Researchers Disclose iPhone and iPad Location-Tracking Privacy Issues

A pair of security researchers today announced that they are sounding the privacy warning bell about the capability of iOS 4 to track the location of an iPhone or iPad on an ongoing basis, storing the data to a hidden file known as "consolidated.db" in the form of latitude and longitude and a timestamp for each point.

All iPhones appear to log your location to a file called "consolidated.db." This contains latitude-longitude coordinates along with a timestamp. The coordinates aren't always exact, but they are pretty detailed. There can be tens of thousands of data points in this file, and it appears the collection started with iOS 4, so there's typically around a year's worth of information at this point. Our best guess is that the location is determined by cell-tower triangulation, and the timing of the recording is erratic, with a widely varying frequency of updates that may be triggered by traveling between cells or activity on the phone itself.

While the consolidated.db file has been known for some time and has played a key role in forensic investigations of iOS devices by law enforcement agencies, the researchers note the data is available on the devices themselves and in backups in unencrypted and unprotected form, leading to significant privacy concerns. Once gathered, the data is saved in backups, restored to devices if necessary, and even migrated across devices, offering a lengthy history of a user's movement.


Data points pulled from iPhone backup

The researchers, Alasdair Allan and Pete Warden, have also put together a downloadable application that allows users to view the location data stored in backup files on their computers. Allan and Warden have reached out to Apple for comment but have yet to receive a response, and in the meantime recommend that users encrypt their iPhone and iPad backups for increased security.

Related Roundup: iPad
Buyer's Guide: iPad (Buy Now)

Top Rated Comments

(View all)
Avatar
123 months ago

With respect to all the "view with alarm" postings that will follow, this really doesn't mean anything. I leave my home at the same time every morning. The transponder in my car records my passage and debits my account with the state highway department. Traffic cameras record my license plate at several points during my journey. Once out of the car, my smiling phiz can be seen on any number of CCTVs en route to my office, whose door I open with a card that automatically records my entry. The IP address of this posting will reveal that I am sitting in my living room as I write. Even without the GPS turned on, my phone regularly initiates a conversation with the local cell tower. I can be found with almost pinpoint accuracy.

So I'm not exactly going to panic to learn that my computer and phone keep a record of my latitude and longitude that they don't share with anyone else.

The government already knows where I live, where I work, where I bank, and all kinds of other interesting information. It's how they collect their taxes and send me my mail.

If there were the slightest indication that liberals, atheists, and other enemies of the state were being tracked by their GPSes and rounded up, I'd be the first to the barricades. But there isn't. Our privacy is not based on "nobody knows", it's based on "nobody cares."

Glad I am not the only person that feels this way. I do not appreciate having another method I can be tracked but at no point I am truly untrackable. The devices in Michigan seem to be a much bigger issue than someone else knowing what time my last trip to subway was at.

I feel sad for people who think it's okay for corporations, governments, or any organization to track and log your every move. Even when they apparently don't even bother to protect this information.

If you feel it's okay to be tracked like a tagged animal, that's your right. If you don't value yourself enough to think your privacy is important, go right ahead and feel that way.

But for the rest of us who believe in basic human rights, please don't help erode what little right to privacy we have left. Just because you don't care personally doesn't mean it's not a valid concern. I want the option of not having my every location logged unencrypted on my phone, and from the sound of many posts on this thread, I am definitely not alone.

The idea of a person truly having privacy is almost a joke. This little bit that we have left I feel is more of an illusion than something we actually have. People seem to be more than willing to track their entire lives on the internet without even being asked to do so. If you want some privacy the closest you are going to get is moving out into the country without a phone, gas, or electricity and live off what you can grow or hunt. Otherwise you are already tracked beyond what anyone that thinks about it should probably be comfortable with. This will not change what you will do in the next little bit though. I am quite sure you are still going to at least continue to use your debit card.
Score: 1 Votes (Like | Disagree)
Avatar
123 months ago

so the program can not find the file. Does that mean my iPhone isnt tracking me?

I was just about to post the same thing; the application says that it couldn't find the consolidated.db file. I even tried syncing my iPhone once more and it still didn't help. An interesting note though - I own a Verizon iPhone. I wonder if that has anything to do with it.
Score: 1 Votes (Like | Disagree)
Avatar
123 months ago
Help! Help! The paranoids are after me!

With respect to all the "view with alarm" postings that will follow, this really doesn't mean anything. I leave my home at the same time every morning. The transponder in my car records my passage and debits my account with the state highway department. Traffic cameras record my license plate at several points during my journey. Once out of the car, my smiling phiz can be seen on any number of CCTVs en route to my office, whose door I open with a card that automatically records my entry. The IP address of this posting will reveal that I am sitting in my living room as I write. Even without the GPS turned on, my phone regularly initiates a conversation with the local cell tower. I can be found with almost pinpoint accuracy.

So I'm not exactly going to panic to learn that my computer and phone keep a record of my latitude and longitude that they don't share with anyone else.

The government already knows where I live, where I work, where I bank, and all kinds of other interesting information. It's how they collect their taxes and send me my mail.

If there were the slightest indication that liberals, atheists, and other enemies of the state were being tracked by their GPSes and rounded up, I'd be the first to the barricades. But there isn't. Our privacy is not based on "nobody knows", it's based on "nobody cares."
Score: 1 Votes (Like | Disagree)
Avatar
123 months ago

I love all the dopes quoting various disclosures in agreements that we've agreed to. Just because something is written into terms of an agreement, does not make it lawful. Apple could put in their T&Cs you agree to allow Apple to shoot you dead if you jailbreak your iPhone. Do you think that would be OK too since you agreed to allow it?


Well now we know you're not an attorney, or at least a good one.
Score: 0 Votes (Like | Disagree)
Avatar
123 months ago

The granted patent describes exactly what is stored in the db... Instead of hysteria people should think a little more before becoming Jawas.
They have simply developed a method of accurately triangulating the devices position based upon (probably 4) towers.

And both my points has nothing to do with what is in the DB, it has to do with the lifetime of this content in the database. I know what is in there, I just don't want it to be kept indefinitely, nor do I want it in the backups on my Mac, as probably a lot of the people that aren't happy this in thread want.

I also want it to be disabled if I ask it to.

After all the press this is generating, I'm sure Apple will tone done the logging/lifetime to acceptable parameters and then we'll be able to all Move Along and be happy with our shiny toys once again.
Score: 0 Votes (Like | Disagree)

Top Stories

Here's How You Can Download iOS 14 and iPadOS 14 Around the World [It's Out]

Wednesday September 16, 2020 2:36 am PDT by
Apple's official public release of iOS 14 and iPadOS 14 dropped on Wednesday, September 16, just a day after the company released the Golden Master to third-party developers. Also set to be made available to the general public for the first time are watchOS 7 and tvOS 14. Getting Started With iOS 14 Video Click image to watch iOS 14 Getting Started While that's left a lot of developers...

When Will the iPhone 12 Launch? Here's What We Know

Wednesday September 16, 2020 6:12 am PDT by
Yesterday's "Time Flies" Apple event saw the release of the Apple Watch Series 6, Apple Watch SE, iPad 8, and iPad Air 4, but no new iPhone models. Rumors before the event strongly alleged that it would not see the unveiling of new iPhones, with many reports pointing to an October launch. The lack of new iPhone models yesterday seems to confirm that the iPhone 12 lineup will not appear...

Apple Releases iOS 14 and iPadOS 14 With Home Screen Redesign, App Library, Compact UI, Translate App, Scribble Support, App Clips, and More

Wednesday September 16, 2020 12:48 pm PDT by
Apple has released iOS 14 and iPadOS 14, the newest operating system updates designed for the iPhone and iPad. As with all of Apple's software updates, iOS 14 and iPadOS 14 can be downloaded for free. iOS 14 is available on the iPhone 6s and later, while iPadOS 14 is available on the iPad Air 2 and later. The updates are available on all eligible devices over-the-air in the Settings app. To ...

Apple Releases Safari 14 for Mac Ahead of macOS Big Sur Launch

Wednesday September 16, 2020 1:40 pm PDT by
macOS Big Sur didn't launch alongside iOS 14, iPadOS 14, tvOS 14, and watchOS 7 today, with the update coming later this fall, but Apple did release the Safari 14 update for macOS Catalina and macOS Mojave users. Safari 14 brings improved performance, customizable start pages, a Privacy Report to see which cross-site trackers are being blocked, and a new tab bar design that provides tab...

Apple Updates AirPods 2 and AirPods Pro Firmware to Version 3A283

Monday September 14, 2020 11:24 am PDT by
Apple today released new 3A283 firmware updates for the second-generation AirPods and the AirPods Pro. The second-generation AirPods are being updated from the 2D15 firmware they were previously running, while the AirPods Pros are being updated from the 2D27 firmware they had installed previously. Apple does not provide details on what's included in refreshed firmware so we don't know what's ...

iOS 14 Picture in Picture No Longer Working With YouTube's Mobile Website in Safari [Without Premium]

Friday September 18, 2020 12:21 pm PDT by
Apple in iOS 14 added Picture in Picture to the iPhone, a feature designed to let you watch a video in a small screen on your device while you continue to do other things on the phone. When Picture in Picture was working with YouTube The YouTube app doesn't support Picture in Picture, but up until yesterday there was a functional workaround that allowed videos from YouTube.com to be watched...

Hands-On With the New Apple Watch Series 6 and Apple Watch SE

Friday September 18, 2020 1:19 pm PDT by
Today's the official launch date for the Apple Watch Series 6 and the Apple Watch SE, both of which Apple announced on Tuesday. We picked up a couple of the new models and thought we'd give them a quick look for MacRumors readers thinking of ordering a new watch. Apple Watch Series 6 & Apple Watch SE Hands-On! When it comes to design, both the $399 Series 6 and the $279 SE look just like...

iOS 14.2 Beta Adds New Shazam Music Recognition Feature for Control Center

Thursday September 17, 2020 3:36 pm PDT by
Apple today released the first beta of iOS 14.2 to developers for testing purposes, and the new update introduces a Music Recognition control for the Control Center. The new feature lets you discover music playing around you and it recognizes the music playing with in apps, even when you're wearing AirPods. Songs pop up as notifications, and you can tap to listen in Apple Music....

8 Third-Party Home Screen Widgets That You Can Try Out Now on iOS 14

Wednesday August 5, 2020 12:56 pm PDT by
One of the biggest new features of iOS 14 is Home Screen widgets, which provide information from apps at a glance. The widgets can be pinned to the Home Screen in various spots and sizes, allowing for many different layouts. When the iOS 14 beta was first released in June, widgets were limited to Apple's own apps like Calendar and Weather, but several third-party developers have begun to test ...

Apple Releases watchOS 7 With New Watch Faces, Family Setup, Sleep Tracking, Handwashing Help and More

Wednesday September 16, 2020 12:47 pm PDT by
Apple today released watchOS 7, the newest version of the watchOS operating system designed to run on modern Apple Watch models. The watchOS 7 update comes after several months of beta testing. ‌watchOS 7‌ can be downloaded for free through the dedicated Apple Watch app on the iPhone by going to General > Software Update. To install the new software, the Apple Watch needs to have at...