While it has been known for a while, news finally broke to the public yesterday that any model iPhone or iPad running iOS 4.0 or higher keeps a log file of its location, and that this file is copied to your computer every time you backup your device. The problem is actually deeper than that, though. This is a very serious privacy and security issue, IMHO. The articles on the Internet don’t really seem to be painting a great picture of what this means. So here’s my attempt… I hope it helps to clarify a few things!
Q: What’s going on?
A: All models of iPhone and iPad have been recording your location regularly into a file on the device. The news stories here specifically relate to iOS 4.x, but prior versions of iOS are doing the same thing, they’ve just been recording it into a different file. These files cannot be deleted, and this “feature” cannot be turned off. The information even persists from one device to another if you replace one phone or iPad with another and restore a backup.
The data being recorded includes at least the device’s location, the time of day, and a list of WiFi networks available at each of these locations. The file in and of itself does not contain your personal contact information, but it would be very easy to determine where you live or work.
Q: Does the phone send my location to Apple, or anyone else?
A: Not in and of itself. Apps on your phone can be given permission to access your location, and there is no way to stop them from uploading your location information, but this flaw in and of itself does not cause your location to be sent to anyone else; it is saved on your phone and computer, but not uploaded anywhere else, at least as a direct result of this issue. Jailbroken devices do not require that apps be granted permission to access location data; they can get to it anytime they want.
Q: Doesn’t that mean I’m safe?
A: Not necessarily. There are several ways that anyone who wants to can get to this data if they are persistent enough.
Q: What does that mean?
A: If you have jailbroken your phone, any app on the phone can gain access to the location data without your permission. In addition, a jailbroken phone that has not had its root password changed from the default is remotely accessible to anyone who wants to log in, and it is EXTREMELY easy to get to. This includes access to the location log file.
Apple has also had a poor track record of security on iOS devices. Hackers have been able to gain entry quite regularly ever since the device was first released (this is how some jailbreaks work, just as one example). If someone were to want to target you, it’s entirely possible that someone with moderate hacking skills could obtain this file, whether it be through your phone (because it is always on the Internet) or computer (through software installed there). Even if you haven’t been specifically targeted, once an exploit to a phone (or computer) is known, it is a consistent and regular practice of hackers to scan for vulnerable devices. Computers are a little safer if they are behind a router, but phones are connected directly to the Internet without a hardware firewall to isolate them from attack.
Q: What if I’m not running iOS 4.x on my phone or iPad?
A: While it hasn’t been widely mentioned in the news, iOS versions prior to 4.0 also log location data. The data is just stored in a different file in a different format. But it’s there.
Q: Doesn’t someone have to have physical access to my phone or computer?
For most people, this is the case. But not for everyone. If your device is jailbroken and you haven’t changed the root password, remote access to your phone (and this file) is available for anyone who wants to get in. It’s very simple to get to it.
As far as access to the data on the computer, ideally nobody else has access to your files remotely. But that requires that you keep your computer fully up-to-date and make sure you’re running current and high quality antivirus and antispyware software, even on Macs. Viruses and spyware could very easily gain access to this data, and make it available to third parties.
Q: How would I know if someone had gotten access to my data?
A: You probably wouldn’t have any way of knowing.
Q: What would happen if I lost my phone?
A: The chance isn’t high, but if someone with even moderate technical skills were to have access to your phone they could download the location data file and see everywhere you’ve taken your iOS devices since you got them. Even if the phone is locked with a password, there are very easy ways around this. Once your phone is in someone else’s hands, there isn’t really any guaranteed way of preventing them from getting access to your location data. If you have signed up for the Find my iPhone program or connect to an Exchange server, you could remotely wipe the phone and hope that nobody had downloaded the data before you sent the wipe command.
Q: Some people seem to say this isn’t worth worrying about. Is that true?
That depends. The chance that someone wants to get your location information specifically isn’t very high. My take on this is that you’re better safe than sorry. If you don’t care if anyone knows where you’ve been, you may not need to worry about this much. The chance that advertisers or hackers want location information in general is very high.
Q: What can I do to prevent my location from being recorded?
A: As of right now, the only thing you can do is turn off the phone completely (not just put it in standby) or put it in Airplane mode. But this obviously prevents you from using the phone. As long as the device is turned on and the cellular feature is turned on, it’s recording your location.
What makes this worse is that there is NO WAY to delete this file or turn the logging feature off. It’s built into the phone at a very low level and it can’t be controlled by any setting on the phone. iPhones have been recording this data for a very long time now, long before iOS 4 came out. Forensic scientists have known about this for a while, but it is only now being made public.
Apple has not yet released a fix for this issue, and they haven’t even stated yet if they intend to do so. We’ll just have to wait and see.
Q: I don’t believe it. Can you prove it?
A: Right now the only way to see for yourself is if you are synchronizing your phone with a Mac. In which case, you can download a piece of software and see the tracking data yourself. It probably won’t be long before someone writes a similar utility for Windows, and if I see any news on that front I’ll update this blog post. I’ve considered writing such a utility myself, but I have too many other things going on at the moment to bother.
Q: Does this affect other phones too?
A: This flaw does not affect other non-Apple devices. The same researchers that found the flaw in the iPhone have also investigated other popular phones and haven’t found any evidence that any other phones exhibit the same behavior.
Q: If I wipe everything on my phone, does that mean the data is gone?
A: Your prior location information will be deleted from your phone, but it will be restored if you restore a backup from your computer. In either case, the phone/iPad will start recording location data again, even after being wiped.
Q: Why should I care?
A: I can’t speak for you, but I’d rather my devices not record information about where I live, work, shop, and socialize. It’s bad enough that cell phone carriers record phone location continually; I’d rather that the location of my home not be recorded inside of a device that could be lost or stolen. Not that I have anything to hide, but I personally just don’t want that information out there available to anyone, especially companies that might be trying to sell me something.
Q: Can any steps be taken to protect myself?
A: Turn on the encryption feature for device backups in iTunes. That will at least prevent access to this data from your computer. There isn’t much that you can do to prevent access to the data on the phone other than stop using it. If you’ve jailbroken your device, at a very minimum change the root password, but I’d recommend removing the jailbreak entirely.
Q: Are you doing anything differently?
A: I don’t have an iPhone, but I am definitely going to be more selective about where I take my iPad. I protect myself very well against attacks against my computer, so I’m not too concerned about that. If I had jailbroken my iPad I would be taking that off right now.