A computer forensic expert recently replied to Alasdair Allan and Peter Wardman by saying there is no secret about the existence of iPhone location tracking, and he published some information about it a few months ago.
The claim come from a senior engineer at Katana Forensics, Alex Levinson. As you most probably have heard already, the two programmers – Alasdair Allan and Peter Wardman – presented details of an iOS 4.0 database file, usually unencrypted, and created on the iPhone. This file is synced with the user’s Mac. The problem here is this file contains thousands of time-stamped latitude and longitude pairings, based on cell tower triangulation calculations. In other words: the iPhone (or iPod touch or iPad) tracks your every move. These two programmers made this information available by creating an open source application, the iPhone Tracker, which put the data on a map, so everybody (I mean here the user) can see the track of the device’s locations.
Wardman said in his blog post, that this ‘consolidated.db’ file was shocking news for them, because it can be utilized by forensic researchers. Further, he acknowledged that a French writer had already tried to raise awareness on this iPhone data file, back in the fall of 2010.
Levinson, in his reply, argues that Apple is completely misrepresented by the two researchers and the file is neither new nor secret. He discovered it and wrote about it in a research paper, and later in a book months ago.
He highlights the difference of definitions, saying that Apple is not collecting this dataset. He believes his disagreement with the two researchers might be a simple difference of definitions. They call it ‘intentional’, and maybe they are right as the file is preserved through multiple backups, because it is a database file.
Levinson defines ‘intentional data collection’ as “Apple pulls this information from your personal device over a network connection into its own servers.” He says there is no evidence that this is happening. Allan and Wardman say the same thing: no evidence.
Levinson explains the existence of this data file and why this dataset is being collected:
Built-in applications such as Maps and Camera use this geolocational data to operate. Apple provides an API access to location awareness called Core Location.
… You use the classes and protocols in this framework to configure and schedule the delivery of location and heading events. You can also use it to define geographic regions and monitor when the user crosses the boundaries of those regions.
Levinson argues that the file existed before iOS 4.0, under another name but it was harder to access even for forensics specialists. The iOS 4.0 made this file accessible for programmers to do some limited multitasking.
With iOS 4.0, Levinson points out:
Apps now have to use Apple’s API to operate in the background. … Because of these new APIs and the sandbox design of third-party applications, Apple had to move access to this [location] data. Users still have to approve location access to any application and have the ability to instantly turn off location services to applications inside the Settings menu on their device.