So the big Apple news going around right now is about the “recent” discovery of
consolidated.db, a database stored on the phone that seems to track the phone’s location over time. From Christopher Vance:
Every time iAds or an app that uses Location Services pings the GPS service, a new record is created in either the CellLocation or WiFiLocation table respective of what type of network was being used. There’s also a Timestamp column in each table for each record. In a recent test, I found over 8000 records of stored GPS data. By default, Location Services for all apps is enabled. Also, being enrolled in the iAds program is enabled by default. In fact, the only way to cancel your enrollment from the iAds program is to go to Apple’s website.
I put “recent” in quotes because Vance’s article is from September 2010. This has been a subject of discussion in digital forensic circles for a while.
Some people have rushed to condemn this as another sign of Draconian Apple Policy™—I find it wryly amusing that this was retweeted by a local Android-using friend who refers to iPhone uses as “fanboys” even while his Twitter avatar icon is based on the Android robot. And around the web, the typical suspects like ReadWriteWeb are doing the headless chicken dance.
Others have rolled their eyes. What’s being recorded is what we were told was going to be sent to Apple anonymously in the iOS Terms of Service—the database records have nothing personally identifiable. If I handed you a dozen
consolidated.db files, you’d be able to plot the movements of the phones associated with each file, but you couldn’t connect those files back to the phone.
Even so, the file doesn’t seem programmatically necessary. Applications receive the location data that will be recorded in the most recent
consolidated.db update as an event once, when the location changes. There’s no API call for “oops, I wasn’t paying attention, give me the last 20 updates again, please.” It’s possible that for behind-the-scenes reasons the location event queue needs longer persistence, but it doesn’t need to stick around when there are no applications running that are subscribing to it. And even in the most generous interpretation, there’s no reason for the file to stick around between phone restarts.
What’s grating about this reporting is, as usual, the emphasis being placed on the fact that it’s an Apple product. The headlines are all variants of “Apple is recording your every move!” In fact, there’s no indication that Apple has any way to access this data at all—the only way to get it is to have access to your iPhone or to your iPhone backups, and to know whose iPhone the file belongs to.
The forest that’s being missed for the Apple trees here? Go back to the observation I made about where this has been discussed: digital forensic circles. I don’t want to claim that
consolidated.db exists to aid forensics investigations, but it’s digital manna from heaven for law enforcement (and hackers). Yet any phone you use stores information locally—and if it’s a smartphone, that can be a lot of information, from your calendar to your browsing history. Call me a bleeding heart if you will, but the amount of “digital fingerprints” we leave has increased exponentially over the last two decades, and that trend shows no signs of slowing down. Search and seizure tools are keeping up with technology—but laws and regulations intended to keep searches and seizures reasonable are lagging far behind.
Oh, and incidentally? Android geolocation using GSM network:
We introduce a new forensic technique that allows to collect users’ past locations on most current Android phones, within a few seconds. It becomes possible to tell where the user was at a given time, or where a phone call took place over the last few hours or days.