as GPS…” - No it certainly isn’t. Accuracy is really quite terrible though it can give a general sense of where you have been it will show your location to within a few kilometers/miles and hence maybe the nearest 2nd/3rd suburb perhaps. When I ran this on my Mac the nearest location point to my house was over 2klm away - hardly accurate to find out where I live.

The only reason people should be worried about this is if their spouse suspects them of flying to a different town during the week than they were told or something like that. The file can not be accessed beyond your machine and if you’re really worred then encrypt your iPhone/iPad backups.

The interesting thing is that people don’t think twice about searching for things based on location through Google Maps, or check in on Four-Square or Facebook and yet all of these take your exact GPS location, transmit it over the internet and in the latter two cases publish it for the world to see. The same is true of photos taken on your iOS device - they are GPS tagged and people upload them to all sorts of websites to share them. The list goes on…

To summarise: Apple aren’t collecting this information centrally - it appears to be just for local debugging or local usage only on your device/home computer. Should the average user be worried about this? I would say not. The locations are so vague and can’t be accessed without first getting access to your device or home computer that no one will be able to get them in the first place and if they do won’t be able to tell much specific about them. Encrypt your backups if you are worried.

That said, creating husbands/wives perhaps should be concerned. Thanks to Alasdair and Pete for bringing it to their attention.