It looks like you're using an Ad Blocker.
Please white-list or disable AboveTopSecret.com in your ad-blocking tool.
Thank you.
Some features of ATS will be disabled while you continue to use an ad-blocker.
My posting on my investigations into the content of the consolidated.db file on the iPhone has gotten some 40,000 views, so far, thanks to the magic of Slashdot. There have been a couple of worthwhile items that came up in comments, and I wanted to collect them into a follow-up posting here.
First, Alex Levinson, a researcher who’s done academic work on iOS forensics, posted an excellent column on this which probably deserved to make it to Slashdot more than mine did. It turns out that the existence of this file was not only known, but mentioned in Sean Morrisey’s book on iOS forensics, to which Alex was a contributor.
Second, even without a handy database of what is increasingly appearing to be cell tower and WiFi hotspot locations, people should be aware that their cell phone—as a simple consequence of its operation—”tracks” their movements, simply to enable the hand-off of the phone from one cel tower to the next. Your carrier maintains this information for some period of time, and will provide it to law enforcement in response to an appropriate subpoena.
Interestingly, a German politician, Malte Spitz, sued his carrier, Deutsche Telekomm, to get a copy of the records that they had maintained on him, and discovered that, between August 2009 and February 2010, they had recorded his geographical location some 35,000 times. Zeit Online has a fascinating visualization of Mr. Spitz’s movement and activities developed from this data.
Finally, and sadly, Brian Chen over at Wired has a follow-on to his original column where he gets off to a bad start by noting that people had been “spooked” by the revelation of the existence of this file on their iPhones, but without noting that it was his own headline the previous day—which claimed that iPhones were “tracking [their owners'] every move”, inaccurately as it turns out—which engendered a lot of the “spooking”.
If you’re concerned about this file’s being backed up to your desktop, I’d recommend that you turn on encrypted backups, which can be accomplished through iTunes, as this posting on Techland explains. I still haven’t got the slightest idea why people would be particularly worried about thieves getting this particular file off their desktops, but not (apparently) concerned about their address books, their email archives, their document folders or their calendars. People are strange.
1) Apple is not collecting this data.
And to suggest otherwise is completely misrepresenting Apple. I quote: Apple is gathering this data, but it’s clearly intentional, as the database is being restored across backups, and even device migrations. Apple is not harvesting this data from your device. This is data on the device that you as the customer purchased and unless they can show concrete evidence supporting this claim – network traffic analysis of connections to Apple servers – I rebut this claim in full. Through my research in this field and all traffic analysis I have performed, not once have I seen this data traverse a network. As rich of data as this might be, it’s actually illegal under California state law:
(a) No person or entity in this state shall use an electronic tracking device to determine the location or movement of a person.
I don’t think that’s a legal battle Apple wants to face considering the sale of over 100 million iDevices worldwide. That raises the question – how is this data used? It’s used all the time by software running on the phone. Built-In applications such as Maps and Camera use this geolocational data to operate. Apple provides an API for access to location awareness called Core Location. Here is Apple’s description of this softare library:
The Core Location framework lets you determine the current location or heading associated with a device. The framework uses the available hardware to determine the user’s position and heading. You use the classes and protocols in this framework to configure and schedule the delivery of location and heading events. You can also use it to define geographic regions and monitor when the user crosses the boundaries of those regions.
2) This hidden file is neither new nor secret.
It’s just moved. Location services have been available to the Apple device for some time. Understand what this file is – a log generated by the various radios and sensors located within the device. This file is utilized by several operations on the device that actually is what makes this device pretty “smart”. This file existed in a different form prior to iOS 4, but not in form it is today.
Currently, consolidated.db lies within the “User Data Partition” on the device. This is a logical filesystem that maintains non-system level privileges and where most of the data is stored. When you perform an iOS Backup through iTunes, it is backing up this partition. Prior to iOS 4, a file called h-cells.plist actually existed in the /root/Library/caches/locationd folder, but with hidden access from other software and applications. h-cells.plist contained much of the same information regarding baseband radio locations as consolidated.db does now, but in Apple Property List format rather than sqlite3. Through my work with various law enforcement agencies, we’ve used h-cells.plist on devices older than iOS 4 to harvest geolocational evidence from iOS devices.