This is a map of everywhere I've been for nearly the last year. Everywhere. I didn't carry around a special tracking device. The FBI isn't sending goons in unmarked vans to track me. All I did was use an iPhone. And if you have an iPhone, you're being tracked right now, too, whether you like it or not.
It turns out that all our iPhones are keeping a record of everywhere you've been since June. This data is stored on your phone (or iPad) and computer, easily available to anyone who gets their hands on it. Updated: 1:33 EST
And now, we're wondering whether the same goes for our other smartphones. The opt-in wording of phone location service agreements is pretty nebulous (as agreements tend to be). When starting up a fresh Android, you're prompted to agree to the following: "Allow Google's location service to collect anonymous data. Collection will occur even when no applications are running." We asked Google what exactly this meant, and they refused to answer on the record whether this "anonymous" location data is logged persistently, a la iPhone (The UK security duos says they haven't uncovered an file so far). But, importantly, unlike the iPhone, it appears to be totally opt-in for users. Microsoft told us the only locational data stored on your Windows Phone 7 device is your last known location, for use with the Find My Phone feature. We've also reached out to Apple and BlackBerry-maker RIM for similar clarifications on data collection, but haven't gotten a response yet.
We know that AT&T and other cellphone providers can always store this data, for any cellphone. And law enforcement can get to it when they need to. But I don't want this information bouncing around on my computer and in pocket, too, for no good reason, with no way to opt out. That's just not right.
The privacy startle, apparently enabled by this summer's iOS 4 release, was discovered by two security researchers, one of whom claims he was an Apple employee for five years. They're equally puzzled and disturbed by the location collection: "By passively logging your location without your permission, Apple have made it possible for anyone from a jealous spouse to a private investigator to get a detailed picture of your movements," they explain. All it would take to crack the information out of your iOS device is an easy jailbreak. On your computer, the information can be opened as easily as JPEG using the mapping software that the security experts have made for download—Try it yourself.
The data itself is jarringly accurate (most of the time). And even though it appears to rely on tower triangulation rather than GPS pinpointing (meaning you're probably not safe with location services switched off), the map I was able to generate with mapping software the security duo released visualizes my life since the day I bought my iPhone 4 in July. Everywhere I've been. Bus trips home. Train trips to visit family. Vacations. Places I'd forgotten I'd even gone. Zoom in on that giant blotch over New York, and you can see my travels, block by block. My entire personal and professional life—documented by a phone I didn't know was also a full time location logging device. It's all accessible—where I've been, and when. (The animated software doesn't show location linked to any duration of less than a week, so it can't be used to snoop that closely. But the actual underlying database is timed to the second.) I don't really have anything to hide, which is why I don't mind sharing my map above. But at least let me turn this tracker off.
For now, there is no fix. The only way to remove it from your computer is to wipe your back up files from your computer. But then you have no back ups to restore your phone in case you lose it. And every time you sync your computer, though, it'll create a new file. And if you do lose your phone, all your tracking data goes with it, right into the hands of whoever found it. And if you upgrade your phone to the next iPhone, the location tracking history goes with it. For now, the best to keep your location data safe is to encrypt your backup files—but that still leaves the roaming device itself vulnerable.
Until Apple stops doing this, or explains why they are doing it, I don't feel safe. I feel weird having all this data that I don't want recorded on my iPhone, and so do others. Maybe they're doing it for the government. Maybe it's a just a consequence of the background data-gathering functionality injected into iOS 4. Maybe they're doing it because they're forced to. So far, the researchers have found no proof that the information is being transmitted to remote servers hosted by Apple or the feds—although IT security expert Jonathan James has discovered tables in the dubious database labeled "Harvest" and "HarvestCounts." No further word on what that could mean. Right now there's still no hard evidence of this location data being transmitted—that's the good news. But that's still a lot of information on our phones about where we've been, whether or not we want it.
[Peter Warden via The Guardian]
Update 1, 12:48 PM EST: Security expert Kevin Mitnick says he's "Quite shocked and disturbed" by the revelation, noting that the logged data could be of great interest to a variety of entities—prying spouses, private investigators, and, he reckons, the government. He speculates that the existence of the log itself "could have been at the request of the government," as such data "can't be used for advertisements. It seems to me more to be a governmental request." He added, "I like to know what my device is doing." And, that the phone's logging of data was in this case like "carrying around a bug and a tracker at the same time."
Update 2, 3:37 PM EST: Google has declined to comment on the record as to the exact nature of their locational data collection.
Update 3, 5:32 PM EST: Microsoft tells us the only locational data they're storing on your Windows Phone 7 device is your last known location—a single data point that's erased as soon as it stores a new one.
Update 4, 5:50 PM EST: IT security expert Jonathan James has poked around inside the iPhone location database file in question and discovered tables labeled "Harvest" and "HarvestCounts," although their use is still unknown.
Update 5, 1:35 EST: John Gruber's got a reasonable-sounding explanation for the covert tracking: maybe it's just a bug.