Hi, Karen and all.
This has been extensively discussed on the iPhone lists. Here is a
message I sent to those lists with some methods to disable the saving
of the information. You may want to note a few things. First, there
is, as yet, no evidence that this file ever leavves the phone or
computer where it's stored. That doesn't mean it isn't being sent out,
but it does mean that people have looked and haven't found it being
sent out yet. Secondly, the file is stored on both the phone and any
computer which the phone has been backed up to. Therefore, encrypting
backups on the computer might be worthwhile to avoid anyone with
access to the computer being able to obtain the location information.
As it stands, and without evidence that the file is actually leaving
the phone/PC, this is a moderate security issue, in my view, rather
than a large one, or a large privacy breach.
HTH.
Aman
Hi, all.
First, as to a quick and dirty solution to this particular problem,
there are two. Both require the phone to be jailbroken. The first may
be found at
http://technicalmusings.blogspot.com/2011/04/ios-consolidateddb-workaround-for.html
and is as follows
Looks like Apple is tracking iOS devices an recording that info in clear text:
http://radar.oreilly.com/2011/04/apple-location-tracking.html
Here's a way to ensure this data is not recorded:
You must have a hacked iOS device, and either Mobile Terminal or an
SSH login. You must also know the root password. You first
remove/move this file,
and recreate it as a symbolic link to /dev/null like:
su
cd /System/Library/Frameworks/CoreLocation.framework/Support
rm consolidated.db
ln -s /dev/null consolidated.db
Anything written to this 'file' is sent to /dev/null, so it is not
saved on the file system. I've done this on a hacked device, and
Location Services
continue to work.
There is also a program which removes the file at intervals
http://www.ijailbreak.com/cydia/untrackerd-tweak-stop-your-iphoneipad-from-tracking-your-location/
Thanks to Rose Morales, @chicksdigmacs on Twitter, for the alert. I am
not sure about the accessibility of the program, if Rose or anyone
else would care to comment, I would be grateful. I cannot find any
source code for this program, so it's obvious that one should use at
one's own risk. The first method above does not, to my knowledge,
produce any insecurities, the commands given are normal. I am not
familiar enough with links/symlinks on iOS, however, to be sure that this
first method works properly without side-effects. This issue hasn't
been out there long enough to judge. At the very least, I suspect that
restoring an older backup would stop this method from working. Note
that I am not sure what anyone without a jailbroken iPhone can do
about this issue, I have seen no solution for non jailbroken phones.
Note, also, that this file can be accessed from iPhone backups on the
computer, so those should be encrypted or deleted. It can be accessed
with any of the usual tools for Jailbroken iPhones, and with most of
the forensic tools like
http://accessdata.com/products/forensic-investigation/mobile-phone-examiner
To spread out a bit, and deal with the problem more generally, people
ought to keep in mind, if I may suggest it, that mobile phones are
innately traceable. That isn't because anyone has made them that way,
it's because the phone company needs to know where to route the
information and where it's coming from. This is not something that
anyone can really work around, one can encrypt the information as it
passes, but cannot obfuscate the fact, to my knowledge at least, that
information is passing from and to a specific location. Usually, the
only people aware of the location information, however, are the phone
company and the companies/agencies to which they sell/give the
information. The problem in this case is that this file is stored,
unencrypted, on the phone and computer. By accessing the file, anyone
can get a history of the location of the phone, which might be useful
for many sorts of people, jealous spouses and stalkers who have some
sort of non-private access to the victim come to mind as just two
categories. I think this is more a security, rather than a privacy,
problem just at the moment, nobody has yet detected the sending out of
this file to anyone else, but that isn't conclusive simply because I
have yet to see a decent network sniffer for iOS. If anyone knows of
one, I'd love to hear of it. Anyhow, as it stands, when it comes to
privacy, this is just another reminder, in case one is needed, that
mobile phones are innately public, at least in their location data and
sometimes in everything else, too. If you dislike being tracked at
all, don't carry anything with a chip that can talk to the outside
world, or disable that chip by cutting its power.
Aman
On 4/22/11, Karen Lewellen <klewel...@shellworld.net> wrote:
We talked about the pop up ad possibility a while back, now it seems apple
is gathering data on your whereabouts?
here is the story.
TVBizwire
Researchers Say Apple Is Tracking Locations of Mobile Device
Users betanews
A team of researchers says Apple is secretly obtaining the
locations of iOS4 users and recording them in a hidden file,
according to a betanews.com report.
Two of the researchers, Alasdair Allan and Peter Warden of
O'Reilly Media, presented their findings today at the Where 2.0
conference in Santa Clara, Calif.
According to the story, the revelation raises "obvious privacy
concerns and questions as to why Apple would be storing such
information. The researchers believe it is intentional, as the
file is restored after backups and even when the user switches to
a new device."
The group says the functionality is apparently new to iOS4, the
mobile operating system that runs the latest iPad, iPhone and
iPod touch. The researchers have reportedly tried to contact
Apple's security team but had yet to hear back from the company.
The story reports: "Allan says that the existence of the file on
on your computer is a security risk, as it is both unprotected
and un encrypted. `It can also be easily accessed on the device
itself if it falls into the wrong hands,' he wrote in a blog
post. `Anybody with access to this file knows where you've been
over the last year, since iOS4 was released.'"
http://www.tvweek.com/blogs/tvbizwire/2011/04/researchers-say-apple-is-track.php
http://api.recaptcha.net/noscript?k=6Lcb_78SAAAAAHmtN74lHVK-IOutZhLRidl4tCzl
--
You received this message because you are subscribed to the Google Groups
"MacVisionaries" group.
To post to this group, send email to macvisionaries@googlegroups.com.
To unsubscribe from this group, send email to
macvisionaries+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/macvisionaries?hl=en.
--
You received this message because you are subscribed to the Google Groups
"MacVisionaries" group.
To post to this group, send email to macvisionaries@googlegroups.com.
To unsubscribe from this group, send email to
macvisionaries+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/macvisionaries?hl=en.
