[liberationtech] iPhones/iPads secretly track 'scary amount' of your movements
Nathan Freitas
nathan at freitas.net
Thu Apr 21 12:31:48 PDT 2011
On 04/21/2011 02:51 PM, Ian Gallagher wrote:
> As Rafal mentioned, it's certainly not only the iOS devices responsible for recording and retaining this data - here's a quick example that someone put together to demonstrate that similar data also exists on Android phones:
> https://github.com/packetlss/android-locdump
Good work, but I think it is useful to point out, that even though
similar data exists on Android, the actual implementation of how and
where this data is stored (or not) shows how subtle decisions in
implementing features by engineers can make a world of difference.
1) The README states "You will need root access to the device to read
this directory."
I believe the location data on iOS was stored in user data space
readable by any app without special permissions. That was a chief
concern of the O'Reilly post, not just that the data existed. This means
a malicious app without root permission on Android could not access this
location cache, though a law enforcement professional with the right
hardware would most likely be able to.
2) I checked my own personal Android device
/data/data/com.google.android.location/files and it was empty. This is
because I have the location features turned off in Android preferences.
I don't believe there is a similar way to turn the data collection off
in iOS. Again, I don't mind if this data is there, so long as I can
choose when to turn on and off its collection.
3) All in all, based on my experience with Android development, this
seems much more like a short term cache, and not an endless log, but
we'll have to dig further on a device with location enabled to determine
that. It isn't being synced to a desktop in anyway, or otherwise leaving
the device.
> I wouldn't be at all surprised if most other phones log and retain similar information on the client-side.
A survey of location data retention on all smart or feature phones with
GPS and CellID based location capability should definitely be done.
+n
More information about the liberationtech
mailing list