April 23, 2014

Apple Releases iOS 4.3.3 to Fix Locationgate Bugs

iOS 4.3.3 has been released to fix the so-called Locationgate tracking bugs that have caused Apple so much recent controversy. This update fixes the bugs which caused iPhones to store up to a years worth of cell tower information which is then synced with iTunes.

A few weeks ago Alasdair Allan and Pete Warden released a proof-of-concept application for Mac OS X that demonstrates how the iPhone is tracking its location.

Apple responded with a press release saying that the iPhone is not logging its location. Rather, it’s maintaining a database of Wi-Fi hotspots and cell towers to help the phone rapidly and accurately calculate its location when requested. In other words a cache. They also promised a software update which is what has been released today.

The update contains changes to how iOS manages this crowd-sourced location database cache. Specifically the update:

  • Reduces the size of the cache
  • No longer backs up the cache to iTunes
  • Deletes the cache entirely when location services is turned off

Apple to Issue Software Update to Clear Cell Tower Cache

In the continuing controversy, that has now been dubbed Locationgate, about iPhones storing up to a years worth of cell tower information and syncing this with iTunes, Apple has now issued a press release to try and clarify the situation. In summary Apple is saying that the iPhone is not logging its location. Rather, it’s maintaining a database of Wi-Fi hotspots and cell towers to help the phone rapidly and accurately calculate its location when requested. In other words a cache.

The press release also deals with why this cache contains entries for more than a year. Apples answer, “the reason the iPhone stores so much data is a bug.” According to ZDNet, Scott Forstall (the senior vice president of iOS Software) has revealed that the problem is actually the size of the cache and not explicitly how long it holds entries for, “we picked a size, around 2MB, which is less than half a song. It turns out it was fairly large and could hold items for a long time.”

OK, but when a user turns off Location Services, why does the iPhone sometimes continue updating its Wi-Fi and cell tower data?  Apple says, “It shouldn’t. This is a bug, which we plan to fix shortly.”

Apple’s argument is that it is legitimate to store cell tower information on a short term basis n the phone but because of bugs in iOS too much data is being stored. Apple is promsing an update to iOS in the near future which will

  • reduce the size of the crowd-sourced Wi-Fi hotspot and cell tower database cached on the iPhone,
  • cease backing up this cache, and
  • delete this cache entirely when Location Services is turned off.

Apple is also promising that in the next major iOS software release (4.4? 5.0?) the cache will also be encrypted on the iPhone.

So is this the end of Locationgate? Please comment below.

 

Your iPhone is Watching You! New Proof-of-Concept App Shows How Your iPhone is Tracking Your Every Movement

Alasdair Allan and Pete Warden have released a new proof-of-concept application for Mac OS X that demonstrates that your iPhone is tracking your movements and recording the information. We have tested the application and it is 100% true, Apple are watching you!

Since the release of iOS 4.0 the iPhone has started storing cell-phone tower information and this information is copied to your Mac or PC when you sync your phone with iTunes. The application that Alasdair and Pete have released searches through your old sync data on your Mac and finds this cell-phone tower information and then displays it on a map, courtesy of OpenStreetMap.

How bad is this?

  • Other applications on your Mac can access this data.
  • Apple shouldn’t be collecting this information. Mobile phone operators collect tower information as part of their operations but it is private and it normally requires a court order to gain access to it. Your iPhone tower information is available to anyone who can get their hands on your phone or computer.
  • By passively logging your location without your permission, Apple have made it possible for anyone from a jealous spouse to a private investigator to get a detailed picture of your movements.
  • If you sell or exchange your iPhone the tower data might still be on the phone. My iPhone is second-hand and I have discovered that I now have a map of the movements of its previous owner going back to October 2010.

Was it right for Allan and Warden to release this app? They mention this on their site:

We did hesitate over the right thing to do in this case, but when it became clear that “Individuals familiar with iPhone forensic analysis will be quite familiar” with it, as Ryan Neal puts it and that at least one other person had tried to alert the public but apparently failed to make it clear what was going on, a demonstration application seemed the lesser evil.

Note: The application available from the iPhone Tracker site is for 64-bit Macs. If you have an early Intel Mac it is 32-bit only. I have built a 32-bit version here.

Are you worried about this? Please leave a comment below.