Apple lässt consolidated.db im TimeMachine-Backup

Weil es ein paar Tage zu ruhig war, wäre es doch mal wieder Zeit für einen Aufreger:

Apple hat die ehemals in meinem iTunes-Backup enthaltene consolidated.db nicht aus meinem TimeMachine-Backup gelöscht! Wer meinen Mac samt NAS ownt, kann auch weiterhin meine vergangenen Beinahe-Standorte erschnüffeln! Skandal!

Frau Aigner, bitte übernehmen.

Earlier today two security experts and researchers, Pete Warden and Alasdair Allan revealed that Apple is logging each and every location of your iDevice since iOS 4. Researchers also clarified an important point that the file resides locally on the device but is never transmitted remotely. Apple, in short, does not receive these files in any case.

[NOTE* This is a different file than your location app — it is a tiny piece of software that resides in your phone, and is downloaded to your computer when you hook up to it.]

Most leading online tech blogs took this report seriously and blamed on Apple, that they were using this data intentionally, which isn’t true at all.

Anyway, Ryan Petrich, an independent iOS developer released a little tweak “untrackered” to clear all your location logs.  Tweak is 100% free of charge and no configuration is need after installation.

Install the tweak and be assured that nobody will know exactly where you’ve traveled on you lately.

You can install untrackered from Cydia.

[Gee, I wonder if they still know where you are while your call is being dropped!]

apple knows where you've been!

Lots of scandal in the technology press this past week about the discovery by Alasdair Allan and Pete Warden [a couple of computer security researchers] that our beloved iPhones are keeping tabs on us wherever we go, storing this information in a hidden file called consolidated.db on the phone and also backing it up to your computer, whenever you sync your phone with iTunes.

Apparently it is mentioned in the terms and conditions you sign up to, when you buy an iPhone that:

Apple and our partners and licensees may collect, use, and share precise location data, including the real-time geographic location of your Apple computer or device. This location data is collected anonymously in a form that does not personally identify you and is used by Apple and our partners and licensees to provide and improve location-based products and services. For example, we may share geographic location with application providers when you opt in to their location services

Alasdair Allan and Pete Warden have released a free app called iPhoneTracker, which you can download from their webpage, where they also give more information about how they discovered this sneaky shenanigans. iPhoneTracker will seek out the latest backup copy of the consolidated.db file stored on your comp and will display the info it contains on a map.  At the top of this post is the results i got, after running it on my comp.

[Unfortunately the fact that my life is such a tedious cycle of ‘work > home > work’ combined with the fact i havenae had my iPhone too long mean that my results are not as exciting as some of the ones published on the intarwebs, where people’s phones have been tracking them up and down the land]

Fear not though. Help is at hand.

If, like me, you’ve got a jailbroken iPhone, clever hackmeister Ryan Petrich has come up with a free hack called untrackerd [available through cydia], which you can install and which periodically deletes the consolidated.db file from your iphone, thus erasing your tracks.

If you want to get rid of the location info which your phone has already backed up to your comp, when you last sync’d with iTunes, you’ll have to dig a bit deeper into [or delete and then re-sync] your iPhone backup files which live in your user ~/Library/Application Support/MobileSync/Backup folder.

DISCLAIMER: In case you’re thinking that removing you iPhone’s ability to keep tabs on you means you can flit about the globe, sewing death and destruction all around, before disappearing into the shadows like a ninja; be aware that the location of all mobile phones can be tracked, even when they are switched off. The difference here is that the tracking is usually done and the data held by your phone provider, who are required by law to provide this info to cops, government etc. [AKA “The Man”] if requested. In the case of this iPhone scandal, the tracking is done on the phone itself, thus potentially making it available to anyone who gets hold of your phone.

iOS consolidated.db "flaw"?

I’m kind of getting sick of the big hoopla about the recently discovered (even though it wasn’t recently discovered at all) consolidated.db file which sits quietly in a publicly available iOS directory and is backed up every time you sync your phone. The file in question keeps a running log of dates, times and locations according to your GPS and wifi radios. I am all for getting up in arms if Apple has been actually collecting and doing something with this data without anyone knowing about it but the fact of the matter is, they aren’t. What really sucks, is that I have a feeling that this “bug” will get plugged with a future version of iOS and I personally think it’s a neat feature! I just pulled up a map of the last 6 months of my life and thought it was pretty damned cool. I agree that there should definitely be some sort of opt-out system that would purge this cache every so often, but I don’t want to have to do that. I’ll worry about my own security and make sure my iPhone and it’s backups stay out of the hands of wrong doers (heaven for big they see the extremely vague representation of locations data that I just saw on the map I made).

Bottom line. This is probably some oversight bug where a line of code wasn’t written to purge old location data. That’s perfectly plausible. But the data is so vague that it doesn’t really matter much. And without access to your computer or phone, no one can get at this information anyways. So plug the hole, Apple, but how about an opt-out strategy? I like it.