Feeds

Apple squashes location tracking 'bugs' with iOS update

Cell tower and Wi-Fi database cache shrunk

Website security in corporate America

Apple has released an iOS update that changes the way its mobile operating system treats the database cache at the heart of the recent kerfuffle over the Jobsian location services.

On Wednesday, Steve Jobs and company pushed out iOS 4.3.3, saying it contains three changes to the operating system's "crowd-sourced location database cache", also known as "consolidated.db". According to Apple, the update reduces the size of the cache (by an unspecified amount), ensures that the cache is no longer backed up to iTunes when you connect to a PC, and deletes the cache when iOS location services are turned off.

Apple uses customer iPhones to build a database of Wi-Fi networks and cell towers that mobile applications can use to pinpoint the location of a particular device. This data is used in tandem with GPS in order to improve the speed and accuracy of location services.

When determining a phone's location, Apple downloads a portion of this database to the device, and this is stored in consolidated.db. "A small localized cache on the device is very helpful for speed," says Ted Morgan, CEO of Skyhook, a company that offers similar location services. "Rather than having to keep going back to the server, you keep a small subset of the reference data locally so that while you are within a 10 block area it just uses the local file until you move farther away...[This is] for speed and for not having to rely on a flakey cellphone network connection."

Last month, independent researchers released a report reporting that the Apple file may contain data on cell tower and Wi-Fi networks related to places you've visited a year ago or more. This data, it soon emerged, has long been used by law enforcement to determine the past location of phone owners. After the report sparked a media firestorm, Apple posted an FAQ on its website that addressed the database cache.

Apple acknowledged that the database cache gets backed up to iTunes when iPhones are synced, that it may store as much as a year's worth of data, and that it remained on the phone even when location services were turned off. But it called all three "bugs", vowing to make changes with a future update to iOS. Apple said it needed to store only about seven days' worth of data.

According to tests by independent security researcher Samy Kamkar, the iPhone was also collecting new data on cell tower and Wi-Fi networks when location services were off, and sending this data back to its servers. It's unclear whether the update stops these collections as well. According to Skyhook's Morgan, the collection of the data and the downloading of the cache to the phone typically work hand-in-hand.

Apple has acknowledged that consolidated.db cache is not encrypted, and it does not appear this has changed with the new iOS update. ®

Protecting users from Firesheep and other Sidejacking attacks with SSL

More from The Register

next story
Early result from Scots indyref vote? NAW, Jimmy - it's a SCAM
Anyone claiming to know before tomorrow is telling porkies
Home Depot: 56 million bank cards pwned by malware in our tills
That's about 50 per cent bigger than the Target tills mega-hack
Hackers pop Brazil newspaper to root home routers
Step One: try default passwords. Step Two: Repeat Step One until success
UK.gov lobs another fistful of change at SME infosec nightmares
Senior Lib Dem in 'trying to be relevant' shocker. It's only taxpayers' money, after all
Critical Adobe Reader and Acrobat patches FINALLY make it out
Eight vulns healed, including XSS and DoS paths
Spies would need SUPER POWERS to tap undersea cables
Why mess with armoured 10kV cables when land-based, and legal, snoop tools are easier?
TOR users become FBI's No.1 hacking target after legal power grab
Be afeared, me hearties, these scoundrels be spying our signals
Blood-crazed Microsoft axes Trustworthy Computing Group
Security be not a dirty word, me Satya. But crevice, bigod...
prev story

Whitepapers

Secure remote control for conventional and virtual desktops
Balancing user privacy and privileged access, in accordance with compliance frameworks and legislation. Evaluating any potential remote control choice.
WIN a very cool portable ZX Spectrum
Win a one-off portable Spectrum built by legendary hardware hacker Ben Heck
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
The next step in data security
With recent increased privacy concerns and computers becoming more powerful, the chance of hackers being able to crack smaller-sized RSA keys increases.