Hidden iOS File Records Tracking Information

Thursday, April 21, 2011



UPDATE:  Apple Lied: Filed Patent for Mobile Device Tracking: Revelations of the patent application now confirm suspicions that Apple was quite aware of the storage of geolocation tracking data, that it was not merely a database of Wi-Fi locations, and the building of location histories on their customers was not due to a software glitch...

*   *   *

News of a hidden iOS 4 file that documents the location of Apple products running the operating system has garnered the attention of U.S. Senator Senator Al Franken (D-MN) who is now demanding answers from Apple.

The secret file records geolocation information derived from triangulating the location of a device using the signals from the closest cell phone transmission towers.

The existence of the hidden file was originally discovered last year by Alex Levinson who works at the Rochester Institute of Technology developing iOS "interrogation" tools for a company called Katana Forensics.

The firestorm of controversy about the existence of the tracking file did not begin though until researchers Alasdair Allen and Pete Warden announced they had "discovered" the tracking file recently at the Where 2.0 conference.

While news of the hidden tracking file may be new to consumers and many in the information security sector, the file has been well known and actively employed by those in law enforcement and the forensics field, who are able to cull data from phones that use iOS operating systems older than the iOS 4, according to Levinson.

"This hidden file is nether new nor secret. It’s just moved. Location services have been available to the Apple device for some time. Understand what this file is — log generated by the various radios and sensors located within the device. This file is utilized by several operations on the device that actually is what makes this device pretty 'smart'. Through my work with various law enforcement agencies, we’ve used h-cells.plist on devices older than iOS 4 to harvest geolocational evidence from iOS devices," Levinson wrote.

Senator Franken is concerned about how much data is being collected and who could possibly gain access to it. Word of the clandestine tracking by the iOS 4 prompted the Senator to fire off a letter to Apple CEO Steve Jobs demanding an explanation.

"Anyone who gains access to this single file could likely determine the location of the user's home, the businesses he frequents, the doctors he visits, the schools his children attend, and the trips he has taken over the past months or even a year... It is also entirely conceivable that malicious persons may create viruses to access this data from customers' iPhones, iPads, and desktop and laptop computers," Franken wrote.

Franken's letter includes a list of questions the Senator wants answered:

  • Why does Apple collect and compile this location data? Why did Apple choose to initiate tracking this data in its iOS 4 operating system?
  • Does Apple collect and compile this location data for laptops?
  • How is this data generated? (GPS, cell tower triangulation, Wi-Fi triangulation, etc.)
  • How frequently is a user's location recorded? What triggers the creation of a record of someone's location?
  • How precise is this location data? Can it track the users location to 50 m, 100 m, etc.?
  • Why is this data not encrypted? What steps will Apple take to encrypt the data?
  • Why were Apple consumers never affirmatively informed of the collection and retention of their location data in this manner? Why did Apple not seek affirmative consent before doing so?
  • Does Apple believe that this conduct is permissible under the terms of its privacy policy?
  • To whom, if anyone, including Apple, has this data been disclosed? When and why were these disclosures made?
Interest in the nature of the iOS tracking file comes on the heels of revelations that Michigan State Police have been using data extraction devices to collect information from the cell phones of motorists detained for minor traffic infractions.

The mobile forensics units made by CelleBrite have the ability to download the data stored on more than 3000 models of cell phone, and are capable of defeating password protection.

UPDATE:  MSP Statement on Use of Cell Phone Data Extraction Devices

"Infosec Island received a Twitter message from the Michigan State Police regarding an article about the MSP using data extraction devices to collect information from cell phones of motorists detained for minor traffic infractions. The official statement from the MSP is as follows..." (see link above for MSP statement)
Possibly Related Articles:
PDAs/Smart Phones
Apple Privacy geo-location Headlines Monitoring Law Enforcement Tracking iOS Triangulation
Post Rating I Like this!
Brian Ford How is this news if the vendor in question makes available a function called "Find My iPhone"? Apple has not hidden the fact that they can make available an iPhones location. I don't see how possible IOS tracking "coming on the heels of revelations" about Police using an data extraction tool is relevant or adds anything important to this post. I don't need the extraction tool; I have iTunes.
Anthony M. Freed There is a significant difference between pinging a mobile device to ascertain its current location and keeping a log of all locations a phone has ever been at.
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.