Greatest Hits

Coyote Tracks

If you are drinking to forget, please pay in advance
A collection of thoughts and shiny objects, mostly (but not always) related to computers and technology. And cocktails. Brought to you by Watts Martin (@chipotlecoyote).

Elsewhere

Coyote Prints (writing blog)

Why Coyotes Howl, a short story collection: EPUB · Kindle/Print

Indigo Rain, an anthropomorphic fantasy/suspense novella: Print

  • April 20, 2011 11:34 am

    Don’t panic, but look a little nervous

    So the big Apple news going around right now is about the “recent” discovery of consolidated.db, a database stored on the phone that seems to track the phone’s location over time. From Christopher Vance:

    Every time iAds or an app that uses Location Services pings the GPS service, a new record is created in either the CellLocation or WiFiLocation table respective of what type of network was being used. There’s also a Timestamp column in each table for each record. In a recent test, I found over 8000 records of stored GPS data. By default, Location Services for all apps is enabled. Also, being enrolled in the iAds program is enabled by default. In fact, the only way to cancel your enrollment from the iAds program is to go to Apple’s website.

    I put “recent” in quotes because Vance’s article is from September 2010. This has been a subject of discussion in digital forensic circles for a while.

    Some people have rushed to condemn this as another sign of Draconian Apple Policy™—I find it wryly amusing that this was retweeted by a local Android-using friend who refers to iPhone uses as “fanboys” even while his Twitter avatar icon is based on the Android robot. And around the web, the typical suspects like ReadWriteWeb are doing the headless chicken dance.

    Others have rolled their eyes. What’s being recorded is what we were told was going to be sent to Apple anonymously in the iOS Terms of Service—the database records have nothing personally identifiable. If I handed you a dozen consolidated.db files, you’d be able to plot the movements of the phones associated with each file, but you couldn’t connect those files back to the phone.

    Even so, the file doesn’t seem programmatically necessary. Applications receive the location data that will be recorded in the most recent consolidated.db update as an event once, when the location changes. There’s no API call for “oops, I wasn’t paying attention, give me the last 20 updates again, please.” It’s possible that for behind-the-scenes reasons the location event queue needs longer persistence, but it doesn’t need to stick around when there are no applications running that are subscribing to it. And even in the most generous interpretation, there’s no reason for the file to stick around between phone restarts.

    What’s grating about this reporting is, as usual, the emphasis being placed on the fact that it’s an Apple product. The headlines are all variants of “Apple is recording your every move!” In fact, there’s no indication that Apple has any way to access this data at all—the only way to get it is to have access to your iPhone or to your iPhone backups, and to know whose iPhone the file belongs to.

    The forest that’s being missed for the Apple trees here? Go back to the observation I made about where this has been discussed: digital forensic circles. I don’t want to claim that consolidated.db exists to aid forensics investigations, but it’s digital manna from heaven for law enforcement (and hackers). Yet any phone you use stores information locally—and if it’s a smartphone, that can be a lot of information, from your calendar to your browsing history. Call me a bleeding heart if you will, but the amount of “digital fingerprints” we leave has increased exponentially over the last two decades, and that trend shows no signs of slowing down. Search and seizure tools are keeping up with technology—but laws and regulations intended to keep searches and seizures reasonable are lagging far behind.

    Oh, and incidentally? Android geolocation using GSM network:

    We introduce a new forensic technique that allows to collect users’ past locations on most current Android phones, within a few seconds. It becomes possible to tell where the user was at a given time, or where a phone call took place over the last few hours or days.

    You’re welcome.

    1. eyelashes-lincoln reblogged this from chipotle
    2. jet-table-saw reblogged this from chipotle
    3. android-application reblogged this from chipotle
    4. canon-slr-reviews reblogged this from chipotle
    5. seo-victoria reblogged this from chipotle
    6. -power-tool-reviews- reblogged this from chipotle
    7. revitol-stretchmark-removal reblogged this from chipotle
    8. xmyfuckingmurderx reblogged this from chipotle
    9. acheter-ps4 reblogged this from chipotle
    10. maillots-football-2012 reblogged this from chipotle
    11. film-etirable-vaucluse reblogged this from chipotle
    12. aarav-h reblogged this from chipotle
    13. chipotle posted this