Tuesday, April 26, 2011

O'Reilly media researchers spreading Anti-Apple FUD... Right in time for the O'Reilly Where 2.0 conference

I have inspected the SQLite database file that contains this Location data that has recently been in the news.

If you have ever sync'd up and backed up your iOS device you can find the backups here:
/Users/[YOUR USER NAME]/Library/Application Support/MobileSync/Backup/

To find the database file run the command:
grep -R CellLocation *

You can then run the SQLite database through SQLite and check it out for yourself:
$ sqlite3 [FILE NAME]
SQLite version 3.6.12
Enter ".help" for instructions
Enter SQL statements terminated with a ";"
sqlite> .tables
CdmaCellLocation                   CellLocationCounts              
CdmaCellLocationBoxes              CellLocationHarvest             
CdmaCellLocationBoxes_node         CellLocationHarvestCounts       
CdmaCellLocationBoxes_parent       CellLocationLocal               
CdmaCellLocationBoxes_rowid        CellLocationLocalBoxes          
CdmaCellLocationCounts             CellLocationLocalBoxes_node     
CdmaCellLocationHarvest            CellLocationLocalBoxes_parent   
CdmaCellLocationHarvestCounts      CellLocationLocalBoxes_rowid    
CdmaCellLocationLocal              CellLocationLocalCounts         
CdmaCellLocationLocalBoxes         CompassCalibration              
CdmaCellLocationLocalBoxes_node    Fences                          
CdmaCellLocationLocalBoxes_parent  Location                        
CdmaCellLocationLocalBoxes_rowid   LocationHarvest                 
CdmaCellLocationLocalCounts        LocationHarvestCounts           
Cell                               TableInfo                       
CellLocation                       Wifi                            
CellLocationBoxes                  WifiLocation                    
CellLocationBoxes_node             WifiLocationCounts              
CellLocationBoxes_parent           WifiLocationHarvest             
CellLocationBoxes_rowid            WifiLocationHarvestCounts       


Yes, it contains cell location data in the CellLocation table and yes, it does also contain Wifi location data in the WifiLocation table but all this is old news.  This location data has always been around and has been available via the Core Location API's.  What we are looking at nothing more than log files.  My guess is that Apple is preparing up a formal statement and will put out an iOS update which will increase the purge time of this data so that fewer records are kept as well as fully turn off this logging if you choose to disable Location data in your iOS device settings.  But there is no evidence that Apple is collecting this data and submitting it to themselves (let alone any 3rd party).

I found a great write up from an expert in the field who has written a book on iOS Forensic Analysis prior to this recent research 'announcement.'  This is mostly anti-Apple FUD campaign. The 'announcement' of this 'discovery' by this particular group was timed for the Where 2.0 conference. Just a big publicity stunt by O'Reilly media that was blown totally out of proportion.  I wouldn't be surprised if Apple sued O'Reilly media for defamation.

UPDATE, April 27th at 11:08am:

Well, it looks like I was right and Apple did just release a press release.  In their press release, they do refer to this database as just a cache...  And like I guessed, they're putting out a quick update to iOS that will:

  • reduces the size of the crowd-sourced Wi-Fi hotspot and cell tower database cached on the iPhone,
  • ceases backing up this cache, and
  • deletes this cache entirely when Location Services is turned off.
And in the next major iOS software release the cache will also be encrypted on the iPhone.